Coalfire Federal is a market leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing and a full suite of cyber engineering services to Federal agency customers.  Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with leading cloud and technology providers including Amazon, Microsoft, IBM, Google and Oracle and Federal agencies.  Coalfire has been a cybersecurity thought leader for over 20 years and has offices throughout the United States and Europe and is committed to making the world a safer place by solving our clients’ toughest security challenges. 

But that’s not who we are – that’s just what we do.

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.  

Coalfire Federal is both an authorized C3PAO and CMMC RPO - and we’re currently seeking experienced CMMC Advisors to join our growing team.

Position Summary

As a CMMC Advisor, you’ll work with leading manufacturing, IT, Cloud Service, and professional service organizations that compromise the Defense Industrial Base (DIB) serving the United States Department of Defense (DOD). You will be part of a team that supports the efforts of these organizations to satisfy DOD's Cybersecurity Maturity Model Certification and related government regulations either as an advisor to organizations preparing for CMMC or as an assessor to certify organizations’ compliance with CMMC requirements.

Location Details

CMMC Assessment and Advisory positions are typically remote. Occasional or limited travel may vary based on client needs.

• As an advisor you will work with organizations preparing for CMMC by helping them determine their in-scope (CUI) boundary and perform Gap Analyses to assess current state against CMMC requirements
• Advisors may also be required to provide compliance remediation services to research and develop technical solutions to compliance related problems, and other services including road mapping, System Security Plan (SSP) development, and Policy and Procedure support
• Support and guide information risk and security discussions with technical and non-technical groups
• Provide guidance on the administration and maintenance of security systems infrastructure, application, devices, tools and software services
• Be part of a high-performance, industry-leading delivery team that is setting the pace for CMMC adoption across the DIB
• Advise clients on identification of the CUI Boundary and provide related scoping exercises to facilitate effective gap analyses
• Effectively communicate advice on scoping and control development/management
• Review and analyze artifacts related to CMMC requirements
• Prepare and conduct interviews related to potential gaps in preparedness
• Confidently examine and test requirement preparedness
• Understand how to support development of a Systems Security Plan
• Write up and present to client priorities and remediation strategies against CMMC requirements

• Working knowledge of the controls and implementation of DFARS Clause 252.204-7012 (NIST 800-171)
• Direct involvement with building reports that clearly communicate met and not met objectives in accordance with assessment guidelines
• Ability to track detailed tasks and ensure timely delivery of project deliverables
• Excellent communication and problem-solving skills
• Critical thinking, and ability to balance security requirements with mission needs
• Must be well-organized and detail-oriented with the ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments
  

Education 

Completed Bachelor’s degree from an accredited university, preferably in an IT related field.

Clearance / Suitability Requirements

• • US Citizenship Required
  • Currently possess or the ability to obtain a favorable DoD Suitability Determination
    • or possess a NAC (National Agency Check) or other DoD accepted clearance is preferred

Certifications 

• • Required: Industry recognized cybersecurity certification(s). We recommend checking out the DoD Approved 8570 Baseline Certifications as an example.
    • Preferred certifications typical for roles in our federal delivery services may include: Security+, CEH, CISA, CISSP, CISM, or other industry recognized certification.
  • Certified CMMC Practitioner or Certified CMMC Professional (CCP) is highly preferred - or the qualifications to become certified.

Years of Experience 

• • Overall 5 to 7 years of experience in the IT Security / Cybersecurity industry
  • At minimum 3 to 5 years of work experience in a Client facing role providing risk assessment, advisory services, and/or consulting in a federal environment
  • Previous experience working for a CMMC RPO or C3PAO (Candidate or Authorized) is highly preferred
    

• CMMC - CCP or CCA credentials

Our people make Coalfire Federal great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve.

Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more.

You’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support memberships, and comprehensive insurance options.  

Coalfire is an EEO employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran