The role involves leading information security assessments, communicating with stakeholders, and developing policies and controls for compliance with cybersecurity standards.
Consultant – Federal Services CCA (CMMC, FedRAMP, NIST)
at Tevora
Fairfax, VA or Irvine, CA
If you haven’t heard of Tevora, it’s because we’ve done our job!
Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.
About The Role
Tevora is looking for a passionate Information Security Consultant to join the Federal practice who has a solid balance between business acumen and technical expertise. Comfortable across all disciplines of information security, this consultant will be responsible for assessing compliance and risk on a wide variety of client projects for some of the world's largest organizations.
A day in the life could include:
- Lead information security risk and compliance assessments, audits, gap analyses, and remediation planning.
- Actively contributing to projects with a primary focus on CMMC, FedRAMP, StateRAMP, NIST 800-53, FISMA, and NIST 800-171.
- Communicating with and present to project stakeholders to effectively convey requirements of technical and process improvements.
- Assisting in the development of customized policies, procedures, controls, disaster recovery plans and technical documentation for applications, systems, and infrastructure.
- Develop internal processes to support the overall maturity of the Federal practice.
- Possess a working knowledge of IT security and various frameworks (i.e. CMMC, FedRAMP, NIST 800-30, 800-53, 800-60, 800-171, PCI DSS, NYS DFS 500).
Necessary skills and qualifications:
- 5 years of Cybersecurity experience
- 5 years of management experience
- 3 years of assessment or audit experience
- Knowledge of and hands-on experience with CMMC, FedRAMP, and NIST 800-53/NIST 800-171 audits and attestations.
- Deep familiarity with, or experience as a 3PAO to obtain FedRAMP Ready or FedRAMP Authorized status for platforms, systems, and applications.
- Deep familiarity with, or experience as a 3PAO to obtain FedRAMP Ready or FedRAMP Authorized status for platforms, systems, and applications.
- Deep familiarity with, or experience as a C3PAO to obtain CMMC Certification status.
- Knowledge of security architecture, infrastructure, network and systems design.
- Practical and working knowledge of common IT and security concepts including firewall management, server management, SIEM, IDS/IPS, web proxies, access control and authentication, with advanced knowledge in at least one of these areas.
- Experience in securing operating systems.
- Security policy frameworks and control design.
- Experience in managing policy exceptions, including working directly with the teams to document exceptions, identifying compensating controls and remediation action plans.
- Required: CCA
- At least one advanced cybersecurity certification such as: CISSP (preferred), CCA, CCP, PCI QSA, CISA, CISM, ISO 27001, CRISC).
- BCR completion
- Bachelor's Degree from an accredited 4-year university
- Minimum 4 years of experience in information security, information technology, enterprise risk or compliance field.
- US Citizen with Passport
- Valid driver's license
- No criminal record and no bankruptcies or other negative reports on credit reports.
We’ve got you covered!
- Comprehensive benefits offering
- Paid time off and holidays
- 401k with Company match
- Vibrant work culture
Additional requirements:
- A valid driver’s license is required.
- Eligibility to work in the United States.
EEOC Statement
Tevora is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, disability status, or other applicable legally protected characteristics.
Top Skills
Access Control
Authentication
Cmmc
Fedramp
Firewall Management
Ids/Ips
Nist 800-171
Nist 800-53
Server Management
SIEM
Web Proxies
Tevora Irvine, California, USA Office
Irvine, CA, United States
Similar Jobs
Healthtech • Software • Telehealth
The Security Analyst monitors security alerts, responds to incidents, manages compliance, conducts risk assessments, and implements security training.
Top Skills:
AWSHipaaHitrustPciSIEM
Healthtech • Software • Telehealth
The Security Engineer will enhance AWS security, perform application security assessments, manage incidents, ensure compliance, and evaluate third-party risks.
Top Skills:
AWSBurp SuiteCloudFormationGoJavaScriptMetasploitNmapOwasp ZapPythonTerraform
Artificial Intelligence • Cloud • Machine Learning • Mobile • Software • Virtual Reality • App development
As a Security Engineer, you will analyze spam-related anomalies, develop detection solutions, mentor junior engineers, and collaborate across teams.
Top Skills:
BigQueryGoJava
What you need to know about the Los Angeles Tech Scene
Los Angeles is a global leader in entertainment, so it’s no surprise that many of the biggest players in streaming, digital media and game development call the city home. But the city boasts plenty of non-entertainment innovation as well, with tech companies spanning verticals like AI, fintech, e-commerce and biotech. With major universities like Caltech, UCLA, USC and the nearby UC Irvine, the city has a steady supply of top-flight tech and engineering talent — not counting the graduates flocking to Los Angeles from across the world to enjoy its beaches, culture and year-round temperate climate.
Key Facts About Los Angeles Tech
- Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
- Key Industries: Artificial intelligence, adtech, media, software, game development
- Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
- Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering
