About the Job

SecureStrux is hiring for a dynamic Information Security Consultant (CMMC, FedRAMP, RMF) to join our compliance practice with experience providing Cybersecurity Maturity Model Certification (CMMC) consulting, DIBCAC Assessments, and/or CMMC Assessments. As a consultant, you will be responsible for assessing compliance and risk across diverse client projects for Defense Industrial Base Partners and Defense Agencies. This role is perfect for someone who excels in business acumen and technical expertise.

Job Details

  • Full Time, Exempt, Salaried
  • Remote home office with up to 20% travel to client sites.

The Work You’ll Do

  • Lead or assist with information security risk and compliance assessments, audits, gap analyses, remediation planning, and remediation services.
  • Contribute to projects with a primary focus on CMMC, FedRAMP, NIST 800-53, and NIST 800-171.
  • Conduct security assessments, identify vulnerabilities, and formulate strategic plans to address gaps; recommend risk mitigation measures.
  • Develop customized policies, procedures, controls, disaster recovery plans, and technical documentation for applications, systems, and infrastructure.
  • Develop internal processes to support the overall maturity of the Compliance practice.
  • Possess a working knowledge of IT security and various frameworks (i.e. CMMC, FedRAMP, NIST 800-30, 800-53, 800-60, 800-171, PCI DSS, NYS DFS 500).
  • Define the assessment scope for CMMC Level 1 and 2 assessments, FedRamp Assessments, or RMF ATO Assessments, ensuring a comprehensive evaluation of all relevant security controls.
  • Assess security controls and provide risk-based recommendations for both technical and non-technical findings.
  • Create detailed information security policies and procedures to ensure compliance with various standards, including NIST 800-53, NIST 800-171A, DFARS, CUI, CMMC, and ISO 27001/2.
  • Develop a Plan of Action and Milestones (POA&M) for the remediation of organization-wide weaknesses, ensuring a systematic and prioritized approach.
  • Independently manage client projects, overseeing client communications through various mediums such as phone calls, virtual meetings (MS Teams, Zoom), and in-person meetings as required.
  • Implement cybersecurity action plans and remediation activities for information systems hosted both on-premises and in the cloud.
  • Conduct ongoing monitoring tasks to verify continuous compliance with security controls according to client-specific criteria.
  • Support business development by participating in the sales process for opportunities, providing technical subject matter expertise for both Federal (public) and Commercial (private) sectors.
  • Foster a collaborative and knowledge-sharing environment within the team.
  • Perform other duties as assigned to contribute to the overall success of the cybersecurity team.

What You’ll Bring

  • Associate or bachelor’s degree, or equivalent experience, and 5+ years’ experience
  • Active Secret Clearance required to start
  • Active Certified CMMC Professional (CCP) Certification required to start
  • Active Certified CMMC Assessor (CCA) Certification or ability to obtain CCA required to start
  • CISSP or equivalent required to start
  • 5 years of Cybersecurity experience
  • 5 years of assessment or audit experience
  • Knowledge of and hands-on experience with CMMC, FedRAMP, and NIST 800-53/NIST 800-171 audits and attestations.
  • Deep familiarity with, or experience performing security compliance assessments supporting a C3PAO or 3PAO to meet CMMC Certification or FedRAMP requirements.
  • Deep familiarity with, or experience supporting security assessments of cloud service providers.
  • Deep familiarity with, or experience developing, updating, and maintaining ATO packages for platforms, systems, and applications to meet NIST 800-53 standards.
  • Knowledge of security architecture, infrastructure, network, and systems design.
  • Practical and working knowledge of common IT and security concepts including Cloud (Microsoft, Google or AWS), firewall management, server management, SIEM, IDS/IPS, web proxies, access control, and authentication, with advanced knowledge in at least one of these areas.
  • Experience in securing operating systems.
  • Experience implementing various security policy frameworks and control design.
  • Experience in managing policy exceptions, including working directly with the teams to document exceptions, identifying compensating controls, and remediation action plans.

Preferred

  • Certification as a Project Management Professional (PMP) is preferred.
  • Experience as a Security control Assessor DoD or Federal Agencies is a plus

 

Salary Range: $90,000 – $150,000

 

Our Approach

At SecureStrux, we are committed to core values that guide the way we work with one another and our clients. As a team member, you will Create Team Synergy, Drive Continuous Innovation, Deliver with Integrity, and have the Freedom to Own it. Our thriving company culture supports our employees as they seek to grow with us!

What We Offer

Between our virtual environment where you can evaluate recent technologies and enhance your skills, and a generous annual professional development stipend, you will join a team that enjoys working on leading-edge technologies for world-class clients. We offer a robust total compensation package that includes comprehensive health benefits to support you and your family, flexible time off, continuing education allowance, a donation allowance for charitable causes, and a matched 401k.

Employment Types: Full-time
Work Arrangements: Hybrid

Apply for this position

Allowed Type(s): .pdf, .doc, .docx
Back to listings

The latest in Cybersecurity

Enter your email to get the latest news, updates,
and content on cybersecurity.

"*" indicates required fields

How Did You Hear About SecureStrux?