Lead FedRAMP Security Assessor



The Lead Security Assessor directs the FedRAMP consulting and assessment program. The Lead Security Assessor, as part of COACT’s Third Party Assessment Organization (3PAO) Inspection body, performs tasks during the various stages of assessment and security consulting projects to provide information assurance solutions to Cloud Service Providers and Agencies. This individual prepares assessment and authorization packages in accordance with FedRAMP. The Lead Security Assessor manages a team of assessors and works closely with system stakeholders to document system information, consult on architecture and security topics, and ensure that security controls are implemented appropriately and operating as intended. The Lead Security Assessor initiates tasks and completes them independently.


  • Assist, train, and review work performed by security assessors.
  • Coordinate with the customer regarding status of FedRAMP consulting and assessment projects.
  • Execute consulting and assessment activities in accordance with an established quality system.
  • Perform vulnerability scanning using government or commercial-off-the-shelf tools.
  • Develop deliverables associated with a FedRAMP security authorization package including, but not limited to: System Security Plan, Information System Contingency Plan, Security Assessment Plan, Security Assessment Report.
  • Gather and organize technical information about missions, goals, and requirements.
  • Perform project tasks involving the integration of tools or methodologies to resolve organizational and system security problems.
  • Direct FedRAMP security assessments and consulting services.
  • Provide IT security guidance to Information System Owners


  • Bachelor’s degree in Cyber Security, Computer Science, Information Systems Management, or related discipline.
  • Security focused industry certifications such as a CAP, CCSK, CISA, CISM, CISSP, CCSP, CRISC, CCISO, or Amazon Web Services (AWS)/Google Cloud Platform (GCP)/Microsoft Azure specific certifications
  • 7+ years of relevant industry experience in performing tasks associated with the Risk Management Framework (with at least 3 being in IT security audit, assessment, compliance, or risk management.
  • At least 5 years of experience with FISMA consulting and assessment projects.
  • Knowledgeable of cloud architectures and operations.
  • Experience using security tools, such as Nessus, WebInspect, AppDetective, and others.
  • Must be able to work both independently and in a team environment.
  • Strong written, verbal, and presentation communication skills.
  • Currently have, or able to obtain, a Public Trust Clearance.

Preferred Qualifications (Not all of these are mandatory but are considered a plus)

  • Experience performing FedRAMP assessments.
  • Experience engineering cloud systems.
  • Experience with cloud system administration (e.g., database, system, network).

About COACT, Inc.

COACT, Inc. is a leading Service-Disabled Veteran Owned Small Business and test laboratory that provides Global IT Security Services, Accredited Evaluations and Testing, and Evidence-Based Compliance Services for traditional, hybrid, and cloud-based systems serving governments and private industry. COACT is a leader in risk management and compliance. COACT is ISO 9001:2015 compliant and a Federal Risk and Authorization Management Program (FedRAMP) Accredited Third Party Assessment Organization (3PAO). COACT tiered service offerings range from focused efforts to address specific security objectives, to providing full information security programs for clients in commercial, healthcare, regulatory, defense, and intelligence domains.

An Equal Opportunity/Affirmative Action Employer

Work Location: Columbia, MD with some travel to Lanham, MD client site

To apply for this job email your details to info@coact.com