IT and Security Manager

About The Position

Requirements

• 5+ years in IT operations/service management and security within regulated/public-sector or similar environments.
• CMMC/NIST 800-171 leadership (gap analysis, remediation, evidence, assessor readiness).
• M365 administration (Entra ID/SSO, Intune, Exchange, SharePoint/OneDrive) and endpoint management.
• SecOps: SIEM, vulnerability management, incident response; strong network security fundamentals.
• Scripting/automation: PowerShell, Bash, and/or Python.
• Communication & leadership: Clear writing, stakeholder influence, cross-team enablement.
• Bachelor’s in CS/IT/Cybersecurity or equivalent experience.
• US Citizenship required.

Nice To Haves

• CISSP, CISM, Security+, or audit certs (e.g., CISA).
• Experience with container hardening and Terraform/Kubernetes governance (policy/admission controls)—advisory/controls focus.
• Familiarity with FedRAMP, DoD IL4/IL5 expectations and evidence workflows.
• Project management experience running multi-team initiatives.
• Exposure to spatial/immersive tech or game-engine security.
• Cloud or full-stack development experience (for automation/internal tools).
• Experience supporting public-sector customers and responding to RFP/security questionnaires.

Responsibilities

• Own CMMC end-to-end: Gap analysis → remediation roadmap → control implementation (SSP/POA&M) → objective evidence library → assessment readiness.
• Coordinate internal audits, stakeholder drills, assessor engagement, and track findings to closure.
• Vendor due diligence and contract clauses for CUI handling.
• Own M365 tenant administration (Entra ID/SSO, Intune, Exchange, SharePoint/OneDrive), core IT services, and helpdesk workflows.
• Provisioning, inventory, and lifecycle for laptops, peripherals, and enclave hardware; maintain CMDB accuracy.
• Role-based access, least-privilege, and auditable user transitions for on/offboarding.
• Define CAB/approvals, back-out plans, and maintenance windows with minimal disruption.
• Implement controls and hardening for enclaves, endpoints, VMs/containers (policy baselines, MFA, encryption in transit/at rest).
• Manage SIEM detections, triage alerts, and lead incident response/post-mortems.
• Manage vulnerability scans (e.g., Nessus), risk-based prioritization, remediation SLAs, and verification.
• Manage network and endpoint security: Firewalls, VPNs (WireGuard/OpenVPN/IPsec), IDS/IPS, EDR, device posture.
• Utilize PowerShell, Bash, and Python for baselines, hardening, and evidence capture.
• Perform security evaluations of software tools and hardware (pre-procurement and periodic) to ensure compliance with CMMC/NIST controls and internal standards.
• Assess against benchmarks, DISA STIGs, vendor hardening guides; verify SBOMs, patch cadence, logging/telemetry, data residency, encryption, and identity integrations (SSO/MFA/SCIM).
• Run security questionnaires, review pen-test/SOC 2/FedRAMP reports, and document compensating controls and residual risk for 3rd-party risk management.
• Own CMMC, NIST 800-171/53, CSF frameworks; support FedRAMP alignment where applicable.
• Maintain SSP, POA&M, policies/standards, diagrams, data flows, and objective evidence mapped to practices.
• Support internal audits, vendor risk reviews, and external assessor engagement.
• Provide security and CUI handling enablement across teams.
• Provide hands-on enclave access/process support, break/fix triage, and lab/office network hygiene.
• Evaluate vendors/tooling, manage renewals, and handle contracts that meet security/compliance needs.