Full-Time
Consultant
Fedramp Assessment
Posted on 10/3/2025
Coalfire
1,001-5,000 employees
Cybersecurity advisory and cloud security services
Compensation Overview
$64k - $112k/yr
Remote in USA
Remote
 IT & Security (1) |
|---|
- Minimum 2-3 years of experience in the IT industry, with strong familiarity with the applicable NIST Special
- Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experience.
- Technical and detailed understanding of NIST 800-53 Rev 5 AT, CA, CM, CP, IR, MA, MP, PE, PL, PS, RA, SA, SI control families
- Ability to lead testing sessions for assigned controls
- Ability to independently research a technical topic and develop logical testing approaches to validate 800-53 control implementations
- Ability to assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements
- Read and interpret all control families
- Read and interpret firewall rulesets and network/boundary/data flow diagrams
- Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
- Strong personal initiative to appropriately manage time and meet deadlines
- Strong Consulting skills; ability to advise and challenge the status quo while building strong relationships
- Ability to build high-trust relationship and credibility quickly
- High attention to detail
- Ability to facilitate meetings to small or large groups
- Diplomatic and broad minded
- Strong technical researcher
- Ability to travel up to 20%
- Must have one of the following certs: Cisco Certified Network Associate Security (CCNA Security), Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops), Cybersecurity Analyst (CySA+), GIAC Certified Incident Handler (GCIH), GIAC Systems and Network Auditor (GSNA), GIAC Certified Intrusion Analyst (GCIA), Certified Information Systems Auditor (CISA), Certified Information System Security Professional or Associate (CISSP or Associate), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Officer (CISSO), CyberSec First Responder (CFR), CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE), CompTIA Cloud+ (Cloud+), Global Industrial Cyber Security Professional (GICSP), Securing Cisco® Networks with Threat Detection Analysis (SCYBER), BCR Cyber Technical Proficiency Testing Activity.
- Work collaboratively with a team of assessors as a federal compliance specialist (e.g. FedRAMP, NIST 800-171, FISMA, etc.) and assist with the planning of assessment for clients
- Draft audit observations that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment
- Autonomously leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements
- Assess security vulnerabilities against the appropriate security frameworks
- First-level reviewer of drafted audit planning and reporting materials
- Pursue and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured
- Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification
- Assess client provided documentation for compliance with a variety of standards
- Prepare and review assessment reports
- Educate and interpret compliance activities for clients
- Manage priorities and tasks to achieve delivery utilization targets
- Ensure quality products and services are delivered on time per Coalfire quality standards
- Continuous professional development; maintain industry specific certifications, depth of knowledge, credentials, and designations
- Collaborate with project managers, quality management and/or other delivery team members to drive customer satisfaction and meet project deliverables
- Establish and maintain positive collaborative relationships with clients and stakeholders
- Identify upsell and cross sell opportunities; escalates to appropriate leadership
- Execute, examine, interview and test procedures in accordance with the appropriate control
- Ensure cyber security policies are adhered to and that required controls are implemented
- Review and assess respective information system security plans to ensure control requirements are met
- Understand how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable
- Provide advice to customers on issues affecting the scope of work in a manner that provides additional value
- Develop documentation and author recommendations associate with your findings on how to improve the customer’s security posture in accordance with appropriate controls
- Remote work environment
- Travel up to 20%
- Expertise in security frameworks and regulatory requirements (such as SOC 2, ISO, NIST, COBIT, HIPAA/HITECH, HITRUST or PCI)
- Experience working with technologies hosted via cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)
- Experience reviewing Nessus output a plus, along with basic knowledge of networking components and various operating systems in a cloud environment, including UNIX and Microsoft
- Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements
Coalfire provides cybersecurity advisory and managed services to help organizations protect digital assets and secure cloud environments. Its offerings include risk assessments, threat and vulnerability management, compliance assessments, third‑party risk management, and cloud security consulting plus managed security services. It differentiates itself with a focus on regulated industries (HIPAA, HITRUST) and end-to-end services that cover both advisory guidance and ongoing security operations for scalable, compliant cloud deployments. Its goal is to reduce cyber risk and help clients meet regulatory requirements while advancing cybersecurity education through initiatives like the Richard E. Dakin Fund.
Company Size
1,001-5,000
Company Stage
Series B
Total Funding
$9.4M
Headquarters
Westminster, Colorado
Founded
2001
Simplify's Take
What believers are saying
- April 2026 Google Cloud partnership embeds compliance into operations.
- March 2026 Drata alliance shifts compliance to continuous monitoring model.
- FastRAMP accelerator speeds FedRAMP for Upwind and Forescout clients.
What critics are saying
- Google Cloud's Audit Manager commoditizes Coalfire's assessments by 2028.
- Drata captures direct clients, eroding Coalfire revenue in 18 months.
- Upwind's 4000% growth competes for federal budgets within 12 months.
What makes Coalfire unique
- Coalfire leads FedRAMP compliance assessments for US federal agencies.
- DivisionHex delivers elite AI threat hunting against shadow AI risks.
- Compliance Essentials integrates with Google Cloud for automated audits.
Help us improve and share your feedback! Did you find this helpful?
Benefits
Flexible Work Hours
Remote Work Options
Parental Leave
Unlimited Paid Time Off
Professional Development Budget
Mental Health Support
Health Insurance
Dental Insurance
Vision Insurance
Life Insurance
Disability Insurance
Growth & Insights and Company News
6 month growth
↑ 0%1 year growth
↑ 1%2 year growth
↑ 1%Coalfire has launched an AI threat hunting capability through its DivisionHex practice to address emerging security risks from AI deployment. A Richmond Advisory Group survey found that nearly 90% of organisations have faced an AI-driven incident in the past 18 months, whilst only 10% deploy AI securely. The service targets shadow AI, compromised AI agents and "agentic insider risk" — where AI systems act beyond intended permissions. It hunts for vulnerabilities including prompt injection attacks, data poisoning, unauthorised credential usage and privilege escalation through automation. DivisionHex's team conducts investigative reviews to uncover unauthorised AI integrations, shadow AI usage and signs of manipulated AI models. The capability is available immediately as a standalone engagement or integrated with broader security assessments.
Coalfire announces strategic partnership with Drata to deliver continuous trust. Mar 10, 2026, 08:03 ET CHICAGO, March 10, 2026 /PRNewswire/ - Coalfire Systems, Inc. today announced a strategic partnership with Drata, the leading agentic trust management platform, to help organizations operationalize trust through enterprise-grade GRC, always-on assurance and independent validation. This partnership combines Coalfire's experience delivering coordinated assessments across more than 100 frameworks with Drata's agentic trust management platform for continuous control monitoring, automated evidence collection, centralized GRC workflows, and ongoing trust assurance. Coalfire translates Drata's AI-native insights into independent assessments, certifications and assurance outcomes. Coalfire's Compliance Essentials is embedded as a structured delivery layer to guide readiness, validate controls and align audit evidence. Adam Shnider, executive vice president of assessment services, Coalfire, said: "Organizations want compliance to move as fast as their technology. By combining continuous monitoring from Drata with Coalfire's independent assessment expertise, we help clients move from readiness to assurance with greater efficiency and confidence." Kevin Kriebel, senior vice president of business development, Drata, said: "Trust is no longer a point-in-time milestone; it's an always-on expectation. By partnering with Coalfire, we're strengthening the bridge between continuous trust management and independent assurance. Together, we're helping organizations operationalize governance, risk and controls in a way that builds real confidence with customers, partners and regulators. This collaboration reinforces our commitment to delivering the trust network that enables businesses to operate, scale and partner with confidence." This partnership moves compliance from periodic, manual work to a continuous model that reduces evidence collection time while delivering the independent assurance stakeholders require. About Coalfire: Coalfire, headquartered in Chicago, Ill., is a global services and solutions company that specializes in cyber advisory, assessment, and security. The company also develops cutting-edge technology platforms that automate defenses against security threats for the world's leading enterprises, cloud providers, and SaaS companies. Coalfire is the foremost provider of FedRAMP compliance assessments and penetration testing services in the United States. For more information, visit www.coalfire.com and follow LinkedIn, Twitter, and Facebook. Media Contact Corey Eldridge Force4 Technology Communications [email protected] SOURCE Coalfire
Upwind partners with coalfire(r) to accelerate fedramp(r) accreditation for strengthening public sector Cloud Security. Collaboration unites Upwind's runtime-first cloud security platform with Coalfire's FastRAMP accelerator to speed secure, compliant cloud adoption for US federal agencies SAN FRANCISCO-(BUSINESS WIRE)-Upwind, a next-generation cloud security provider, announced today a strategic partnership with Coalfire, a leading FedRAMP cybersecurity advisor and assessor, to accelerate federal agencies' adoption of modern cloud security. Together, the companies are pursuing a FedRAMP Moderate Equivalency designation, clearing the way for civilian agencies to deploy Upwind's comprehensive runtime-first Cloud Native Application Platform (CNAPP) while meeting strict compliance standards. FedRAMP Moderate Equivalency is the US government's benchmark for unlocking cloud adoption across most civilian agencies. By teaming with Coalfire and leveraging its FastRAMP accelerator, Upwind is helping agencies avoid the lengthy delays that have historically slowed the Authorization to Operate (ATO) process. "The race to secure sensitive, rapidly evolving