Senior GRC Engineer (CMMC/FedRAMP)

About The Position

Requirements

• Strong organizational and project management skills with the ability to manage multiple FedRAMP-focused engagements concurrently
• 5+ years of experience in GRC, with deep exposure to FedRAMP, NIST SP 800-53, and federal compliance programs
• Working knowledge of CMMC 2.0 and NIST SP 800-171 requirements
• 3+ years of experience leading or mentoring a small team
• Experience authoring and reviewing SSPs, POA&Ms, and assessment artifacts
• Familiarity with federal cloud environments (AWS GovCloud, Azure Government, GCC High)
• Experience working with SaaS providers, federal contractors, or regulated technology organizations
• Ability to thrive in a fast-paced, consulting or startup environment
• Reliable high-speed internet connection.
• Quiet, professional home office setup.
• Must be amenable to work US Eastern Time zone hours.
• Fluency in written and verbal English communication skills.

Nice To Haves

• FedRAMP-specific experience supporting JAB or Agency ATOs
• CMMC Registered Practitioner (RP), CCP, or CCA certification
• CISSP, CISM, or Security+ certification
• Experience with DFARS clauses and CUI handling requirements
• Familiarity with SPRS reporting and DoD assessment workflows
• Prior experience working directly with 3PAOs or C3PAOs

Responsibilities

• Interpret and Apply FedRAMP Requirements: Analyze and apply NIST SP 800-53 controls, FedRAMP baselines, and agency-specific requirements to ensure client compliance.
• Develop and Maintain FedRAMP Documentation: Author and maintain System Security Plans (SSPs), control implementation narratives, POA&Ms, SAPs, SARs, and continuous monitoring artifacts.
• Conduct FedRAMP Readiness Assessments: Perform gap analyses and readiness reviews to prepare organizations for JAB or Agency ATO pathways.
• Support Authorization and Assessment Activities: Coordinate with Third-Party Assessment Organizations (3PAOs), cloud service providers, and government stakeholders throughout the FedRAMP lifecycle.
• Boundary Definition & Scoping: Lead CMMC/FedRAMP authorization boundary definition and system scoping activities, including identification of in-scope components, interconnections, data flows, and shared responsibility models to ensure alignment with FedRAMP PMO and agency expectations.
• Manage Continuous Monitoring Programs: Oversee monthly, quarterly, and annual FedRAMP continuous monitoring requirements, including vulnerability management, incident response reporting, and change control.
• Lead FedRAMP Engagements: Manage multiple concurrent client projects, ensuring milestones, deliverables, and quality standards are consistently met or exceeded.
• Support CMMC and NIST 800-171 Compliance Efforts: Assist defense contractors with interpreting CMMC 2.0 and NIST SP 800-171 controls and implementing compliant security programs.
• Develop CMMC Documentation: Contribute to SSPs, POA&Ms, and supporting artifacts required for CMMC Level 1 and Level 2 readiness.

Benefits

• Career Development: Clear path with mentorship and training opportunities
• Technical Training: Comprehensive onboarding on security and compliance frameworks
• Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities.
• Growth Opportunity: Early-stage company with significant room for career advancement.
• Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team.