Workstreet

GRC Engineer – CMMC, FedRAMP

Workstreet

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSAzureCloud

About the role

  • Interpret and Apply FedRAMP Requirements: Analyze and apply NIST SP 800-53 controls, FedRAMP baselines, and agency-specific requirements to ensure client compliance.
  • Develop and Maintain FedRAMP Documentation: Develop and maintain System Security Plans (SSPs), control implementation narratives, POA&Ms, SAPs, SARs, and continuous monitoring artifacts.
  • Conduct FedRAMP Readiness Assessments: Perform gap analyses and readiness reviews to prepare organizations for JAB or Agency ATO pathways.
  • Support Authorization and Assessment Activities: Coordinate with Third-Party Assessment Organizations (3PAOs), cloud service providers, and government stakeholders throughout the FedRAMP lifecycle.
  • Boundary Definition & Scoping: Perform CMMC/FedRAMP authorization boundary definition and system scoping activities.
  • Support Continuous Monitoring Programs: Conduct monthly, quarterly, and annual FedRAMP continuous monitoring requirements.
  • Support FedRAMP Engagements: Assist on multiple concurrent client projects.
  • Support CMMC and NIST 800-171 Compliance Efforts: Assist defense contractors with interpreting CMMC 2.0 and NIST SP 800-171 controls and implementing compliant security programs.
  • Develop CMMC Documentation: Contribute to SSPs, POA&Ms, and supporting artifacts required for CMMC Level 1 and Level 2 readiness.

Requirements

  • Strong organizational and project management skills with the ability to manage multiple engagements concurrently
  • 2+ years of experience in GRC, with exposure to FedRAMP, NIST SP 800-53, and federal compliance programs
  • Working knowledge of CMMC 2.0 and NIST SP 800-171 requirements
  • Experience authoring and reviewing SSPs, POA&Ms, and assessment artifacts
  • Familiarity with federal cloud environments (AWS GovCloud, Azure Government, GCC High)
  • Experience working with SaaS providers, federal contractors, or regulated technology organizations
  • Ability to thrive in a fast-paced, consulting, or startup environment.
Benefits
  • Reliable high-speed internet connection.
  • Quiet, professional home office setup.
  • Must be amenable to work US Eastern Time zone hours.
  • Fluency in written and verbal English communication skills.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
NIST SP 800-53FedRAMPCMMC 2.0NIST SP 800-171System Security Plans (SSPs)Plan of Action and Milestones (POA&Ms)Continuous MonitoringGap AnalysisReadiness ReviewsAuthorization Boundary Definition
Soft Skills
organizational skillsproject management skillsability to manage multiple engagementsability to thrive in fast-paced environments