Cyber Security Specialist (CMMC Compliance)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• 3–5+ years of experience in IT or Cybersecurity, including direct experience supporting CMMC, NIST SP 800-171, or DFARS compliance within the Defense Industrial Base.
• Demonstrated hands-on experience implementing and assessing NIST SP 800-171 security controls.
• Strong understanding of DFARS 252.204-7012 requirements and CMMC 2.0 framework.
• Experience with Windows and/or Linux systems, Active Directory, identity and access management, firewalls, VPNs, endpoint protection platforms, and vulnerability management tools.
• Familiarity with hybrid IT/OT environments and protecting intellectual property within CAD/CAM or manufacturing systems.
• Ability to translate regulatory requirements into scalable technical and operational solutions.
• Strong documentation, communication, and cross-functional leadership skills.
• Must be a U.S. Person (U.S. Citizen or Permanent Resident) due to ITAR/EAR regulations.

Nice To Haves

• Experience with Microsoft GCC High (or Azure GovCloud).
• Experience with managed service providers (MSPs) in a manufacturing environment.
• Background in NIST 800-172 or Advanced Persistent Threat (APT) protection.
• CMMC Certified Professional (CCP or CCA), CISSP, CISM, Security+, or equivalent certification.

Responsibilities

• Lead the implementation, assessment, and continuous improvement of security controls aligned with NIST SP 800-171 and CMMC 2.0, ensuring organizational readiness for Level 2 certification.
• Own and maintain the System Security Plan (SSP), Plans of Action and Milestones (POA&M), security policies, procedures, and compliance documentation.
• Map and protect Controlled Unclassified Information (CUI) throughout its lifecycle, including data flows across engineering design (CAD/CAM), procurement, quality, manufacturing, and external suppliers.
• Serve as the primary liaison for CMMC assessments, including coordination with C3PAOs, audit preparation, artifact management, and remediation tracking.
• Implement and monitor security controls across both IT and OT environments, including identity and access management, multi-factor authentication, encryption, endpoint detection and response (EDR), SIEM, firewalls, and network segmentation.
• Conduct vulnerability scanning, risk assessments, and gap analyses against NIST SP 800-171 controls, prioritizing mitigation efforts based on operational and contractual risk.
• Lead cyber incident response activities, including documentation and reporting of incidents impacting CUI within required DFARS timelines (e.g., 72-hour reporting).
• Partner cross-functionally with engineering, operations, quality, and leadership to embed cybersecurity into product development and manufacturing processes.
• Oversee relationships with managed service providers (MSPs), cloud providers, and external security vendors to ensure secure configurations and regulatory compliance.
• Develop and deliver practical cybersecurity training tailored to aerospace manufacturing personnel, including phishing awareness, secure technical data handling, and CUI best practices.
• Establish compliance dashboards and executive reporting mechanisms to provide visibility into security posture and remediation progress.
• Support and secure cloud environments, including Microsoft GCC High or Azure Government, where applicable.

Benefits

• Company paid employee medical, dental and vision insurance.
• Retirement plan participation (eligibility required), paid sick leave, paid vacation, paid holidays and discretionary bonuses.