Senior FedRAMP ConsultantAt MindPoint Group, LLC
MindPoint Group delivers industry-leading cybersecurity solutions, services, and products. We are trusted cybersecurity advisors to key government and commercial decision-makers and support security operations for some of the most security-conscious organizations globally.
Our relationship with you is for the long run because your success is our success. We invest in your success through fantastic benefits (healthcare, generous PTO, paid parental leave, and tuition reimbursement, to name a few).
Beyond just excellent pay and benefits, you’ll want to work here for reasons that can’t be written into an offer letter—the challenge, growth opportunities, and most important: the culture of a company that cares about you.
A position at MPG promises you
- A diverse organization
- A safe workplace with zero tolerance for discrimination or harassment of any kind
- A balanced work life. Seriously.
- A stable, established, and growing business
- A leadership team focused on your professional growth and development
As a Senior FedRAMP Consultant, you'll be part of our team of FedRAMP personnel assessing XaaS cloud offerings against the NIST SP 800-53 framework, and helping our advisory clients successfully architect, document, prepare for, and succeed in their ATO assessments for the FedRAMP program. You'll help assess and document technical and operational security controls for these cloud service providers, and will be exposed to numerous technologies and system architectures through your work. You will be responsible for assessing the implementation of technical controls during the assessment. You will also provide guidance to Junior Team Members.
During the FedRAMP assessments, you'll be responsible for interviewing client subject matter experts and control/system owners in order to gauge their understanding and implementation of security controls, and for testing the application and successful implementation of those controls. Similarly, our consulting engagements require significant interaction with client SMEs to understand their system architecture and controls at a level where you will be able to write detailed policy and procedure for those controls, and assist the client with completion of their SSP documents. In all of our work, the ability to build rapport with the client, identify security control practices which are missing or inadequate, and provide best-in-class written deliverables is critical not only to the client's success but our team's success as well.
This is not your typical GRC role - FedRAMP has high standards for its stakeholders, and MindPoint Group ensures its assessments and consulting engagements exceed those standards.
- Bachelor’s degree in computer science, computer engineering, cybersecurity, or a closely related discipline
- Eligible for Secret Clearance
- Due to changed FedRAMP requirements (June 2021), an active CISSP certification is mandatory for this Senior position
- 5+ years of audit/assessment experience using risk-based frameworks
- 2+ years direct work assessing and/or implementing technical controls from NIST SP 800-53 r4 or r5
- A strong, demonstrable technical writing ability and client interview skillset
- Able to meet or beat deliverable deadlines without micromanagement
You will need to bring, or be prepared to pass the exam before January 2022, any of the following certifications in addition to the CISSP: CompTIA CASP, GIAC GCED/GCIH/GSLC, ISACA CISA/CISM, ISC2 CCSP/CISSP-ISSAP/CISSP-ISSEP/CISSP-ISSMP.
One of these additional certifications is required in addition to the CISSP to meet new federal requirements from June 2021 for the position.
Remote Work/Travel Requirements:
This is a majority remote position with minimal (10-15%) domestic travel to client sites for FedRAMP assessments anticipated after COVID. Consulting engagements do not require travel.
Additional Consideration Given for:
- Active certification with major cloud services (AWS / Azure / GCP)
- An eagerness to research unfamiliar technologies and security controls
- Certificate of successful completion with Baltimore Cyber Range
- Experience assessing or operating under the NIST RMF
- Experience assessing FedRAMP services
- Experience assessing or implementing NIST SP 800-171 controls
- Experience with enterprise vulnerability scanning and remediation
- Experience architecting system solutions in on-prem and cloud-based environments
- Knowledge of other IT-related risk management frameworks such as HIPAA, PCI, CIS, and AICPA SOC
- Solid understanding of virtualization, containerization, and hyperscale systems
- Solid understanding of PKI and cryptography
- System administration or network engineering background
- Web application development and testing
- All your information will be kept confidential according to EEO guidelines.
- Equal Opportunity Employer Veterans/Disabled