Senior FedRAMP / CMMC Security & Compliance Engineer

About This Role

Lead hands-on compliance execution for FedRAMP and CMMC across federal and defense-aligned cloud platforms and enterprise systems. This role focuses on translating requirements into practical implementations, owning control mapping, evidence strategy, and assessment readiness.

Responsibilities

• Lead hands-on execution of FedRAMP and CMMC compliance initiatives, with primary ownership of control mapping, implementation alignment, and assessment readiness
• Translate FedRAMP (NIST 800-53) and CMMC / NIST 800-171 requirements into concrete technical and operational controls
• Own and maintain control mappings, ensuring accuracy, traceability, and alignment between framework requirements and real-world implementations
• Partner with engineering, DevOps, IT, and security teams to deploy and enforce security controls
• Develop and maintain compliance artifacts including SSPs, control narratives, implementation statements, and supporting documentation
• Design and drive evidence strategy and collection processes to ensure artifacts are complete, defensible, and aligned with assessor expectations
• Serve as a senior point of accountability during readiness reviews, assessments, and stakeholder discussions
• Identify compliance gaps, risks, and ambiguities early; drive structured remediation planning and execution
• Provide clear, actionable guidance to technical teams on meeting control requirements
• Review and validate control implementations and documentation produced by cross-functional contributors

Requirements

• 8+ years of experience in security, compliance, or risk management within regulated or federal-aligned environments
• Hands-on experience supporting FedRAMP and/or CMMC initiatives, including direct involvement in control mapping and implementation support
• Demonstrated ability to translate compliance frameworks into operational technical controls
• Experience working in cloud environments (AWS, Azure, or GCP), including security-relevant services such as IAM, logging, encryption, monitoring, vulnerability management, and configuration management
• Proven ability to operate independently and lead compliance execution with minimal oversight
• Experience supporting audits, assessments, or readiness reviews
• Strong written and verbal communication skills, including experience drafting SSPs and technical narratives
• U.S. Citizenship required

Qualifications

• 8+ years of experience in security, compliance, or risk management within regulated or federal-aligned environments

Nice to Have

• Experience supporting federal, DoD, or defense-adjacent programs
• Familiarity with AWS GovCloud and/or Azure Government environments
• Experience in cloud-native or hybrid architectures under compliance scope
• Prior involvement in systems pursuing or maintaining Authority to Operate (ATO)
• Experience working directly with third-party assessors, auditors, or external partners
• Background in environments where security and engineering teams collaborate closely on implementation

Skills

* Required skills