Posted today
Secret
$145,000 - $175,000
Unspecified
IT - Security
Remote/Hybrid• (Off-Site/Hybrid)
ABOUT NOOKS
Are you seeking an exciting and unique opportunity to grow and support our national security? As a startup, we are offering a limited-time opportunity to be an equity owner in a pioneering new industry. Nooks is pioneering Classified Infrastructure-as-a-Service (CIaaS) to provide government and industry partners with the fastest, most efficient access to classified infrastructure. We are building a nationwide network of accredited classified spaces and systems, ensuring that the best technologies equip our nation's warfighters. At Nooks, we value innovation, collaboration, and a service-first mindset.
ABOUT THE ROLE:
The Cybersecurity Engineer is a pivotal role dedicated to securing Nooks' unclassified networks and ensuring strict adherence to NIST SP 800-171 standards. While our classified infrastructure is vital, protecting our Controlled Unclassified Information (CUI) is equally critical to our mission and partner trust.
This position requires a "player-coach" mindset-someone who can manage the compliance program but also has the technical ability to conduct deep-dive self-assessments and internal audits. You will own the security posture of our unclassified environment, specifically within our Google Workspace architecture. This role is ideal for a technical compliance professional who understands how to translate NIST controls into practical configurations within a modern, cloud-native collaborative environment.
KEY RESPONSIBILITIES:
vendors integrated into the unclassified environment to ensure no breakage in the chain of trust.
REQUIRED QUALIFICATIONS:
PREFERRED QUALIFICATIONS:
COMPENSATION:
LOCATION:
TRAVEL:
ELIGIBILITY:
● You must be a US Citizen.
Salary Range for all departments
Salary Range
$145,000 - $175,000 USD
Create a Job Alert
Interested in building your career at Nooks? Get future opportunities sent straight to your email.
Create alert
Are you seeking an exciting and unique opportunity to grow and support our national security? As a startup, we are offering a limited-time opportunity to be an equity owner in a pioneering new industry. Nooks is pioneering Classified Infrastructure-as-a-Service (CIaaS) to provide government and industry partners with the fastest, most efficient access to classified infrastructure. We are building a nationwide network of accredited classified spaces and systems, ensuring that the best technologies equip our nation's warfighters. At Nooks, we value innovation, collaboration, and a service-first mindset.
ABOUT THE ROLE:
The Cybersecurity Engineer is a pivotal role dedicated to securing Nooks' unclassified networks and ensuring strict adherence to NIST SP 800-171 standards. While our classified infrastructure is vital, protecting our Controlled Unclassified Information (CUI) is equally critical to our mission and partner trust.
This position requires a "player-coach" mindset-someone who can manage the compliance program but also has the technical ability to conduct deep-dive self-assessments and internal audits. You will own the security posture of our unclassified environment, specifically within our Google Workspace architecture. This role is ideal for a technical compliance professional who understands how to translate NIST controls into practical configurations within a modern, cloud-native collaborative environment.
KEY RESPONSIBILITIES:
- NIST 800-171 Governance: Serve as the primary owner for the unclassified environment's compliance posture. Manage and maintain the System Security Plan (SSP) to ensure accurate reflection of implemented controls against NIST SP 800-171 and CMMC Level 2 requirements.
- Self-Assessments & Auditing: Independently plan and execute comprehensive self-assessments of the unclassified network. Act as an internal auditor to validate control effectiveness, generate SPRS scores, and identify gaps prior to third-party assessments.
- Google Workspace Security: Architect and monitor security configurations within the network. Ensure Data Loss Prevention (DLP), access controls, and mobile device management (MDM) settings meet CUI protection requirements.
- Remediation Management: Track findings and vulnerabilities; develop and manage Plans of Action & Milestones (POA&Ms) to drive timely remediation of security gaps. ● Audit Readiness: Lead the preparation for C3PAO assessments. Compile evidence artifacts, interview technical staff, and ensure the environment is "audit-ready" at all times.
- Vendor & Supply Chain: Evaluate the compliance posture of third-party tools and
vendors integrated into the unclassified environment to ensure no breakage in the chain of trust.
- Software Vetting & Compliance: Serve as the primary cybersecurity point of contact for evaluating new enterprise software introductions. Assess compliance requirements and ensure all tools meet network-specific security standards and organizational policies.
REQUIRED QUALIFICATIONS:
- Citizenship: You must be a US Citizen (Compliance requirement for accessing CUI/ITAR data).
- Experience: A minimum of 5-8 years of experience in Cybersecurity, with at least 3 years focused specifically on NIST SP 800-171 compliance and implementation. ● Google Workspace Expertise: Demonstrated experience configuring and securing Google Workspace (formerly G-Suite) in a regulated environment. You must understand how to apply compliance controls to Drive, Gmail, and endpoint management. ● Assessment Skills: Proven ability to conduct technical self-assessments. You must be comfortable acting as an auditor, testing controls, and gathering evidence without supervision.
- Framework Knowledge: Deep understanding of DFARS 252.204-7012/7019/7020, NIST SP 800-171, and CMMC Level 2 assessment guides.
- Certifications: Active DoD 8570/8140 IAM Level II or III certification (e.g., CISSP, CISM, CASP+, or CAP).
- Communication: Strong ability to explain technical requirements to non-technical leadership and document controls clearly for external auditors.
- CMMC Ecosystem: Status as a CMMC Certified Professional (CCP) or Registered Practitioner (RP).
- Google Certifications: Google Professional Cloud Security Engineer or Professional Google Workspace Administrator.
PREFERRED QUALIFICATIONS:
- Clearance: While this role focuses on the unclassified environment, an active Secret or Top Secret clearance is a plus.
- Audit Experience: Experience functioning as a formal security control assessor (SCA) or QSA.
COMPENSATION:
- base salary (Per Level)
- Yearly Bonus Structure + Equity Ownership in company
- Medical, Dental and Vision benefits
- 401k Employer Contribution Plan
- Flexible PTO Policy
LOCATION:
- Remote (Must reside in the US)
TRAVEL:
- This role requires approximately 10-20% travel for on-site assessments or team strategy meetings.
ELIGIBILITY:
● You must be a US Citizen.
Salary Range for all departments
Salary Range
$145,000 - $175,000 USD
Create a Job Alert
Interested in building your career at Nooks? Get future opportunities sent straight to your email.
Create alert
group id: 91140450
