Posted today
Secret
Mid Level Career (5+ yrs experience)
Unspecified
No Traveling
IT - Security
Newport, RI (On-Site/Office)
Senior IT Security & Compliance Engineer – CMMC/NIST SP 800-171
Location: Newport, RI
Employment Type: Full-time
Job Summary:
Seeking a highly skilled and technically proficient IT Security & Compliance Engineer to lead and support small defense contractors and vendors in achieving and maintaining CMMC certification and NIST SP 800-171 compliance. The ideal candidate will have hands-on experience developing, implementing, and managing cybersecurity policies, procedures, and technical controls across enterprise IT environments, including cloud and on-premises systems. This role requires both strategic compliance planning and operational execution to protect Controlled Unclassified Information (CUI) in accordance with federal requirements.
Key Responsibilities:
1. Compliance Program Development and Management
• Develop, maintain, and continuously improve organizational cybersecurity policies, standards, procedures, and processes aligned with CMMC and NIST SP 800-171.
• Create and maintain the System Security Plan (SSP), Plan of Actions and Milestones (POA&M), and supporting documentation for audits and assessments.
• Provide guidance to internal teams on regulatory requirements, compliance best practices, and risk management strategies.
• Assist leadership in compliance readiness assessments and gap analysis, translating findings into actionable remediation plans.
2. Technical Control Implementation and Administration
• Design, implement, and administer technical controls required for CMMC/NIST compliance, including access control, configuration management, audit logging, and incident response mechanisms.
• Build and manage secure environments for handling CUI, including Microsoft 0365 (M365) CUI enclaves and secure collaboration spaces.
• Configure and maintain endpoint security solutions, network security appliances, and identity management systems to enforce compliance requirements.
• Perform continuous monitoring, vulnerability management, and risk assessments to ensure ongoing adherence to standards.
3. Evidence Collection, Audit Support, and Reporting
• Collect, maintain, and organize evidence of control implementation and operation for internal and external audits.
• Serve as the primary technical resource during third-party audits or assessments, providing evidence and demonstrating compliance.
• Generate reports, dashboards, and executive summaries detailing compliance posture, risk areas, and remediation progress.
4. Training and Mentorship
• Provide guidance and training to IT and business teams on CMMC/NIST compliance requirements, security awareness, and process adherence.
• Mentor junior staff on cybersecurity best practices, control implementation, and policy compliance.
Qualifications:
Education & Experience:
• Bachelor’s degree in Cybersecurity, or related field
• Minimum 7–10 years of experience in IT security, with hands-on experience implementing CMMC, NIST SP 800-171, or other federal cybersecurity frameworks.
• Proven experience in developing SSPs, POA&Ms, security policies, and procedures.
• Strong experience with technical controls, including endpoint security, identity and access management, logging, network security, and cloud security.
• Experience implementing and administering Microsoft 0365 / M365 environments for CUI handling is highly preferred.
Skills & Competencies:
• In-depth knowledge of CMMC practices and NIST SP 800-171 requirements.
• Strong analytical skills with ability to assess risks and design mitigation strategies.
• Hands-on experience with compliance documentation, evidence collection, and audit readiness.
• Ability to communicate technical concepts clearly to both technical and non-technical stakeholders.
• Familiarity with cybersecurity tools, monitoring solutions, and cloud security architecture.
Certifications (Preferred):
• CMMC Practitioner (CMMC-AB) or equivalent
• CISSP, CISM, or other recognized cybersecurity certifications
• Microsoft 365 Security Administrator or equivalent
Key Competencies:
• Strong problem-solving and critical thinking skills
• Attention to detail and process-oriented mindset
• Ability to work independently and lead projects with minimal supervision
• Excellent interpersonal and collaboration skills
Location: Newport, RI
Employment Type: Full-time
Job Summary:
Seeking a highly skilled and technically proficient IT Security & Compliance Engineer to lead and support small defense contractors and vendors in achieving and maintaining CMMC certification and NIST SP 800-171 compliance. The ideal candidate will have hands-on experience developing, implementing, and managing cybersecurity policies, procedures, and technical controls across enterprise IT environments, including cloud and on-premises systems. This role requires both strategic compliance planning and operational execution to protect Controlled Unclassified Information (CUI) in accordance with federal requirements.
Key Responsibilities:
1. Compliance Program Development and Management
• Develop, maintain, and continuously improve organizational cybersecurity policies, standards, procedures, and processes aligned with CMMC and NIST SP 800-171.
• Create and maintain the System Security Plan (SSP), Plan of Actions and Milestones (POA&M), and supporting documentation for audits and assessments.
• Provide guidance to internal teams on regulatory requirements, compliance best practices, and risk management strategies.
• Assist leadership in compliance readiness assessments and gap analysis, translating findings into actionable remediation plans.
2. Technical Control Implementation and Administration
• Design, implement, and administer technical controls required for CMMC/NIST compliance, including access control, configuration management, audit logging, and incident response mechanisms.
• Build and manage secure environments for handling CUI, including Microsoft 0365 (M365) CUI enclaves and secure collaboration spaces.
• Configure and maintain endpoint security solutions, network security appliances, and identity management systems to enforce compliance requirements.
• Perform continuous monitoring, vulnerability management, and risk assessments to ensure ongoing adherence to standards.
3. Evidence Collection, Audit Support, and Reporting
• Collect, maintain, and organize evidence of control implementation and operation for internal and external audits.
• Serve as the primary technical resource during third-party audits or assessments, providing evidence and demonstrating compliance.
• Generate reports, dashboards, and executive summaries detailing compliance posture, risk areas, and remediation progress.
4. Training and Mentorship
• Provide guidance and training to IT and business teams on CMMC/NIST compliance requirements, security awareness, and process adherence.
• Mentor junior staff on cybersecurity best practices, control implementation, and policy compliance.
Qualifications:
Education & Experience:
• Bachelor’s degree in Cybersecurity, or related field
• Minimum 7–10 years of experience in IT security, with hands-on experience implementing CMMC, NIST SP 800-171, or other federal cybersecurity frameworks.
• Proven experience in developing SSPs, POA&Ms, security policies, and procedures.
• Strong experience with technical controls, including endpoint security, identity and access management, logging, network security, and cloud security.
• Experience implementing and administering Microsoft 0365 / M365 environments for CUI handling is highly preferred.
Skills & Competencies:
• In-depth knowledge of CMMC practices and NIST SP 800-171 requirements.
• Strong analytical skills with ability to assess risks and design mitigation strategies.
• Hands-on experience with compliance documentation, evidence collection, and audit readiness.
• Ability to communicate technical concepts clearly to both technical and non-technical stakeholders.
• Familiarity with cybersecurity tools, monitoring solutions, and cloud security architecture.
Certifications (Preferred):
• CMMC Practitioner (CMMC-AB) or equivalent
• CISSP, CISM, or other recognized cybersecurity certifications
• Microsoft 365 Security Administrator or equivalent
Key Competencies:
• Strong problem-solving and critical thinking skills
• Attention to detail and process-oriented mindset
• Ability to work independently and lead projects with minimal supervision
• Excellent interpersonal and collaboration skills
group id: 10126936
