CMMC Security Engineer

Red Cup IT

full-time

Posted on: 9/13/2025

Origin: • 🇺🇸 United States • California

✨ AI Apply

Mid-LevelSenior

AzureCloudCyber Security

About the role

Design, implement, and monitor security controls aligned with CMMC requirements, including access controls, encryption, endpoint protection, and secure configurations.
Lead vulnerability assessments, scan remediation tracking, and continuous risk management across hybrid and cloud environments.
Support incident response, threat hunting, and forensic analysis for cybersecurity events.
Prepare for and facilitate CMMC assessments (self and third-party), maintain certification documentation (SSP, POA&M), and address audit findings.
Collaborate with compliance managers, legal/data protection officers, and operations teams to ensure continuous alignment with NIST SP 800-171/DFARS controls.
Oversee CMMC continuous monitoring programs and identify compliance gaps in workflows.
Provide security awareness training and promote a culture of cybersecurity vigilance across departments.
Ensure a secure and compliant enclave for CUI, mitigate cybersecurity risks, lead compliance projects, and prepare for third-party assessments and audits under CMMC 2.0.

Deep understanding of CMMC 2.0 framework, NIST SP 800-171, and DFARS requirements.
Experience conducting technical assessments, vulnerability management, and implementing FedRAMP Moderate or equivalent systems for CUI.
Strong documentation skills for policies, procedures, and audit support.
Ability to communicate technical findings to both technical and non-technical stakeholders.
Knowledge of cloud (e.g., Azure, Microsoft 365) and on-premise security technologies.
Bachelor's degree in Information Security, Computer Science, or a related field.
Professional certifications such as CISSP, CISM, GIAC, or CCA/CCP (CMMC-specific certifications preferred).
Experience supporting DoD compliance or federal contracts is highly valued.