Coalfire

• Design, build, and continuously improve a curriculum of AI training programs spanning foundational literacy, role-specific fluency, and advanced practitioner development • Partner with functional leads across the business to understand skill gaps and tailor learning pathways to specific roles (advisory, delivery, operations, etc.) • Develop and manage self-paced resources, workshops, certifications, and onboarding materials that scale across a distributed workforce • Track learning outcomes and adoption metrics, using data to continuously sharpen what's working • Build and run Coalfire's internal AI community — creating spaces (channels, forums, events, office hours) where employees can share what they're building, ask questions, and learn from each other • Identify and cultivate internal AI champions and power users across the organization • Facilitate knowledge-sharing and peer learning so best practices spread organically, not just top-down • Be the voice that keeps AI top-of-mind internally — translating complex or abstract AI developments into relatable, relevant narratives for a general employee audience • Develop and distribute internal communications (newsletters, announcements, spotlights) that highlight real AI wins, use cases, and learnings from across the company • Represent the AI & Data team at all-hands meetings, internal events, and cross-functional forums • Serve as a thought partner to the Chief AI & Data Officer on the human dimensions of our AI strategy — readiness, culture, change management • Collaborate with HR and People teams on integrating AI competencies into talent development frameworks, performance expectations, and hiring • Stay current on enterprise AI trends, tools, and adult learning best practices, bringing relevant insights back to the team

• Deliver on the most technically complex application, network, and adversary services engagements. • Architect and build AI-powered platforms — including agentic systems — that automate reconnaissance, attack path discovery, exploitation, and reporting across the offensive lifecycle. • Maintain a relentless focus on outputs that move the P&L: tooling that compounds across engagements and improves over time. • Act as a hands-on senior leader in secure software development, model integration, and the engineering discipline required to build durable internal platforms. • Act as a trusted advisor to our clients’ senior leadership on security matters, providing insights and recommendations to inform strategic decision-making. • Collaborate with our sales and marketing teams to drive opportunity identification and rapidly grow the practice.

• Conduct human threat engagements including social engineering, phishing, vishing, physical assessments, and human risk evaluations. • Prepare, review, and approve Human Threat reports to meet quality requirements. • Manage priorities and tasks to achieve delivery utilization targets. • Advise clients on all testing and assessment activities in a timely and professional manner. • Ensure client deliverables and services are delivered on time. • Continuous professional development in maintaining industry specific certifications and staying current on emerging human threat tactics and trends. • Establish and maintain positive collaborative relationships with clients and stakeholders. • Identify up-sell and cross-sell opportunities and escalate to sales. • Collaborate with project managers, quality management, sales, and other delivery team members to drive customer satisfaction and meet project deliverables. • Mentor junior consultants in social engineering tradecraft, client communications, reporting, and engagement execution. • Contribute to the development and refinement of Human Threat methodologies, tooling, playbooks, and service offerings. • Contribute to thought leadership through research, blogs, whitepapers, webinars, and conference presentations on human threat, and related security topics. • Support the development of the Human Threat practice through original research, service innovation, and externally facing industry content. • Represent the Coalfire at industry events, client briefings, and conferences as a subject matter expert. • Contribute to other offensive security engagements, as needed, based on business demand, skillset alignment, and delivery priorities when not assigned to Human Threat assessments. • Perform other responsibilities as needed in support of client delivery, practice development, and team success.

• Provides advice to customers on issues affecting the scope of work in a manner that provides additional value • Leads audits/assessments including audit plan preparation, review of documentation and evidence, evaluation of procedures, and client interviews. • Maintains strong depth of knowledge in one or more cybersecurity frameworks. • Prepare, review and approve assessment reports. • Manage priorities, tasks and hours on projects in conjunction with the project manager to achieve delivery utilization targets. • Ensures quality products and services are delivered on time. • Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue • Provide mentorship to team members in areas of audit, assessment, technical review and writing. • Interfaces with clients through entire engagement, interacting with all levels of client organizations • Establish and maintain positive collaborative relationships with clients and stakeholders • Continuous professional development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area. • Collaborates with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables. • Establishes account relationships and identifies upsell and cross sell opportunities and escalates to sales. • Draft audit programs that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment • Leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements • Assess security vulnerabilities against the appropriate security frameworks • Pursues and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured • Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification • Educate and interpret compliance activities for clients • Understands how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable

• Lead IT system security consultation within cloud-based and on-premises environments in accordance with CMMC, NIST SP 800-171, NIST SP 800-53, 800-37, DFARS, OMB, and other authoritative IT security guidance • Independently leads advisory consulting projects. With oversight from a delivery owner (senior manager, and/or director), is able to perform leadership tasks on all advisory projects such as gap analyses, workshops, and other consulting engagements. • Lead the development of System Security Plans and other documentation in accordance with CMMC and DFARS/NIST requirements • Prepare, review and/or update, and maintain IT Security supporting artifacts • Provide IT security guidance to Information System Owners, clients, and project team members • Identify information security problems and challenges, researching and developing technical solutions to rectify them • Prepare, review and edit advisory reports. • Manage priorities, tasks and hours on projects in conjunction with the project manager to achieve delivery utilization targets. • Ensures quality products and services are delivered on time. • Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue. • Provide mentorship to team members in areas of audit preparation, assessment, technical review and writing. • Interfaces with clients through entire engagement, interacting with all levels of client organizations. • Establish and maintain positive collaborative relationships with clients and stakeholders • Continuous professional development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area.