cloud environments has never been more critical, as public sector agencies are expected to deliver secure platforms, protect sensitive government workloads, and embrace innovations like AI, all while the threat actors grow more sophisticated," said Amiram Shachar, CEO & Co-founder at Upwind. "Partnering with Coalfire accelerates our path to FedRAMP certification, enabling government agencies to adopt runtime-first security sooner and stay ahead of threats in today's complex, high-stakes cloud landscape." This partnership comes at a time when federal agencies are under mounting pressure to secure increasingly complex, AI-driven cloud environments while meeting stringent compliance requirements. Upwind's comprehensive CNAPP unifies posture management, workload protection, threat detection, vulnerability management, and identity security, into one platform, giving security teams the visibility and speed to address threats as they emerge. The platform delivers runtime-first powered protection across applications, workloads, and infrastructure, giving security teams unmatched visibility and the agility to respond quickly. "Advancing secure cloud capabilities for national security and civilian missions is a responsibility we take seriously," said Karen Laughton, Executive Vice President at Coalfire. "FastRAMP accelerator is designed to help vendors like Upwind navigate FedRAMP Moderate with speed and confidence, underscoring Coalfire's commitment to accelerating compliance for cybersecurity innovators serving their highly regulated clients and government agencies." This partnership follows a year of rapid momentum for Upwind. The company now serves 200+ global enterprises as its customers, including Agoda, Peloton, Fiverr, and Bill, and achieved more than 4000% year-over-year growth. Its platform secures millions of workloads across VMs, containers, and serverless environments, delivering tangible results. Customers see 98% fewer security alerts and 60% fewer irrelevant CVEs. Upwind has also been recognized by Gartner with multiple mentions in their 2025 Hype Cycles and Market Guide for CNAPP, recognized in the Forrester CNAPP Solutions Landscape 2025, and named a two-time leader in Cloud Security and CADR in the Latio 2025 Cloud Security Report. About Upwind Upwind is the next-generation cloud security platform built to lead the runtime revolution. With rapid momentum and a bold vision to unify cloud and application-layer protection, Upwind helps organizations run faster, detect threats earlier, and secure their environments with unmatched precision. Upwind was founded by Amiram Shachar and his founding partners from Spot.io (which was sold to NetApp for $450 million) and is backed by top cybersecurity investors Greylock, Cyberstarts, Leaders Fund, Craft Ventures, Cerca Partners, and Sheva, a VC fund founded by former NBA player Omri Casspi. The company has secured $180 million in funding since its founding in 2022. For more information or to schedule a demo and see the future of runtime security firsthand, visit www.upwind.io. Coalfire is a global services and solutions company that specializes in cyber advisory, assessment, and security. The company also develops cutting-edge technology platforms that automate defenses against security threats for the world's leading enterprises, cloud providers, and SaaS companies. Coalfire is the foremost provider of FedRAMP compliance assessments and penetration testing services in the United States. For more information, visit www.coalfire.com and follow on LinkedIn. Media Upwind Justine Rosin Headline Media [email protected] (917) 724-2176 More News From Upwind SAN FRANCISCO-( BUSINESS WIRE )-Upwind, a next-generation cloud security leader, announced the launch of its "Open Source Security Model," a groundbreaking approach that brings extreme ownership, adaptability, and transparency to cloud risk management. Upwind also announced its recognition on the prestigious CRN(R) 2025 Stellar Startups list in the Security category, which honors the most forward-looking vendors shaping innovation and growth in the IT channel. Together, these two milestones reinf... SAN FRANCISCO-( BUSINESS WIRE )-Upwind, a next-generation cloud security leader, announced today the launch of its Exposure Validation Engine, a first-of-its-kind capability that brings dynamic, real-time validation into the Cloud Security Posture Management (CSPM) layer. This innovation enables security, engineering, and compliance teams to validate live cloud exposures with precision in real-world conditions. The announcement coincides with Upwind's recognition on the 2026 Fortune x Lightspee... SAN FRANCISCO-( BUSINESS WIRE )-Upwind, a next-generation cloud security provider, today announced that it has been named a Cloud Security Leader and CADR (Cloud Application Detection and Response) Leader in the Latio 2025 Cloud Security Report. The annual report identifies the top innovators, technologies, and vendors redefining how organizations secure cloud-native environments against evolving threats. This year's edition marks a turning point for the industry, shifting focus from visibility...
Trimble has partnered with Coalfire, a leading cybersecurity and compliance consultancy, to guide its FedRAMP journey.
Forescout Technologies, Inc. today announced a strategic partnership with Coalfire to accelerate the FedRAMP Authorization to Operate (ATO) processes for Forescout Cloud Services.