Job Requirements
Remote Washington, DC
Secret Polygraph not specified
Senior Level Career (10+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Senior CMMC SME Engineer
Work Type: Remote-first with occasional onsite customer engagements
Location: Washington, DC
Clearance: Clearable
Company Description
Big Impact Tech (BIT) is a Small Business providing IT and business management consulting to federal and commercial clients. We deliver mission-focused solutions in data, cloud, cybersecurity, and program management.
Position Overview
CyberVault Solutions is seeking a highly experienced Senior CMMC SME Engineer to independently lead advanced cybersecurity engineering, GCC High implementation, compliance modernization, Zero Trust transformation, and assessment readiness initiatives across regulated and defense-aligned environments. This role is designed for a mature technical leader capable of owning engineering and compliance engagements from architecture through operationalization. The ideal candidate possesses deep hands-on expertise across GCC High, Microsoft security technologies, CMMC readiness, RMF operationalization, Zero Trust architecture, compliance engineering, and operational governance.
This is not a paperwork-only compliance role. We are seeking engineering-first professionals capable of designing, implementing, operationalizing, and defending real-world cybersecurity environments capable of withstanding formal assessor scrutiny and supporting long-term operational maturity.
The ideal candidate will operate as a trusted advisor capable of independently leading customer conversations, recommending strategic improvements, driving cybersecurity maturity initiatives, and making sound engineering and compliance decisions with minimal oversight. CyberVault Solutions operates with an engineering-first mindset focused on real-world operational security, long-term sustainability, operational maturity, and measurable cybersecurity outcomes — not simply checklist-driven compliance exercises.
This position begins on a part-time, as-needed basis with strong long-term leadership and growth potential.
Responsibilities
Engineer, configure, and support Microsoft GCC High environments
Lead CMMC Level 1 and Level 2 readiness initiatives
Design and implement Zero Trust-aligned security architectures
Perform readiness assessments, gap analyses, and remediation planning
Develop and mature System Security Plans (SSPs)
Build and manage POA&Ms, evidence repositories, governance artifacts, and compliance documentation
Support implementation and operationalization of all 110 NIST SP 800-171 controls
Configure and optimize Microsoft security technologies and cloud security baselines
Implement identity, endpoint, data protection, and conditional access controls
Operationalize RMF governance and continuous monitoring practices
Support mock assessments, operational walkthroughs, and assessment preparation activities
Produce executive-quality technical documentation, engineering deliverables, governance procedures, operational runbooks, and customer-facing artifacts
Maintain high-quality written and verbal communication throughout customer engagements
Provide technical leadership during customer engagements and modernization initiatives
Conduct architecture reviews, troubleshooting, and modernization recommendations
Collaborate directly with executive leadership, engineers, assessors, and customer stakeholders
Assist with strategic cybersecurity roadmaps, governance maturity, and operational sustainability initiatives
Support occasional proposal development, technical scoping, and pre-sales strategy discussions when needed
Independently own technical engagements while maintaining strong communication and customer professionalism
Required Qualifications
10+ years of cybersecurity engineering, cloud security, compliance engineering, security architecture, or modernization experience
10+ years of Microsoft cloud engineering, Microsoft 365 security, Azure, GCC, or GCC High experience
Deep expertise in:
GCC High engineering
Microsoft 365 security
CMMC readiness
NIST SP 800-171
RMF operationalization
Zero Trust architecture
SSP and POA&M development
Governance and evidence management
Hands-on experience with:
Microsoft Defender Suite
Microsoft Defender XDR
Microsoft Purview
Intune
Entra ID / Azure AD
Conditional Access
Endpoint security and device compliance
Microsoft Sentinel
SIEM/SOAR environments
Secure enclave architecture
Experience with GRC platforms (any major platform)
Strong understanding of assessment readiness, evidence defensibility, and assessor validation expectations
Strong understanding that cybersecurity maturity extends beyond documentation and requires operational defensibility, technical implementation maturity, governance alignment, and sustainable processes
Experience supporting regulated, defense-aligned, or federal environments
Ability to bridge engineering implementation with governance, compliance, operational maturity, and business objectives
