CMMC Certified Assessor

Sentinel Blue

5d•Remote

About The Position

Sentinel Blue is looking for a CMMC Certified Assessor (CCA) to join our Operations team. This role is ideal for someone with a strong attention to detail and a passion for helping organizations meet regulatory and security standards. Our ideal candidate is a clear communicator who can translate technical concepts into plain language, work well with both executives and engineers, and approach compliance with a collaborative mindset. This role will support our clients by reviewing documentation, validating technical configurations, assessing environments against compliance objectives, and helping build repeatable processes that lead to assessment readiness. This is a full-time position that is fully remote. Due to the nature of our work, you must be a U.S. citizen with eligibility for a clearance. No exceptions. A day in the CMMC Certified Assessor role: The CMMC Level 2 Assessor (CCA) will conduct formal CMMC assessments in accordance with the CMMC Assessment Process (CAP), evaluating client environments against the 110 practices in NIST SP 800-171 Rev. 2. On a typical day, the assessor may review System Security Plans (SSPs), analyze Plans of Action & Milestones (POA&Ms), validate technical and administrative controls, and document MET/NOT MET determinations with clear supporting evidence. The assessor will participate in client interviews, review artifacts, and perform evidence validation to determine control implementation and operational effectiveness. They will work closely with internal assessment team members to ensure consistent, defensible results and contribute to the development of assessment documentation and reporting outputs. The role involves engaging with technical and non-technical stakeholders, analyzing enterprise environments, and applying structured assessment methodologies to evaluate compliance posture. The assessor will also maintain alignment with CMMC program requirements, assessment integrity standards, and evolving DoD guidance. What We Can Offer: Sentinel Blue is a young company with a focused mission: We’re bringing enterprise-class cybersecurity to small and medium sized businesses. Frankly, we’re pushing the envelope of how things are done and constantly seeking innovative ways to meet that mission. The pace is fast, and we’re always learning new things. This is a great place if you want to expose yourself to new and emerging technologies, want to be challenged, and want to build your skills. Further, success in this role can quickly transition into a team leadership role. The right person will find themselves in a fun, dynamic environment, working on interesting problems and making a real difference.

Requirements

U.S. citizenship - by nature of our work with the defense industry, all employees must be eligible for a Secret clearance.
Active Certified CMMC Assessor (CCA) certification with active Tier III background clearance
2-5 years of experience in information security, IT compliance, cybersecurity auditing, GRC, or similar roles.
Practical experience working with CMMC, NIST 800-171, NIST 800-53, DFARS 7012, or NIST RMF in a professional environment.
Demonstrated ability to lead and make decisions on compliance-related matters, including interpreting control intent, assessing evidence, and determining whether control requirements have been met.
Experience reviewing and developing policies, procedures, SSPs, POA&Ms, risk assessments, or similar compliance documentation.
Working knowledge of technical environments such as IAM, endpoint protection, logging/monitoring, vulnerability management, segmentation, and backup/recovery strategies.
Strong written and verbal communication skills, especially when translating technical information into actionable compliance guidance.
Ability to work independently, manage multiple client tasks, and follow structured workflows to drive compliance activities to timely completion.
Ability to interpret control intent, analyze evidence, and evaluate whether technical or procedural safeguards meet compliance objectives.

Nice To Haves

Experience working with or supporting a C3PAO
Experience working in a multi-client consulting or managed services environment. Prior work supporting multiple organizations simultaneously is highly valued.
Familiarity with Azure Government and Office 365 GCC High environments, including their unique compliance and security requirements.
Practical understanding of security and compliance policies such as least privilege, RBAC, audit logging, configuration baselines, change management, and endpoint protection.
Experience in a client-facing professional role, whether in IT, compliance, consulting, audit support, or similar fields.
Strong knowledge of cloud-first architecture and securing environments built in Azure or Microsoft 365.
Experience with related frameworks such as NIST 800-53, FedRAMP, ISO 27001, CIS Controls, or SOC 2.
Demonstrated passion for learning and professional growth.
Bachelor’s or Master's degree in Cybersecurity, Information Systems, Computer Science, Business, or a related field.
Additional certifications: CISSP CISA

Responsibilities

Communicate with clients through email, chat, meetings, and interviews to gather evidence, clarify processes, and maintain progress visibility on compliance deliverables.
Perform CMMC Level 2 assessments in accordance with the CMMC Assessment Process (CAP), including planning, execution, and documentation activities.
Review and evaluate client implementations of NIST SP 800-171 security requirements across technical, administrative, and operational controls.
Analyze System Security Plans (SSPs), POA&Ms, policies, procedures, and supporting artifacts to determine control implementation status.
Conduct client interviews and walkthroughs to validate the existence and effectiveness of security controls.
Document MET / NOT MET determinations with clear, objective, and defensible rationale aligned to CMMC assessment standards.
Collect, organize, and analyze objective evidence to support assessment conclusions and working papers.
Identify gaps, inconsistencies, and risks in control implementation and communicate findings to the assessment team.
Collaborate with internal assessment team members to ensure consistency in evaluation approach and documentation quality.
Support the development of assessment deliverables, including working papers and input to final assessment reports.
Maintain adherence to CMMC assessment integrity, independence, and quality assurance requirements.