[Remote] FedRAMP Security Consultant

Note: The job is a remote job and is open to candidates in USA. RSI Security is a trusted leader in cybersecurity compliance and assessment services, supporting organizations across federal, commercial, and emerging regulatory frameworks. As a FedRAMP Security Consultant, you will support cloud service providers in preparing for FedRAMP authorization through readiness assessments, gap analysis, and development of required security documentation.

Responsibilities

• Lead FedRAMP Readiness & Advisory Engagements: Work directly with cloud service providers to assess FedRAMP readiness, identify control gaps, and develop actionable remediation roadmaps aligned with NIST SP 800-53 and FedRAMP requirements
• Perform Gap Assessments & Control Analysis: Evaluate current-state security programs against FedRAMP requirements, including technical, operational, and documentation controls, and clearly articulate gaps and risk implications
• Develop Core FedRAMP Artifacts: Support and/or lead the development of key deliverables such as System Security Plans (SSP), POA&Ms, policies, and supporting documentation required for FedRAMP authorization
• Interpret NIST Controls in Real Environments: Translate NIST SP 800-53 control requirements into practical implementations within cloud environments (AWS, Azure, GCP), including shared responsibility and inherited controls
• Advise on Architecture & Control Implementation: Provide guidance on security architecture, control design, and implementation strategies to align client environments with FedRAMP expectations
• Engage with Client Stakeholders: Lead technical discussions and workshops with engineering, security, and compliance teams to validate implementations and drive progress toward authorization readiness
• Support Future Assessment Capability: Contribute to RSI’s development of FedRAMP assessment methodologies, templates, and processes as the organization progresses toward 3PAO readiness
• Collaborate Across Internal Teams: Partner with delivery, sales, and leadership to scope engagements, support proposals, and refine service offerings

Skills

• 5+ years in cybersecurity, compliance, or risk assessment roles, with demonstrated experience supporting or leading structured security or compliance engagements
• At least 2–3 years working with NIST-based frameworks (e.g., NIST SP 800-53, RMF, FedRAMP, FISMA, or similar)
• Hands-on experience supporting FedRAMP or NIST SP 800-53-based initiatives, including readiness assessments, gap analyses, or documentation development (SSP, POA&M, or similar)
• Strong ability to interpret control intent and apply it to real-world cloud environment
• Experience guiding clients through compliance challenges, including defining remediation strategies, prioritizing gaps, and aligning technical implementations to regulatory expectations
• Familiarity with AWS, Azure, or GCP environments, including identity and access management, logging/monitoring, network architecture, and secure configuration practices
• Ability to understand system architecture diagrams and data flows
• Proven ability to lead discussions with technical and non-technical stakeholders, ask effective questions, and drive engagements forward
• CISSP, CISA, CISM, CCSP, or similar certifications
• Experience supporting FedRAMP ATO efforts or working with a 3PAO
• Experience with adjacent frameworks such as CMMC, FISMA, or DoD RMF

Benefits

• This is a 1099 independent contractor role.
• Travel: Minimal (Remote audit model; occasional onsite support if required)

Company Overview