Ability to balance cybersecurity, operational realities, customer priorities, and business objectives
Comfortable presenting technical and compliance concepts to executive leadership, technical teams, and non-technical stakeholders
Ability to independently lead customer engagements, workshops, and technical decision-making activities
Ability to produce clear, defensible, executive-quality technical and compliance documentation
Comfortable operating within a client-services and billable-delivery environment where accountability, communication, execution quality, and customer satisfaction are critical
Comfortable operating within fast-moving consulting and modernization environments where adaptability, initiative, accountability, and ownership are highly valued
Preferred Certifications
Certified CMMC Professional (CCP) preferred
Certified CMMC Assessor (CCA) preferred
CISSP
CCSP
CASP+
CISM
Azure Security Engineer Associate
Microsoft Cybersecurity Architect
PMP certification preferred
Security+ or equivalent certifications considered a plus
Active or previous U.S. Government security clearance is a plus
Desired Traits & Leadership Attributes
We are looking for professionals who:
Operate like trusted technical advisors
Operate with an ownership mentality and proactively solve problems
Communicate clearly, early, and professionally
Think strategically while remaining execution-focused
Independently solve complex engineering and compliance challenges
Build scalable workflows, governance models, and operational processes
Are innovative, adaptable, and highly accountable
Maintain exceptional written communication and documentation quality
Operate effectively with minimal oversight
Maintain professionalism and confidence in customer-facing engagements
Are comfortable navigating ambiguity and evolving customer environments
Value operational excellence, long-term sustainability, and engineering quality over checkbox compliance
Are capable of independently driving initiatives, managing priorities, and maintaining momentum across customer engagements with minimal operational oversight
Individuals in this role will often serve as a direct extension of CyberVault Solutions within customer environments and must maintain exceptional professionalism, communication, integrity, accountability, and technical credibility.
Work Structure
Part-time / engagement-based
Hours determined by active customer delivery requirements
Remote-first with occasional onsite customer engagements, workshops, assessments, or strategic planning sessions as required
Flexible engagement structure aligned to customer needs
Compensation structure discussed during onboarding and aligned to experience, certifications, engagement scope, and customer requirements
High-performing individuals may have opportunities to grow into long-term engineering leadership, practice leadership, or strategic advisory roles as CyberVault Solutions continues expanding its GCC High, CMMC, RMF, and Zero Trust capabilities
Work Type: Remote-first with occasional onsite customer engagements
Location: Washington, DC
Clearance: Clearable
Company Description
Big Impact Tech (BIT) is a Small Business providing IT and business management consulting to federal and commercial clients. We deliver mission-focused solutions in data, cloud, cybersecurity, and program management.
Position Overview
CyberVault Solutions is seeking a highly experienced Senior CMMC SME Engineer to independently lead advanced cybersecurity engineering, GCC High implementation, compliance modernization, Zero Trust transformation, and assessment readiness initiatives across regulated and defense-aligned environments. This role is designed for a mature technical leader capable of owning engineering and compliance engagements from architecture through operationalization. The ideal candidate possesses deep hands-on expertise across GCC High, Microsoft security technologies, CMMC readiness, RMF operationalization, Zero Trust architecture, compliance engineering, and operational governance.
This is not a paperwork-only compliance role. We are seeking engineering-first professionals capable of designing, implementing, operationalizing, and defending real-world cybersecurity environments capable of withstanding formal assessor scrutiny and supporting long-term operational maturity.
The ideal candidate will operate as a trusted advisor capable of independently leading customer conversations, recommending strategic improvements, driving cybersecurity maturity initiatives, and making sound engineering and compliance decisions with minimal oversight. CyberVault Solutions operates with an engineering-first mindset focused on real-world operational security, long-term sustainability, operational maturity, and measurable cybersecurity outcomes — not simply checklist-driven compliance exercises.
This position begins on a part-time, as-needed basis with strong long-term leadership and growth potential.