• Provides advice to customers on issues affecting the scope of work in a manner that provides additional value • Develop documentation and author recommendations associate with your findings on how to improve the customer’s security posture in accordance with appropriate controls • Leads audits/assessments including audit plan preparation, review of documentation and evidence, evaluation of procedures, and client interviews. • Maintains strong depth of knowledge in one or more cybersecurity frameworks. • Prepare, review and approve assessment reports. • Manage priorities, tasks and hours on projects in conjunction with the project manager to achieve delivery utilization targets. • Ensures quality products and services are delivered on time. • Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue • Provide mentorship to team members in areas of audit, assessment, technical review and writing. • Interfaces with clients through entire engagement, interacting with all levels of client organizations • Establish and maintain positive collaborative relationships with clients and stakeholders • Continuous professional development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area. • Collaborates with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables. • Establishes account relationships and identifies upsell and cross sell opportunities and escalates to sales. • Draft audit programs that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment • Leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements • Assess security vulnerabilities against the appropriate security frameworks • Pursues and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured • Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification • Educate and interpret compliance activities for clients • Understands how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable

• Assess the security and compliance of client firms against regulatory and industry requirements • Conduct audits/assessments including audit plan preparation, review of documentation and evidence, evaluation of procedures, and client interviews • Prepare and review assessment reports • Educate and interpret compliance activities for clients • Manage priorities and tasks to achieve delivery utilization targets • Ensure quality products and services are delivered on time • Collaborate with project managers, quality management and/or other delivery team members to drive customer satisfaction

• Leads audits and assessments including audit planning, evidence review, controls evaluation, and client interviews. • Prepare relevant frameworks assessment reports and attestations. • Manage priorities, tasks and hours on projects in coordination with project managers to meet delivery utilization targets. • Ensure all deliverables meet Coalfire quality standards and timelines. • Proactively escalate client or project risks to management.Interface with clients throughout the engagement, including executive and technical stakeholders • Build and maintain strong, collaborative client relationships • Maintain industry certifications and deepen subject matter expertise through continuous professional development. • Travel up to 30% as required

• Provides advice to customers on issues affecting the scope of work in a manner that provides additional value • Develop documentation and author recommendations associate with your findings on how to improve the customer’s security posture in accordance with appropriate controls • Leads audits/assessments including audit plan preparation, review of documentation and evidence, evaluation of procedures, and client interviews • Maintains strong depth of knowledge in one or more cybersecurity frameworks • Prepare, review and approve assessment reports • Manage priorities, tasks and hours on projects in conjunction with the project manager to achieve delivery utilization targets • Ensures quality products and services are delivered on time • Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue • Provide mentorship to team members in areas of audit, assessment, technical review and writing • Interfaces with clients through entire engagement, interacting with all levels of client organizations • Establish and maintain positive collaborative relationships with clients and stakeholders • Continuous professional development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area • Collaborates with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables • Establishes account relationships and identifies upsell and cross sell opportunities and escalates to sales • Draft audit programs that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment • Leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements • Assess security vulnerabilities against the appropriate security frameworks • Pursues and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured • Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification • Educate and interpret compliance activities for clients • Understands how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable • Travel 20%

• Work collaboratively with a team of assessors as a federal compliance specialist (e.g. FedRAMP, NIST 800-171, FISMA, etc.) and assist with the planning of assessment for clients • Draft audit observations that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment • Autonomously lead interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements • Assess security vulnerabilities against the appropriate security frameworks • First-level reviewer of drafted audit planning and reporting materials • Pursue and corroborate conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured • Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification • Assess client provided documentation for compliance with a variety of standards • Prepare and review assessment reports. • Educate and interpret compliance activities for clients • Manage priorities and tasks to achieve delivery utilization targets • Ensure quality products and services are delivered on time per Coalfire quality standards. • Continuous professional development; maintain industry specific certifications, depth of knowledge, credentials, and designations • Collaborate with project managers, quality management and/or other delivery team members to drive customer satisfaction and meet project deliverables. • Establish and maintain positive collaborative relationships with clients and stakeholders • Identify upsell and cross sell opportunities; escalates to appropriate leadership • Execute, examine, interview and test procedures in accordance with the appropriate control • Ensure cyber security policies are adhered to and that required controls are implemented • Review and assess respective information system security plans to ensure control requirements are met • Understand how to apply quality standards and adhere to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable • Provide advice to customers on issues affecting the scope of work in a manner that provides additional value • Develop documentation and author recommendations associated with findings on how to improve the customer’s security posture in accordance with appropriate controls