Implement, configure, and maintain security controls in line with CMMC requirements (e.g., GPOs, M365 tenant hardening, Intune, Conditional Access, Defender for Endpoint, SIEM).
Collaborate with internal and external stakeholders to ensure ongoing compliance with CMMC standards.
Serve as the internal subject matter expert on CMMC-related technical questions and processes.
Design and deploy secure configurations for Microsoft 365, Azure, Azure Virtual Desktop, and the Microsoft Defender XDR suite.
Manage security baselines, conditional access policies, and monitoring/alerting configurations.
Coordinate with IT operations and security teams to remediate vulnerabilities and align with compliance objectives.
Utilize Active Directory, firewalls, and related security or network tools to ensure compliance and gather logs/artifacts as evidence.
Demonstrate the ability to log in, review configurations, and interpret outputs (e.g., system events, access logs, firewall logs) to support compliance documentation.
Work with cross-functional teams to update and maintain security configurations that align with CMMC requirements.
Gather, document, and maintain the artifacts necessary to demonstrate compliance (system configurations, implementation records, access control logs, and related evidence).
Collaborate with cross-functional teams (IT, Security, DevOps) to validate and record operational and security processes in compliance with CMMC.
Provide expert guidance and support during client-facing CMMC audits, which may include up to 25% travel.
Communicate technical aspects of CMMC controls and remediation strategies clearly to both technical and non-technical audiences.
Represent the organization’s CMMC posture to external auditors, clients, and partners.
Execute security or IT controls that must take place outside standard business hours (e.g., evenings or weekends) to minimize disruption to production environments.
Stay current on emerging threats, security trends, and CMMC updates; integrate these insights into ongoing compliance efforts.

Requirements

Proven experience (3–5+ years) in implementing and managing technical security controls in Microsoft-focused environments.
Hands-on experience with:
Microsoft 365 Administration & Security (tenant hardening, identity & access management, conditional access)
Azure & Azure Virtual Desktop (security configuration, monitoring, role-based access control)
Microsoft Defender XDR Suite (Defender for Endpoint, Defender for Office 365, etc.)
Group Policy Objects (GPOs) and Intune for device and application management
Active Directory (managing user/groups, reviewing logs, applying group policies)
Firewalls (configuring rules, reviewing logs, interpreting firewall outputs)
Demonstrated track record of working with CMMC controls or similar regulatory/compliance frameworks (e.g., NIST 800-171, DFARS).
Strong understanding of SIEM tools and security incident management workflows.
Excellent written and verbal communication skills, with the ability to present technical concepts to diverse audiences.
Proficiency in scripting or automating compliance evidence gathering (e.g., PowerShell) is a plus.
Strong organizational and project management skills, with an emphasis on attention to detail and follow-through.
Ability to work independently as well as collaboratively in a cross-functional team environment.
Willingness to work outside normal business hours when required.

Benefits

100% Remote work environment with occasional (25%) travel

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

Microsoft 365 AdministrationAzureAzure Virtual DesktopMicrosoft Defender XDR SuiteGroup Policy Objects (GPOs)IntuneActive DirectoryFirewallsPowerShellSIEM tools

Soft skills

written communicationverbal communicationorganizational skillsproject managementattention to detailcollaborationindependencepresentation skillsproblem-solvingadaptability