Responsibilities
Engineer, configure, and support Microsoft GCC High environments
Lead CMMC Level 1 and Level 2 readiness initiatives
Design and implement Zero Trust-aligned security architectures
Perform readiness assessments, gap analyses, and remediation planning
Develop and mature System Security Plans (SSPs)
Build and manage POA&Ms, evidence repositories, governance artifacts, and compliance documentation
Support implementation and operationalization of all 110 NIST SP 800-171 controls
Configure and optimize Microsoft security technologies and cloud security baselines
Implement identity, endpoint, data protection, and conditional access controls
Operationalize RMF governance and continuous monitoring practices
Support mock assessments, operational walkthroughs, and assessment preparation activities
Produce executive-quality technical documentation, engineering deliverables, governance procedures, operational runbooks, and customer-facing artifacts
Maintain high-quality written and verbal communication throughout customer engagements
Provide technical leadership during customer engagements and modernization initiatives
Conduct architecture reviews, troubleshooting, and modernization recommendations
Collaborate directly with executive leadership, engineers, assessors, and customer stakeholders
Assist with strategic cybersecurity roadmaps, governance maturity, and operational sustainability initiatives
Support occasional proposal development, technical scoping, and pre-sales strategy discussions when needed
Independently own technical engagements while maintaining strong communication and customer professionalism
Required Qualifications
10+ years of cybersecurity engineering, cloud security, compliance engineering, security architecture, or modernization experience
10+ years of Microsoft cloud engineering, Microsoft 365 security, Azure, GCC, or GCC High experience
Deep expertise in:
GCC High engineering
Microsoft 365 security
CMMC readiness
NIST SP 800-171
RMF operationalization
Zero Trust architecture
SSP and POA&M development
Governance and evidence management
Hands-on experience with:
Microsoft Defender Suite
Microsoft Defender XDR
Microsoft Purview
Intune
Entra ID / Azure AD
Conditional Access
Endpoint security and device compliance
Microsoft Sentinel
SIEM/SOAR environments
Secure enclave architecture
Experience with GRC platforms (any major platform)
Strong understanding of assessment readiness, evidence defensibility, and assessor validation expectations
Strong understanding that cybersecurity maturity extends beyond documentation and requires operational defensibility, technical implementation maturity, governance alignment, and sustainable processes
Experience supporting regulated, defense-aligned, or federal environments
Ability to bridge engineering implementation with governance, compliance, operational maturity, and business objectives
Ability to balance cybersecurity, operational realities, customer priorities, and business objectives
Comfortable presenting technical and compliance concepts to executive leadership, technical teams, and non-technical stakeholders
Ability to independently lead customer engagements, workshops, and technical decision-making activities
Ability to produce clear, defensible, executive-quality technical and compliance documentation
Comfortable operating within a client-services and billable-delivery environment where accountability, communication, execution quality, and customer satisfaction are critical
Comfortable operating within fast-moving consulting and modernization environments where adaptability, initiative, accountability, and ownership are highly valued
Preferred Certifications
Certified CMMC Professional (CCP) preferred
Certified CMMC Assessor (CCA) preferred
CISSP
CCSP
CASP+
CISM
Azure Security Engineer Associate
Microsoft Cybersecurity Architect
PMP certification preferred
Security+ or equivalent certifications considered a plus
Active or previous U.S. Government security clearance is a plus
Desired Traits & Leadership Attributes
We are looking for professionals who:
Operate like trusted technical advisors
Operate with an ownership mentality and proactively solve problems
Communicate clearly, early, and professionally
Think strategically while remaining execution-focused
Independently solve complex engineering and compliance challenges
Build scalable workflows, governance models, and operational processes
Are innovative, adaptable, and highly accountable
Maintain exceptional written communication and documentation quality
Operate effectively with minimal oversight
Maintain professionalism and confidence in customer-facing engagements
Are comfortable navigating ambiguity and evolving customer environments
Value operational excellence, long-term sustainability, and engineering quality over checkbox compliance
Are capable of independently driving initiatives, managing priorities, and maintaining momentum across customer engagements with minimal operational oversight
Individuals in this role will often serve as a direct extension of CyberVault Solutions within customer environments and must maintain exceptional professionalism, communication, integrity, accountability, and technical credibility.
Work Structure
Part-time / engagement-based
Hours determined by active customer delivery requirements
Remote-first with occasional onsite customer engagements, workshops, assessments, or strategic planning sessions as required
Flexible engagement structure aligned to customer needs
Compensation structure discussed during onboarding and aligned to experience, certifications, engagement scope, and customer requirements
High-performing individuals may have opportunities to grow into long-term engineering leadership, practice leadership, or strategic advisory roles as CyberVault Solutions continues expanding its GCC High, CMMC, RMF, and Zero Trust capabilities
group id: 91164055