CMMC Security Engineer

We are looking for a CMMC Security Engineer is responsible for implementing, maintaining, and leading cybersecurity efforts to ensure compliance with the Cybersecurity Maturity Model Certification (CMMC) standards, focusing on protecting Controlled Unclassified Information (CUI) for organizations in the Defense Industrial Base (DIB).

• Design, implement, and monitor security controls aligned with CMMC requirements, including access controls, encryption, endpoint protection, and secure configurations.
• Lead vulnerability assessments, scan remediation tracking, and continuous risk management across hybrid and cloud environments.
• Support incident response, threat hunting, and forensic analysis for cybersecurity events.
• Prepare for and facilitate CMMC assessments (self and third-party), maintain certification documentation (SSP, POA&M), and address audit findings.
• Collaborate with compliance managers, legal/data protection officers, and operations teams to ensure continuous alignment with NIST SP 800-171/DFARS controls.
• Oversee CMMC continuous monitoring programs and identify compliance gaps in workflows.
• Provide security awareness training and promote a culture of cybersecurity vigilance across departments.

• Deep understanding of CMMC 2.0 framework, NIST SP 800-171, and DFARS requirements.
• Experience conducting technical assessments, vulnerability management, and implementing FedRAMP Moderate or equivalent systems for CUI.
• Strong documentation skills for policies, procedures, and audit support.
• Ability to communicate technical findings to both technical and non-technical stakeholders.
• Knowledge of cloud (e.g., Azure, Microsoft 365) and on-premise security technologies.

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, GIAC, or CCA/CCP (CMMC-specific certifications preferred).
• Experience supporting DoD compliance or federal contracts is highly valued.

The role ensures a secure and compliant enclave for CUI, mitigates cybersecurity risks, leads compliance projects, and prepares for third-party assessments and audits under the evolving CMMC 2.0 regulations.