xRAMP Advisory, Senior Consultant

Job Description

xRAMP Advisory Senior Consultant

SecureIT is a leading provider of cybersecurity, cloud and compliance advisory services. We are committed to quality and the relationships that we build with our clients.

At SecureIT, you will have the opportunity to work alongside industry experts, tackling complex challenges to educate, guide and protect our clients. We foster an environment of continuous learning, professional growth and collaboration.

SecureIT offers an exciting and rewarding career path with an excellent benefits package. Reach out today if you're ready to join our impactful team!

We are currently hiring a Senior Consultant as part of our xRAMP Advisory team.

Responsibilities for this job include, but are not limited to:

Serving as the technical security and compliance subject matter expert on FedRAMP advisory engagements

Driving discussions with clients regarding key, complex, and technical FedRAMP areas (e.g., container security, boundary protection, FIPS 140-2 Validated encryption, phishing resistant MFA, DNSSEC, and DMARC)

Analyzing system boundaries and advising clients in accordance with FedRAMP boundary guidance

Providing technology-specific guidance and advice for commonly used Cloud platforms (e.g., AWS, Azure, GCP, etc.) and technologies (e.g., Windows, Unix, Docker, Kubernetes, etc.)

Explaining FedRAMP-defined requirements and conventions (e.g., rules that are not formally documented but are widely accepted and enforced) and helping cloud service providers apply them to specific environments

Identifying control gaps and providing comprehensive recommendations and guidance for client remediation including technical solution and tool options for network protection; MFA; vulnerability scanning; configuration management; malware, intrusion, file integrity, and allow-list monitoring; log correlation and analysis (SIEM); etc.

Advising clients on navigating FedRAMP's authorization processes, including timelines and Continuous Monitoring (ConMon) expectations

Performing quality assurance reviews of FedRAMP-required System Security Plans (SSP) and policies and procedure documentation and developing technical content for a subset of the most complex controls and SSP Appendices (e.g., Cryptographic Modules Table)

Helping clients plan for, establish, and execute regular ConMon processes and providing subject matter guidance on complex ConMon reporting issues, including risk acceptance requests, vulnerability downgrades, configuration deviations, etc.

Training and mentoring team members on FedRAMP requirements, cloud architectures, DevSecOps, and security tools and technologies

Requirements:

7-10+ years of progressive experience in technical security assessment/audit or advisory and/or security/cloud engineering with a compliance focus

5+ years' experience as a FedRAMP assessor and/or advisor

Bachelor's degree in computer science, information systems or a related discipline

Current knowledge of and experience with FedRAMP (rev. 5) requirements and expert-level knowledge of NIST 800-53 control families

Widespread understanding of commonly used cloud providers, platforms, cloud technologies and security tools

Proven skills as a professional services advisor providing direction and input to diverse clients

Effective communication skills, both interpersonal and written, for both deep-in-the-weeds technical matters and higher-level general concepts

Flexibility to work independently or as a part of a larger team

Demonstrated competence: general security certification (CISSP, CISA, GIAC GSNA, or CAP/CGRC), cloud certification (CCSP, CCSK, CCAK), and/or hyperscale cloud certifications (like AWS Solutions Architect – Professional or AWS Certified Security - Specialty)