We are seeking a
Compliance Engineer who will be responsible for implementing and maintaining the technical security controls required under the Cybersecurity Maturity Model Certification (CMMC). This individual will work in close partnership with our dedicated compliance team to ensure that our organization and our clients adhere to all relevant standards, frameworks, and best practices.
As the CMMC Compliance-Focused Engineer, you will be both a strategic partner and a hands-on contributor-collecting evidence of compliant work, configuring IT/security systems, and guiding internal teams on best practices. You will also interface directly with our clients, supporting formal CMMC audits and providing expert input on technical compliance measures.
Key ResponsibilitiesCMMC Implementation & Maintenance - Implement, configure, and maintain security controls in line with CMMC requirements (e.g., GPOs, M365 tenant hardening, Intune, Conditional Access, Defender for Endpoint, SIEM).
- Collaborate with internal and external stakeholders to ensure ongoing compliance with CMMC standards.
- Serve as the internal subject matter expert on CMMC-related technical questions and processes.
Technical Configuration & Operations - Design and deploy secure configurations for Microsoft 365, Azure, Azure Virtual Desktop, and the Microsoft Defender XDR suite.
- Manage security baselines, conditional access policies, and monitoring/alerting configurations.
- Coordinate with IT operations and security teams to remediate vulnerabilities and align with compliance objectives.
Hands-On Infrastructure & Security Tools - Utilize Active Directory, firewalls, and related security or network tools to ensure compliance and gather logs/artifacts as evidence.
- Demonstrate the ability to log in, review configurations, and interpret outputs (e.g., system events, access logs, firewall logs) to support compliance documentation.
- Work with cross-functional teams to update and maintain security configurations that align with CMMC requirements.
Compliance Evidence & Artifact Collection - Gather, document, and maintain the artifacts necessary to demonstrate compliance (system configurations, implementation records, access control logs, and related evidence).
- Collaborate with cross-functional teams (IT, Security, DevOps) to validate and record operational and security processes in compliance with CMMC.
Audit Support & Client Engagement - Provide expert guidance and support during client-facing CMMC audits, which may include up to 25% travel.
- Communicate technical aspects of CMMC controls and remediation strategies clearly to both technical and non-technical audiences.
- Represent the organization's CMMC posture to external auditors, clients, and partners.
Flexible Schedule & After-Hours Work - Execute security or IT controls that must take place outside standard business hours (e.g., evenings or weekends) to minimize disruption to production environments.
- Coordinate with relevant teams to schedule and perform critical updates or implementations that require off-peak windows.
- Document changes, communicate outcomes, and ensure smooth transitions back to normal operations.
Continuous Improvement & Collaboration - Stay current on emerging threats, security trends, and CMMC updates; integrate these insights into ongoing compliance efforts.
- Work closely with the dedicated compliance function to define, refine, and improve internal processes that align with CMMC requirements.
- Identify opportunities to streamline technical controls, automate evidence collection, and enhance security posture.
Qualifications & Skills Required Experience: - Proven experience (3-5+ years) in implementing and managing technical security controls in Microsoft-focused environments.
- Hands-on experience with:
- Microsoft 365 Administration & Security (tenant hardening, identity & access management, conditional access)
- Azure & Azure Virtual Desktop (security configuration, monitoring, role-based access control)
- Microsoft Defender XDR Suite (Defender for Endpoint, Defender for Office 365, etc.)
- Group Policy Objects (GPOs) and Intune for device and application management
- Active Directory (managing user/groups, reviewing logs, applying group policies)
- Firewalls (configuring rules, reviewing logs, interpreting firewall outputs)
- Demonstrated track record of working with CMMC controls or similar regulatory/compliance frameworks (e.g., NIST 800-171, DFARS).
- Strong understanding of SIEM tools and security incident management workflows.
Technical & Professional Skills: - Excellent written and verbal communication skills, with the ability to present technical concepts to diverse audiences.
- Proficiency in scripting or automating compliance evidence gathering (e.g., PowerShell) is a plus.
- Strong organizational and project management skills, with an emphasis on attention to detail and follow-through.
- Ability to work independently as well as collaboratively in a cross-functional team environment.
- Willingness to work outside normal business hours when required.
Certifications (Preferred): - Security+, CISSP, CISM, or similar professional security certifications.
- Microsoft 365 and/or Azure certifications (e.g., MS-500, AZ-500) highly desirable.
- Any CMMC-specific certifications or proven training credentials.
Soft Skills: - Customer-focused mindset and client-facing experience.
- Ability to balance technical depth with broader compliance and business considerations.
- Self-starter with a proactive approach to identifying and solving compliance challenges.
Work Environment - 100% Remote work environment with occasional (25%) travel to client sites
Budgeted Pay Range
$100,000-$116,000 USD
