APEX Analytix, Inc

Security and Compliance Lead

APEX Analytix, Inc$180K — $215K *
US-AnywhereRemote in United States
Aerospace & Defense
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years in security with compliance and technical focus
  • Deep knowledge of federal compliance frameworks like CMMC, FedRAMP, and ITAR
  • Experience with third-party assessments (C3PAO, FedRAMP)
  • Hands-on technical skills in scripting and troubleshooting
  • Cloud security expertise in GCP and AWS
  • Strong documentation and communication skills
  • Combined experience in compliance/GRC and technical security

Responsibilities

  • Own end-to-end CMMC L2 and FedRAMP High certification efforts
  • Maintain compliance with DFARS clauses and manage supplier requirements
  • Develop System Security Plans, policies, and compliance artifacts
  • Serve as primary contact for assessors and government officials
  • Manage continuous monitoring activities and reporting
  • Monitor regulatory changes and drive updates accordingly
  • Implement hands-on security controls and harden cloud infrastructure

Benefits

  • Innovative work in cutting-edge aerospace communications
  • Opportunity to contribute to national security programs
  • Professional development and career growth opportunities
  • Inclusive and collaborative workplace culture
  • Flexible remote/in-office work arrangements
Full Job Description


Role Overview:

We are looking for an experienced Security & Compliance Lead to join our team. The ideal candidate for this role has deep expertise in federal compliance frameworks including CMMC, FedRAMP, ITAR, and DFARS, combined with hands-on technical security implementation experience. We need someone who can navigate compliance frameworks and roll up their sleeves to implement controls, harden systems, and solve technical problems. We require an individual capable of navigating compliance frameworks, implementing controls, hardening systems, and resolving technical challenges.

You will be the primary owner of our government compliance programs while also contributing directly to security architecture, tooling, and engineering efforts. You will work closely with the Director of Security & IT, our engineering teams, and external partners to ensure we meet contractual and regulatory obligations. Come join a team building secure systems that support mission-critical communications for defense and federal customers.

Key Responsibilities:

  • Own CMMC L2 certification and FedRAMP High authorization efforts end-to-end, including gap analysis, remediation tracking, evidence collection, and assessment coordination
  • Maintain compliance with DFARS cybersecurity clauses (7012, 7019, 7020), ITAR, EAR and other federal requirements; manage SPRS score and supplier requirements
  • Develop and maintain System Security Plans, POA&Ms, policies, procedures, and supporting artifacts across all compliance frameworks
  • Serve as primary point of contact for C3PAO/3PAO assessors, government customers, prime contractors, and agency authorizing officials
  • Manage continuous monitoring activities including vulnerability scanning, access reviews, evidence collection, and monthly/annual reporting
  • Monitor regulatory changes across CMMC, FedRAMP, NIST 800-171/800-53, DFARS, and ITAR; assess impact and drive necessary updates
  • Implement security controls hands-on, including identity and access management, logging, encryption, and endpoint security
  • Harden cloud infrastructure in GCP, AWS, implementing security configurations and access controls aligned with compliance requirements
  • Build automation and tooling for evidence collection and compliance reporting; integrate security into CI/CD pipelines
  • Define, document, and enforce CUI boundaries and enclave architecture
  • Translate compliance requirements into actionable technical guidance for engineering teams
  • Support customer security assessments, due diligence requests, and contract security requirements

Required Qualifications:

  • 7+ years of experience in security roles with demonstrated compliance and technical responsibilities
  • Deep knowledge of federal compliance frameworks: NIST 800-171, NIST 800-53 Rev 5, CMMC 2.0, FedRAMP, and ITAR compliance and cybersecurity requirements
  • Experience preparing for and supporting third-party assessments (C3PAO, 3PAO, FedRAMP JAB/Agency, or equivalent)
  • Hands-on technical skills: ability to write scripts, Terraform, and troubleshoot access issues
  • Cloud security experience securing cloud environments (GCP preferred; AWS GovCloud)
  • Experience with enterprise IAM platforms (Okta, Azure AD, or similar)
  • Excellent documentation skills with ability to write policies that satisfy auditors and implementation guides that engineers can use
  • Strong communication skills with comfort presenting to auditors, executives, government customers, and authorizing officials
  • Combined experience in both compliance/GRC and hands-on technical security implementation
  • Experience leading or supporting third-party security assessments (C3PAO, 3PAO, FedRAMP JAB/Agency, or similar)
  • Ability to interpret NIST 800-53 controls and implement them in cloud environments
  • Working knowledge of CMMC, FedRAMP, and DFARS frameworks, including overlapping control requirements
  • Demonstrated ability to operate effectively in fast-paced environments with competing priorities
  • Experience building or significantly maturing a compliance program
  • U.S. Citizenship required

Preferred Qualifications:

  • FedRAMP authorization experience, ideally from initial readiness through ATO
  • CMMC C3PAO assessment experience
  • DoD or federal contractor background with understanding of regulatory environment and contract requirements
  • GCP experience including Security Command Center, Cloud Audit Logs, IAM, VPC Service Controls, and Assured Workloads
  • Infrastructure-as-code experience with Terraform, Ansible, or similar tools
  • GRC tooling experience (Vanta, Drata,or similar)
  • Security certifications such as CISSP, CISM, CGRC, CAP, or Security+
  • Familiarity with scripting languages (Python, Go, Bash)
  • Active Secret or Top Secret clearance, or ability to obtain

What We Offer:

  • Innovative Environment: Work at a cutting-edge company shaping the future of aerospace communications.
  • Impactful Work: Directly contribute to critical national security programs and initiatives.
  • Growth Opportunities: Expand your career with opportunities for professional development and advancement.
  • Inclusive Culture: Be part of a collaborative, supportive, and inclusive workplace where your contributions matter.
  • Flexibility: Flexible working arrangements including hybrid remote/in-office schedules.
  • Compensation and Equity: Competitive salary, comprehensive benefits (401(k), dental, vision, health, life insurance), paid time off, and equity options.

ITAR/EAR Requirements:

This position involves access to export-controlled information. To comply with U.S. government export regulations, applicants must meet one of the following criteria:

(A) Qualify as a U.S. person, which includes:

  • U.S. citizen or national
  • U.S. lawful permanent resident (green card holder)
  • Refugee under 8 U.S.C. 1157
  • Asylee under 8 U.S.C. 1158

(B) Be eligible to access export-controlled information without requiring an export authorization.

(C) Be eligible and reasonably likely to obtain the necessary export authorization from the appropriate U.S. government agency.

The company reserves the right to decline pursuing an export licensing process for legitimate business-related reasons.

#LI-Remote

The pay range for this role is:

180,000 - 215,000 USD per year (Remote (United States))

About APEX Analytix, Inc

APEX Analytix is a technology company that provides software and services to help businesses manage their financial operations. The company's products include software for accounts payable automation, fraud detection, and more. APEX Analytix was founded in 1988 and is headquartered in Raleigh, North Carolina.
Learn more about APEX Analytix, Inc
Size
1,000 employees
Industry
Net Income
$20 million
Founded
1988
5 Year Trend
+20%
Revenue
$200 million

Similar Jobs

More Jobs at APEX Analytix, Inc

More Aerospace & Defense Jobs

Find similar Security and Compliance Lead jobs: