CyberSheath - Compliance Engineer

• CMMC Implementation & Maintenance • Implement, configure, and maintain security controls in line with CMMC requirements (e.g., GPOs, M365 tenant hardening, Intune, Conditional Access, Defender for Endpoint, SIEM). • Collaborate with internal and external stakeholders to ensure ongoing compliance with CMMC standards. • Serve as the internal subject matter expert on CMMC-related technical questions and processes. • Technical Configuration & Operations • Design and deploy secure configurations for Microsoft 365, Azure, Azure Virtual Desktop, and the Microsoft Defender XDR suite. • Manage security baselines, conditional access policies, and monitoring/alerting configurations. • Coordinate with IT operations and security teams to remediate vulnerabilities and align with compliance objectives. • Hands-On Infrastructure & Security Tools • Utilize Active Directory, firewalls, and related security or network tools to ensure compliance and gather logs/artifacts as evidence. • Demonstrate the ability to log in, review configurations, and interpret outputs (e.g., system events, access logs, firewall logs) to support compliance documentation. • Work with cross-functional teams to update and maintain security configurations that align with CMMC requirements. • Compliance Evidence & Artifact Collection • Gather, document, and maintain the artifacts necessary to demonstrate compliance (system configurations, implementation records, access control logs, and related evidence). • Collaborate with cross-functional teams (IT, Security, DevOps) to validate and record operational and security processes in compliance with CMMC. • Audit Support & Client Engagement • Provide expert guidance and support during client-facing CMMC audits, which may include up to 25% travel. • Communicate technical aspects of CMMC controls and remediation strategies clearly to both technical and non-technical audiences. • Represent the organization’s CMMC posture to external auditors, clients, and partners. • Flexible Schedule & After-Hours Work • Execute security or IT controls that must take place outside standard business hours (e.g., evenings or weekends) to minimize disruption to production environments. • Coordinate with relevant teams to schedule and perform critical updates or implementations that require off-peak windows. • Document changes, communicate outcomes, and ensure smooth transitions back to normal operations. • Continuous Improvement & Collaboration • Stay current on emerging threats, security trends, and CMMC updates; integrate these insights into ongoing compliance efforts. • Work closely with the dedicated compliance function to define, refine, and improve internal processes that align with CMMC requirements. • Identify opportunities to streamline technical controls, automate evidence collection, and enhance security posture.