Job Description

About SecureIT:

SecureIT is a trusted and fast-growing professional services firm specializing in cybersecurity compliance, with deep expertise in FedRAMP assessments and authorizations for cloud service providers. As an accredited Third-Party Assessment Organization (3PAO), we help clients navigate complex federal cybersecurity requirements and enable them to deliver secure, compliant services to government agencies. What sets SecureIT apart is not only our technical excellence and commitment to quality but also our people-first culture. We value challenging work that drives professional growth, we encourage work-life integration, and we actively support community engagement. Employees at SecureIT enjoy a collaborative environment, remote work flexibility, and direct impact on meaningful projects that shape the future of cloud security. If you’re seeking a mission-driven company where your contributions matter and your development is supported, SecureIT is the place to be.

What You’ll Do:

We are seeking a highly experienced FedRAMP Advisory Lead Consultant to join our FedRAMP Advisory service line. This position requires a deep understanding of cloud security frameworks, NIST 800-53 controls, and the overall FedRAMP process. You will work directly with clients to assess their readiness, develop compliance strategies, and guide them through the necessary steps to achieve and maintain FedRAMP authorization. As a trusted advisor, you will work with cross-functional stakeholders—including technical teams, security personnel, compliance officers, and executive leadership—to ensure strategic alignment and successful execution of FedRAMP engagements. Responsibilities and tasking include:

• Serve as the primary advisor to clients pursuing FedRAMP authorization, providing expert-level guidance throughout the process.
• Assess overall readiness, advise on authorization strategies and pathways, design secure and compliant architectures, identify gaps, and provide actionable recommendations which align to FedRAMP requirements.
• Develop comprehensive FedRAMP implementation roadmaps and project timelines
• Assist with boundary definition, data flow diagrams, and system architecture documentation
• Provide technology-specific guidance and advice for commonly used Cloud platforms (e.g., AWS, Azure, GCP, etc.) and technologies (e.g., Windows, Unix, Docker, Kubernetes, etc.)
• Drive discussions with clients regarding key, complex, and technical FedRAMP areas (e.g., container security, boundary protection, FIPS 140-2 Validated encryption, phishing resistant MFA, DNSSEC, and DMARC).
• Provide technical input into the development of the FedRAMP documentation package, to include the System Security Plans (SSP), Policies & Procedures (P&Ps), POA&Ms, and continuous monitoring plans.
• Collaborate with internal teams, including engineering, cloud security, and compliance, to design compliant architectures and implement required technical security controls
• Help clients plan for, establish, and execute regular ConMon processes and provide subject matter guidance on complex ConMon reporting issues, including risk acceptance requests, vulnerability downgrades, and configuration deviations.
• Stay current with changes to FedRAMP policies, NIST SP 800-series publications, and emerging compliance trends.
• Mentor other team members on complex technical concepts and contribute to internal knowledge base and best practices development.

What You’ll Bring to the Table:

Knowledge & Experience:

• 8+ years of experience in cybersecurity compliance, cloud security, or related field, with a focus on FedRAMP advisory or hands-on implementation.
• Proven experience leading FedRAMP projects from readiness through authorization and continuous monitoring.
• Experience working at or with a 3PAO, CSP, or federal agency.

Technical Skills:

• Expertise with cloud platforms (AWS, Azure, Google Cloud) and secure cloud architecture principles.
• Working knowledge of container security, boundary protection, FIPS 140-2 validated encryption, phishing resistant MFA, DNSSEC, and DMARC.
• Experience with Infrastructure as Code (Terraform, CloudFormation, ARM templates)
• Understanding of container security (Docker, Kubernetes) in government cloud environments
• Experience with vulnerability management tools (Nessus, Rapid7, Qualys), SIEM/log management solutions (Splunk, ELK Stack, AWS CloudTrail) and configuration management tools (Ansible, Puppet, Chef)
• Hands-on experience with cloud security tools and architectures.

Soft Skills:

• Strong communication skills to explain complex compliance and security concepts to non-technical stakeholders. Ability to present solutions clearly and confidently to C-level executives and technical teams.
• Strong analytical and problem-solving skills to assess complex security and compliance challenges and provide practical solutions.
• Effective time management skills and an ability to adapt in a rapidly changing environment.
• Strong writing and documentation skills.

Certifications:

• Industry recognized certifications such as CISSP, CCSP, CCSK, CCAK, and/or specific hyperscale certifications a plus.

Education:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field; advanced degrees are a plus.

Ready to Make an Impact?

If you’re excited about the opportunity to work with a talented team and help drive great business outcomes for our clients, we want to hear from you. Apply today and join us in making a difference!

Job Tags

Similar Jobs