Cybersecurity Consultant, FedRAMP Assessments

Category: Audit & Advisory 

Schedule (FT/PT): Full Time 

Travel Required: Limited travel based on client needs

Shift: Day 

Potential for Telework: Yes, 100%, must be U.S. based

Clearance: None Required 

Citizenship: Must be a U.S. citizen

Position Overview

FITS is seeking an Information Security (Cybersecurity) Consultant to support and lead cloud security compliance assessments, with a focus on FedRAMP and other frameworks based on NIST SP 800-53. The ideal candidate will take ownership of assessment workstreams, progress quickly into leading full assessments, and consistently deliver high quality, client ready results in a fast-paced consulting environment.

Key Responsibilities

• Execute and help lead NIST SP 800-53-based security assessments, with a primary focus on FedRAMP and/or DISA Impact Level IL4, IL5, and IL6 engagements.
• Lead and carry out assessment activities by defining scope, managing schedules, coordinating evidence requests, conducting interviews, and establishing testing approaches while ensuring timely progress to completion.
• Assess control implementation and effectiveness, identify gaps and risks, and define required remediation actions.
• Produce clear, accurate, and client ready deliverables including assessment workpapers, control evaluation narratives, findings, and POA&M inputs with strong attention to detail and audit rigor.
• Partner with client stakeholders (security, engineering, governance, and leadership) to gather evidence and explain assessment expectations and results.
• Perform quality assurance reviews of assessment artifacts developed by team members and provide mentorship to junior staff as needed.
• Contribute to the ongoing enhancement of FITS assessment processes, templates, and internal knowledge resources supporting federal cloud compliance.

Required Qualifications

• Demonstrated ability to own and deliver complex security compliance assessment work with limited oversight.
• Minimum of 2 years of experience conducting security assessments within FedRAMP, DISA IL4/IL5/IL6 environments, or other frameworks based on NIST SP 800-53.
• Demonstrated experience interpreting security requirements, collecting and validating evidence, conducting stakeholder interviews, and documenting control assessments with audit-ready rigor.
• Strong written and verbal communication skills, including the ability to translate security/compliance requirements for technical and non-technical audiences.
• Certification requirement: Must hold at least one of the certifications listed in the “Required Certifications (one or more)” section below.

Preferred Qualifications

• Hands-on experience developing or assessing FedRAMP authorization packages and artifacts (e.g., SSP, SAP/SAR, RAR, POA&M), with a strong understanding of FedRAMP guidance and baseline requirements.
• Experience assessing cloud environments such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform, along with common cloud service models (IaaS, PaaS, SaaS) and architectures.
• Experience utilizing governance, risk, and compliance (GRC) tools and managing evidence workflows throughout the assessment lifecycle.
• Experience with industry security frameworks (e.g., ISO/IEC 27001, SOC 2, PCI DSS) and the ability to map and align controls across multiple frameworks.
• Proficiency in a scripting language such as Python or PowerShell is a significant plus but not a requirement for the role.

Required Certifications (must have 1 or more of the following)

• Cisco Certified Network Associate Security (CCNA Security)
• Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)
• Cybersecurity Analyst (CySA+)
• GIAC Certified Incident Handler (GCIH)
• GIAC Systems and Network Auditor (GSNA)
• GIAC Certified Intrusion Analyst (GCIA)
• Certified Information Systems Auditor (CISA)
• Certified Information System Security Professional or Associate (CISSP or Associate)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Certified Information Systems Security Officer (CISSO)
• CyberSec First Responder (CFR)
• CompTIA Advanced Security Practitioner (CASP+) Continuing Education (CASP+ CE)
• CompTIA Cloud+ (Cloud+)
• Global Industrial Cyber Security Professional (GICSP)
• Securing Cisco Networks with Threat Detection Analysis (SCYBER)
• BCR Cyber Technical Proficiency Testing Activity

Additional Notes

• This is a fully remote position.
• Some engagements may require the ability to pass a background check and/or meet customer access requirements.
• Limited travel may be required based on client needs.

The successful candidate for this position will be subject to a pre-employment background check. 

Pay Range: $110,000- $140,000 per year

The FITS pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, or other law.