[Hiring] Cybersecurity Consultant @First Information Technology Services

Role Description

FITS is seeking an Information Security (Cybersecurity) Consultant to support and lead cloud security compliance assessments, with a focus on FedRAMP and other frameworks based on NIST SP 800-53. The ideal candidate will take ownership of assessment workstreams, progress quickly into leading full assessments, and consistently deliver high quality, client ready results in a fast-paced consulting environment.

Key Responsibilities

• Execute and help lead NIST SP 800-53-based security assessments, with a primary focus on FedRAMP and/or DISA Impact Level IL4, IL5, and IL6 engagements.
• Lead and carry out assessment activities by defining scope, managing schedules, coordinating evidence requests, conducting interviews, and establishing testing approaches while ensuring timely progress to completion.
• Assess control implementation and effectiveness, identify gaps and risks, and define required remediation actions.
• Produce clear, accurate, and client ready deliverables including assessment workpapers, control evaluation narratives, findings, and POA&M inputs with strong attention to detail and audit rigor.
• Partner with client stakeholders (security, engineering, governance, and leadership) to gather evidence and explain assessment expectations and results.
• Perform quality assurance reviews of assessment artifacts developed by team members and provide mentorship to junior staff as needed.
• Contribute to the ongoing enhancement of FITS assessment processes, templates, and internal knowledge resources supporting federal cloud compliance.

Qualifications

• Demonstrated ability to own and deliver complex security compliance assessment work with limited oversight.
• Minimum of 2 years of experience conducting security assessments within FedRAMP, DISA IL4/IL5/IL6 environments, or other frameworks based on NIST SP 800-53.
• Demonstrated experience interpreting security requirements, collecting and validating evidence, conducting stakeholder interviews, and documenting control assessments with audit-ready rigor.
• Strong written and verbal communication skills, including the ability to translate security/compliance requirements for technical and non-technical audiences.
• Must hold at least one of the certifications listed in the “Required Certifications (one or more)” section below.

Preferred Qualifications

• Hands-on experience developing or assessing FedRAMP authorization packages and artifacts (e.g., SSP, SAP/SAR, RAR, POA&M), with a strong understanding of FedRAMP guidance and baseline requirements.
• Experience assessing cloud environments such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform, along with common cloud service models (IaaS, PaaS, SaaS) and architectures.
• Experience utilizing governance, risk, and compliance (GRC) tools and managing evidence workflows throughout the assessment lifecycle.
• Experience with industry security frameworks (e.g., ISO/IEC 27001, SOC 2, PCI DSS) and the ability to map and align controls across multiple frameworks.
• Proficiency in a scripting language such as Python or PowerShell is a significant plus but not a requirement for the role.

Required Certifications

• Cisco Certified Network Associate Security (CCNA Security)
• Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)
• Cybersecurity Analyst (CySA+)
• GIAC Certified Incident Handler (GCIH)
• GIAC Systems and Network Auditor (GSNA)
• GIAC Certified Intrusion Analyst (GCIA)
• Certified Information Systems Auditor (CISA)
• Certified Information System Security Professional or Associate (CISSP or Associate)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Certified Information Systems Security Officer (CISSO)
• CyberSec First Responder (CFR)
• CompTIA Advanced Security Practitioner (CASP+) Continuing Education (CASP+ CE)
• CompTIA Cloud+ (Cloud+)
• Global Industrial Cyber Security Professional (GICSP)
• Securing Cisco Networks with Threat Detection Analysis (SCYBER)
• BCR Cyber Technical Proficiency Testing Activity

Additional Notes

• This is a fully remote position.
• Some engagements may require the ability to pass a background check and/or meet customer access requirements.
• Limited travel may be required based on client needs.
• The successful candidate for this position will be subject to a pre-employment background check.

Pay Range

$110,000- $140,000 per year

Benefits

• 100% health, dental, and vision coverage for employees and their dependents (including domestic partners).
• Matching 401(K).
• Short/long term disability.
• Life insurance.
• Parental leave.
• Paid time off accrues at a starting rate of 15 days/year, increasing with tenure.
• 10 paid holidays for employees working for clients in Washington state.
• Up to $5,000 annually for professional development, including reimbursement of job-related training classes, seminars, tuition, and certification expenses.