[Remote] FedRAMP Security Consultant
Note: The job is a remote job and is open to candidates in USA. RSI Security is a trusted leader in cybersecurity compliance and assessment services, supporting organizations across federal, commercial, and emerging regulatory frameworks. As a FedRAMP Security Consultant, you will support cloud service providers in preparing for FedRAMP authorization through readiness assessments, gap analysis, and development of required security documentation.ResponsibilitiesLead FedRAMP Readiness & Advisory Engagements: Work directly with cloud service providers to assess FedRAMP readiness, identify control gaps, and develop actionable remediation roadmaps aligned with NIST SP 800-53 and FedRAMP requirementsPerform Gap Assessments & Control Analysis: Evaluate current-state security programs against FedRAMP requirements, including technical, operational, and documentation controls, and clearly articulate gaps and risk implicationsDevelop Core FedRAMP Artifacts: Support and/or lead the development of key deliverables such as System Security Plans (SSP), POA&Ms, policies, and supporting documentation required for FedRAMP authorizationInterpret NIST Controls in Real Environments: Translate NIST SP 800-53 control requirements into practical implementations within cloud environments (AWS, Azure, GCP), including shared responsibility and inherited controlsAdvise on Architecture & Control Implementation: Provide guidance on security architecture, control design, and implementation strategies to align client environments with FedRAMP expectationsEngage with Client Stakeholders: Lead technical discussions and workshops with engineering, security, and compliance teams to validate implementations and drive progress toward authorization readinessSupport Future Assessment Capability: Contribute to RSI’s development of FedRAMP assessment methodologies, templates, and processes as the organization progresses toward 3PAO readinessCollaborate Across Internal Teams: Partner with delivery, sales, and leadership to scope engagements, support proposals, and refine service offeringsSkills5+ years in cybersecurity, compliance, or risk assessment roles, with demonstrated experience supporting or leading structured security or compliance engagementsAt least 2–3 years working with NIST-based frameworks (e.g., NIST SP 800-53, RMF, FedRAMP, FISMA, or similar)Hands-on experience supporting FedRAMP or NIST SP 800-53-based initiatives, including readiness assessments, gap analyses, or documentation development (SSP, POA&M, or similar)Strong ability to interpret control intent and apply it to real-world cloud environmentExperience guiding clients through compliance challenges, including defining remediation strategies, prioritizing gaps, and aligning technical implementations to regulatory expectationsFamiliarity with AWS, Azure, or GCP environments, including identity and access management, logging/monitoring, network architecture, and secure configuration practicesAbility to understand system architecture diagrams and data flowsProven ability to lead discussions with technical and non-technical stakeholders, ask effective questions, and drive engagements forwardCISSP, CISA, CISM, CCSP, or similar certificationsExperience supporting FedRAMP ATO efforts or working with a 3PAOExperience with adjacent frameworks such as CMMC, FISMA, or DoD RMFBenefitsThis is a 1099 independent contractor role.Travel: Minimal (Remote audit model; occasional onsite support if required)Company OverviewRSI Security is a cybersecurity and compliance firm helping organizations manage risk and meet regulatory requirements. It was founded in 2008, and is headquartered in Southlake, Texas, USA, with a workforce of 51-200 employees. Its website is https://www.rsisecurity.com/.