Own CMMC L2 certification and FedRAMP High authorization efforts end-to-end, including gap analysis, remediation tracking, evidence collection, and assessment coordination
Maintain compliance with DFARS cybersecurity clauses (7012, 7019, 7020), ITAR, EAR and other federal requirements; manage SPRS score and supplier requirements
Develop and maintain System Security Plans, POA&Ms, policies, procedures, and supporting artifacts across all compliance frameworks
Serve as primary point of contact for C3PAO/3PAO assessors, government customers, prime contractors, and agency authorizing officials
Manage continuous monitoring activities including vulnerability scanning, access reviews, evidence collection, and monthly/annual reporting
Monitor regulatory changes across CMMC, FedRAMP, NIST 800-171/800-53, DFARS, and ITAR; assess impact and drive necessary updates
Implement security controls hands-on, including identity and access management, logging, encryption, and endpoint security
Harden cloud infrastructure in GCP, AWS, implementing security configurations and access controls aligned with compliance requirements
Build automation and tooling for evidence collection and compliance reporting; integrate security into CI/CD pipelines
Define, document, and enforce CUI boundaries and enclave architecture
Translate compliance requirements into actionable technical guidance for engineering teams
Support customer security assessments, due diligence requests, and contract security requirements

Requirements

7+ years of experience in security roles with demonstrated compliance and technical responsibilities
Deep knowledge of federal compliance frameworks: NIST 800-171, NIST 800-53 Rev 5, CMMC 2.0, FedRAMP, and ITAR compliance and cybersecurity requirements
Experience preparing for and supporting third-party assessments (C3PAO, 3PAO, FedRAMP JAB/Agency, or equivalent)
Hands-on technical skills: ability to write scripts, Terraform, and troubleshoot access issues
Cloud security experience securing cloud environments (GCP preferred; AWS GovCloud)
Experience with enterprise IAM platforms (Okta, Azure AD, or similar)
Excellent documentation skills with ability to write policies that satisfy auditors and implementation guides that engineers can use
Combined experience in both compliance/GRC and hands-on technical security implementation
Ability to interpret NIST 800-53 controls and implement them in cloud environments
Working knowledge of CMMC, FedRAMP, and DFARS frameworks, including overlapping control requirements
Demonstrated ability to operate effectively in fast-paced environments with competing priorities

Benefits

Competitive salary
Comprehensive benefits (401(k), dental, vision, health, life insurance)
Paid time off
Equity options
Flexible working arrangements including hybrid remote/in-office schedules
Opportunities for professional development and advancement

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

CMMC L2 certificationFedRAMP High authorizationgap analysisremediation trackingevidence collectionvulnerability scanningidentity and access managementTerraformcloud securityNIST 800-171

Soft skills

excellent documentation skillsability to interpret compliance requirementsability to operate effectively in fast-paced environmentscommunication with government customerscoordination with assessorstechnical guidance for engineering teamsmanaging competing priorities

Certifications

CMMC L2 certificationFedRAMP certification