Coalfire Federal

Audit and Compliance Security Analyst

Job Locations US-VA-Herndon
Regular Full-Time

About Coalfire

Coalfire Federal is a market leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing and a full suite of cyber engineering services to Federal agency customers. Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with leading cloud and technology providers including Amazon, Microsoft, IBM, Google, Oracle and Federal agencies. Coalfire has been a cybersecurity thought leader for nearly 20 years and has offices throughout the United States and Europe and is committed to making the world a safer place by solving our clients’ toughest security challenges.


We’re growing rapidly and currently seeking an Audit and Compliance Security Analyst to support our team in Herndon, VA. This position is hybrid telework, requiring 1 on site day per week.

What you'll do

  • Perform internal audits and compliance checks to ensure that the agency is compliant with its IT Security policies, procedures, and technical standards.
  • Ongoing review and updating of tracking information and evidence for compliance with the FISMA metrics used for annual IG audit.
  • Perform independent quality assurance checks on System Assessment & Authorization documentation, incident response records, POA&Ms, Key Performance Indicators, policy and procedure documentation, system inventory, etc. and related supporting evidence to ensure they are being maintained effectively.
  • Track findings and make recommendations to stakeholders to ensure resolution of any issues discovered in the audits/reviews.
  • Assist stakeholders with planning remediations if needed.
  • Perform collection and coordination of evidence provided to the IG auditors.
  • Assist with tracking and resolution of findings from IG audits, SI-acquired penetration tests, and other assessments.
  • Work with leadership to develop procedures for enforcement and escalation related to security policy violations.
  • Provide reports to OCIO management based on assessments performed.
  • Make recommendations for enhancing compliance with requirements and standards, improving audit results, and enhancing IT security.
  • Ensure that the agency is prepared for annual IG security audit and that necessary evidence has been reviewed and is ready to be provided.
  • Participate in planning of IT security program improvements to address emerging requirements and risks.
  • Collaborate and communicate effectively with project teams and customers. Develop effective working relationships with colleagues and project stakeholders.
  • Give presentations on findings and recommendations to various audiences.

What you'll bring

  • Experience performing audits, compliance assessments, and quality assurance checks.
  • Knowledge and experience with NIST computer security frameworks and guidelines, including the Risk Management Framework (RMF) and the CyberSecurity framework (CSF). Understanding of additional security frameworks and best practices such as PCI DSS, CIS, etc. is a plus.
  • In depth knowledge of computer security best practices and technical concepts.
  • Must be well-organized and detail-oriented.
  • Ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments.
  • Excellent writing, interpersonal and communication skills. Must be able to effectively communicate with a variety of audiences in a broad range of formats to inform, collaborate and advise personnel throughout the organization.
  • Ability to work both independently and collaboratively with teams. The contractor must be responsible and capable of working with minimal supervision to effectively achieve the goals stated above, but also work well with others.

Bonus Points

  • CISSP, CISM, CISA or other relevant certification
  • PMP certification
  • Knowledge of GRC tools e.g., CSAM and Archer
  • Knowledge of the NIST Cybersecurity Framework

Why you'll want to join us

Passionate problem-solvers who are hungry to learn, grow, and contribute. That’s what it takes to be a part of the Coalfire team. We work together to tackle the toughest cybersecurity challenges and help our clients become more secure and successful. We are trusted advisors who are committed to shaping our industry. At Coalfire, our people have the opportunity to expand their minds and skills, build meaningful relationships with the industry’s smartest minds, and have a direct impact on our company’s success. 


Along with energetic culture and supportive environment, you’ll have the flexibility to balance your personal and work life and grow personally and professionally. We work hard, and we play hard – and the two often overlap, and we’re active in our communities. Plus, we offer great benefits, including:

  • Health, dental, and vision insurance with an employer contribution
  • Flexible paid time off 
  • A generous 401(k) plan
  • Corporate wellness programs
  • Stock Appreciation Rights (SARs)
  • Tuition reimbursement
  • Certification reimbursement

Coalfire is an EEO employer. We celebrate diversity and are committed to respecting one another, embracing individual differences, and creating an inclusive environment for all employees.


CA Privacy Policy:


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed