Senior Consultant

Role Overview

• Lead system security assessments within cloud-based environments in accordance with FedRAMP, FISMA, NIST SP 800-53, 800-37, OMB, and other authoritative IT security guidance
• Provide direction for scheduling, project sequencing, and resource management; assist with managing client expectations and performing project management
• Prepare, review, and/or update, and maintain IT Security supporting artifacts; provide IT security guidance to Information System Owners
• Identifying information security problems and challenges, researching and developing technical solutions to rectify them
• Execute, examine, interview, and test procedures in accordance with FedRAMP requirements and NIST SP 800-53A
• Ensure cyber security policies are adhered to and that required controls are implemented
• Validate information system security documentation to ensure FedRAMP and NIST control requirements are met
• Author recommendations based on findings to improve security postures compliant with FedRAMP and NIST controls
• Assist in the review and analysis of Security Authorization Packages for completeness and compliance with FedRAMP and NIST requirements.
• Participate in client interviews to complete Security Assessments.
• Ensure existing systems Security Authorization Packages remain up to date throughout the life cycle.
• Build a customer-focused relationship with client(s).
• Collaborate across multiple internal teams to ensure successful delivery of results based on scope of work.
• Establish standards and procedures to minimize risks.
• Drive working sessions with client to ensure expectations and direction are aligned and timelines are being met.
• Demonstrate ability to lead projects through the project lifecycle from initiation to project closure.

Requirements

• 5-8 years of experience in either auditing or consulting
• Strong FedRAMP and NIST experience (in order of preference): FedRAMP, NIST SP 800-53, RMF, FISMA, NIST SP 800-171/CMMC
• Strong written and verbal communication skills including the ability to explain technical matters to non-technical audiences
• Broad based IT background with a technical understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle.
• Excellent communication skills, both written and verbal with strong presentation skills.
• Ability to interact with clients and represent Emagine IT in a professional manner.
• Ability to successfully manage multiple tasks.
• Serve as a mentor to Associate Security Consultants and Security Consultants on best practices.
• Team player able to work well with others in a collaborative manner and is a self-starter who can work with minimum supervision.
• Work to continually build and improve solid and well-rounded practices and processes.
• Must have: Certified Information Systems Security Professional (CISSP)
• Must also have one (1) of the following: CompTIA Advanced Security Practitioner (CASP+) Continuing Education (CE)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Certified Incident Handler (GCIH)
• GIAC Security Leadership (GSLC)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Cloud Security Professional (CCSP)
• CISSP-Information Systems Security Architecture Professional (CISSP-ISSAP)
• CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP)
• CISSP-Information Systems Security Management Professional (CISSP-ISSMP)
• CyberSec First Responder (CFR)
• Certified Chief Information Security Officer (CCISO)
• Nice to have:
• Certified FedRAMP Inspector: Baltimore Cyber Range (BCR) Certified
• Must be certifiable within two (2) to three (3) months with training if BCR is not currently obtained

Tech Stack

• Cloud
• Cyber Security

Benefits

• Health insurance
• 401(k) matching
• Flexible working hours
• Paid time off