Key skills
AzureCloudCyber Security
About this role
Role Overview
- Lead and execute CMMC Level 2 gap assessments against all 110 NIST SP 800-171 Rev 2 practices across the 14 control domains.
- Conduct readiness reviews and deliver findings with prioritized remediation roadmaps.
- Author and maintain SSPs, POA&Ms, policies, procedures, and implementation narratives using the NIST SP 800-171A examine, test, and interview methodology.
- Build CMMC-scoped network diagrams, data flow diagrams, and CUI boundary documentation.
- Evaluate client environments scoped to CUI systems, including Microsoft 365 GCC and GCC High, Intune and Microsoft Defender for Endpoint, and specialized platforms such as PreVeil.
- Serve as the primary technical point of contact for assigned DIB accounts across the compliance lifecycle.
- Facilitate interviews with client staff to validate controls and gather evidence, and present status and executive readouts with clarity.
- Own data integrity in the GRC platform (e.g., IntelliGRC) for SSP management, POA&M tracking, and evidence management.
- Improve internal CMMC methodologies, templates, and tooling. Mentor junior consultants, and track CMMC Program rule changes (32 CFR Part 170, DFARS 252.204-7021) and Cyber AB guidance updates so the practice stays current.
Requirements
- Active CMMC Certified Professional (CCP) credential in good standing with the Cyber AB
- Active CMMC Certified Assessor (CCA) credential in good standing with the Cyber AB
- Minimum 5 years of progressive IT experience, with at least 2 years focused on cybersecurity
- Minimum 1 year of direct CMMC, DFARS 252.204-7012/7021, NIST SP 800-171, or other compliance consulting experience
- Demonstrated expertise scoping CUI environments and applying NIST SP 800-171 Rev 2 across all 14 control families
- Hands-on experience with Microsoft 365 Commercial, GCC, and/or GCC High environments in a CMMC compliance context
- Working knowledge of Azure Sentinel, Microsoft Defender for Endpoint (MDE), and Intune within CMMC-scoped environments
- Strong proficiency writing SSP implementation narratives, NIST 800-171A-aligned assessment procedures, and POA&M documentation
- Familiarity with FedRAMP Moderate authorization requirements and cloud service provider boundary scoping
- Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a closely related field
Tech Stack
- Azure
- Cloud
- Cyber Security