CMMC Compliance Analyst

Sentinel Blue•Warrenton, VA

15d•Remote

About The Position

Sentinel Blue is looking for a CMMC Compliance Analyst to join our Operations team. This role is ideal for someone with a strong attention to detail and a passion for helping organizations meet regulatory and security standards. Our ideal candidate is a clear communicator who can translate technical concepts into plain language, work well with both executives and engineers, and approach compliance with a collaborative mindset. This role will support our clients by reviewing documentation, validating technical configurations, assessing environments against compliance objectives, and helping build repeatable processes that lead to assessment readiness. This is a full-time position that is fully remote. Due to the nature of our work, you must be a U.S. citizen with eligibility for a clearance. No exceptions. The CMMC Compliance Analyst is a growth role built for someone who wants to learn the craft of compliance from the inside out. You will support active client engagements by reviewing documentation, helping validate technical controls against CMMC and NIST requirements, and building the core artifacts that drive audit readiness. Your day will include assisting with evidence collection, participating in client interviews, updating POA&Ms, and helping maintain System Security Plans, policies, and procedures. You will learn how to evaluate technical areas like access control, logging, backups, and segmentation by working alongside experienced IT and Security team members. You will not be expected to know everything on day one. You will shadow senior staff, follow established playbooks, receive hands-on coaching, and steadily take on more responsibility as your skills grow. Over time, you will develop into a confident compliance professional capable of leading assessments and advisory work.

Requirements

U.S. citizenship - by nature of our work with the defense industry, all employees must be eligible for a Secret clearance.
2-5 years of experience in information security, IT compliance, cybersecurity auditing, GRC, or similar roles.
Demonstrated ability to lead and make decisions on compliance-related matters, including interpreting control intent, assessing evidence, and determining whether control requirements have been met.
Experience reviewing and developing policies, procedures, SSPs, POA&Ms, risk assessments, or similar compliance documentation.
Working knowledge of technical environments such as IAM, endpoint protection, logging/monitoring, vulnerability management, segmentation, and backup/recovery strategies.
Strong written and verbal communication skills, especially when translating technical information into actionable compliance guidance.
Ability to work independently, manage multiple client tasks, and follow structured workflows to drive compliance activities to timely completion.
CompTIA Security+ certification is required in the first 2 months of hire

Nice To Haves

Exposure to frameworks like CMMC, NIST 800-171, NIST 800-53, DFARS 7012, or NIST RMF in a professional environment.
Relevant certifications such as CMMC Certified Professional (CCP), Certified CMMC Assessor (CCA), CMMC Practitioner Instructor (PI), and/or CISSP.
Experience working in a multi-client consulting or managed services environment. Prior work supporting multiple organizations simultaneously is highly valued.
Familiarity with Azure Government and Office 365 GCC High environments, including their unique compliance and security requirements.
Practical understanding of security and compliance policies such as least privilege, RBAC, audit logging, configuration baselines, change management, and endpoint protection.
Experience in a client-facing professional role, whether in IT, compliance, consulting, audit support, or similar fields.
Strong interest in cloud-first architecture and securing environments built in Azure or Microsoft 365.
Experience with related frameworks such as NIST 800-53, FedRAMP, ISO 27001, CIS Controls, or SOC 2.
Ability to interpret control intent, analyze evidence, and evaluate whether technical or procedural safeguards meet compliance objectives.
Demonstrated passion for learning and professional growth.
Bachelor’s or Master's degree in Cybersecurity, Information Systems, Computer Science, Business, or a related field.

Responsibilities

Receive, triage, and analyze compliance-related requests, documentation, and assessment findings, and work to resolve issues through research, evidence collection, and stakeholder coordination.
Support the development and maintenance of System Security Plans (SSPs), POA&Ms, policy sets, procedures, and control documentation across client environments.
Review client technical configurations (e.g., access controls, logging, encryption, segmentation, backup strategies) against NIST/CMMC compliance objectives and document gaps or remediation actions.
Communicate with clients through email, chat, meetings, and interviews to gather evidence, clarify processes, and maintain progress visibility on compliance deliverables.
Assist in the management, implementation, and validation of compliance controls across CMMC, NIST 800-171, and/or DFARS 7012.
Contribute to internal compliance documentation templates, client-facing guidance materials, and evidence repositories that streamline audit readiness.
Support the creation of compliance reports, risk assessments, briefs, and executive presentations that translate findings into clear business narrative.