Cyber Security Specialist, CMMC Compliance
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Cyber Security Specialist focusing on achieving CMMC 2.0 compliance in aerospace & defense. Leading security efforts and managing compliance documentation across IT and OT environments.
Responsibilities:
- Lead the implementation, assessment, and continuous improvement of security controls aligned with NIST SP 800-171 and CMMC 2.0, ensuring organizational readiness for Level 2 certification.
- Own and maintain the System Security Plan (SSP), Plans of Action and Milestones (POA&M), security policies, procedures, and compliance documentation.
- Map and protect Controlled Unclassified Information (CUI) throughout its lifecycle, including data flows across engineering design (CAD/CAM), procurement, quality, manufacturing, and external suppliers.
- Serve as the primary liaison for CMMC assessments, including coordination with C3PAOs, audit preparation, artifact management, and remediation tracking.
- Implement and monitor security controls across both IT and OT environments, including identity and access management, multi-factor authentication, encryption, endpoint detection and response (EDR), SIEM, firewalls, and network segmentation.
- Conduct vulnerability scanning, risk assessments, and gap analyses against NIST SP 800-171 controls, prioritizing mitigation efforts based on operational and contractual risk.
- Lead cyber incident response activities, including documentation and reporting of incidents impacting CUI within required DFARS timelines (e.g., 72-hour reporting).
- Partner cross-functionally with engineering, operations, quality, and leadership to embed cybersecurity into product development and manufacturing processes.
- Oversee relationships with managed service providers (MSPs), cloud providers, and external security vendors to ensure secure configurations and regulatory compliance.
- Develop and deliver practical cybersecurity training tailored to aerospace manufacturing personnel, including phishing awareness, secure technical data handling, and CUI best practices.
- Establish compliance dashboards and executive reporting mechanisms to provide visibility into security posture and remediation progress.
- Support and secure cloud environments, including Microsoft GCC High or Azure Government, where applicable.
Requirements:
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
- 3–5+ years of experience in IT or Cybersecurity, including direct experience supporting CMMC, NIST SP 800-171, or DFARS compliance within the Defense Industrial Base.
- Demonstrated hands-on experience implementing and assessing NIST SP 800-171 security controls.
- Strong understanding of DFARS 252.204-7012 requirements and CMMC 2.0 framework.
- Experience with Windows and/or Linux systems, Active Directory, identity and access management, firewalls, VPNs, endpoint protection platforms, and vulnerability management tools.
- Familiarity with hybrid IT/OT environments and protecting intellectual property within CAD/CAM or manufacturing systems.
- Ability to translate regulatory requirements into scalable technical and operational solutions.
- Strong documentation, communication, and cross-functional leadership skills.
- Must be a U.S. Person (U.S. Citizen or Permanent Resident) due to ITAR/EAR regulations.
Benefits:
- Company paid employee medical, dental and vision insurance.
- Retirement plan participation (eligibility required).
- Paid sick leave.
- Paid vacation.
- Paid holidays.
- Discretionary bonuses.
Similar Jobs
AI Security & Controls Lead
AI Security & Controls Lead enabling secure AI adoption and evaluating AI-specific security controls. Collaborating with engineering and information security to manage AI risks effectively.
Detection & Response, Security Engineer
Detection & Response Security Engineer at WorkOS building detection logic and improving incident response capabilities. Collaborating with the security team to drive threat detection and operational maturity.
Senior Project Consultant – Security
Senior Project Consultant delivering Microsoft security solutions for mid-market and enterprise clients. Leading technical execution for identity-centric security and compliance projects with a customer-centric approach.
Senior Cyber Security Engineer
Senior Cyber Security Engineer for GE Vernova's Wind portfolio, leading cybersecurity initiatives and vulnerability assessments. Collaborating on designs and audits to enhance product security posture.
Product Security Engineer
Product Security Engineer focusing on secure development and security testing at WorkOS. Collaborating with engineering teams to protect users' data and identities.
Senior Cybersecurity Manager – Offensive Security
Leading offensive security capabilities at Home Depot, driving operational excellence across threat intelligence and investigations. Mentoring teams and establishing strategic roadmaps for cybersecurity objectives.
Security Guard
Unarmed Security Guard conducting patrols and monitoring access at cemetery grounds in Dixon, CA. Ensuring safety and security during funeral services and special events.
Information Security Engineer
Information Security Engineer safeguarding systems in a dynamic financial-services environment. Collaborating with cross-functional teams to improve security and compliance efforts.
Project Manager – Compliance Security Assessments
Project Manager driving compliance and security assessments for technology enterprises. Collaborating with cross-functional teams in managing security compliance and project execution.
Information Security Engineer – Endpoint Security Engineering
Information Security Engineer handling endpoint security within global operations. Leading remediation processes and collaborating with IT security tooling to ensure global endpoint security health.
Cybersecurity Threat and Preparedness Expert
Cybersecurity Threat and Preparedness Expert role at TDI focusing on evaluating cybersecurity preparedness and response strategies through hypothetical incident scenarios.
Senior Product Security Engineer – Automation
Senior Product Security Engineer at Red Hat developing automation tools for security processes. Collaborating with teams to enhance security capabilities across products, addressing new risks and vulnerabilities.
Ingeniero en Ciberseguridad Senior
Senior Cybersecurity Engineer supporting software projects in a challenging environment for financial sector clients. Requires deep knowledge in cybersecurity management and agile methodologies.
Security Specialist
Security Specialist responsible for monitoring transactions and investigating suspicious activities for CoinPoker's innovative crypto-poker platform. Collaborating with teams to ensure compliance and integrity of operations.
Senior Information Security Engineer – Endpoint Security Engineering
Senior Information Security Engineer focusing on endpoint security engineering at JLL. Developing processes for agent health and leading remediation activities to enhance cybersecurity.
Senior Application Security Architect
Designing and assessing security solutions in software projects. Collaborating with teams to ensure security is integral to the development lifecycle at WEX.
Research Assistant – Software Security, Program Analysis
Research Assistant in Software Security at Fraunhofer Institute, focusing on applied research projects in software security. Collaborating with academic and industry partners to enhance software security methods.
Director, Information and Cybersecurity
Director leading Information Security and cybersecurity initiatives for Office Depot. Responsible for policy development and team management in a global IT environment.
Analista Junior de Seguridad de la Información
Junior Information Security Analyst monitoring alerts and managing vulnerabilities in a structured environment. Engaging in practical experience and enhancing technical foundations remotely.
Senior Security Consultant
Microsoft Senior Security Consultant responsible for implementing Microsoft's security solutions for clients. Working with clients to design and integrate threat protection and compliance solutions.