CMMC Security Analyst

About The Position

Requirements

• A do-er, not just a strategist—comfortable rolling up their sleeves to get into technical details.
• Confident, able to make and defend architectural decisions.
• Technically deep, with current, relevant experience—not theoretical or outdated.
• A translator, who can turn strategic directives into concrete, implementable technical outcomes.
• A high bar setter, capable of enforcing standards and ensuring teams do things the right way.
• NIST - Specifically NIST 800-171, if they have 2-3 years of CMMC compliance or exposure it would be even better
• Risk Assessment - Mapping CMMC and NIST 800-171 controls to application security capabilities
• CUI - Controlled Unclassified Information - Define technical security requirements (IAM, logging, encryption, boundary protection, vulnerability management) for CUI-tier systems.
• Demonstrated experience working with or within a C3PAO, assessment organization, or equivalent CMMC-focused consultancy.
• Strong, current knowledge of CMMC 2.0 Level 2, NIST SP 800-171, FedRAMP, and secure enclave architectures.
• Deep technical background across multiple domains: o Cloud (Azure/Azure Gov/AWS) o Application architectures (custom, SaaS, COTS) o Networking and identity security o Data protection and boundary segmentation
• Proven ability to defend architectural decisions using technical, security, and compliance rationale.
• Experience leading technical discussions with engineers, architects, auditors, and executive leadership.

Nice To Haves

• CCP (Certified CMMC Professional)
• CCA (Certified CMMC Assessor)
• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Systems Auditor)
• Microsoft Certified: Azure Security Engineer Associate or Microsoft 365 Security Administrator Associate

Responsibilities

• Leverage previous C3PAO, assessment, or consultancy experience to guide teams through the “what” and “why” of compliance evidence and architectural expectations.
• Translate CMMC control requirements into actionable technical implementations for application, infrastructure, and security teams.
• Partner with compliance stakeholders to ensure architectures are audit-ready and enforceable.
• Act as a “technical translator” capable of bridging strategy and implementation.
• Provide detailed architectural deep dives, design validation, and solution recommendations for complex systems.
• Coach application owners, infrastructure engineers, and solution architects on best practices, required evidence, and compliant system design.
• Engage in governance forums, ARBs/CABs, design reviews, and compliance working sessions.
• Influence stakeholders at all levels—from developers and engineers to executive leadership.
• Ensure that architecture principles are consistently understood, adopted, and executed across the organization.

Benefits

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)