Key Facts

Remote From:

Full time

38 - 38K yearly

English

Hard Skills

NIST 800 DFSR Security Technology Encryption Endpoint Security Plan Of Action And Milestones (POA&M) Regulatory Compliance Access Controls Network Monitoring Stakeholder Communications +17 more

Other Skills

•
Teamwork
•
Leadership

Roles & Responsibilities

Bachelor's degree in Information Security, Computer Science, or a related field.
Professional certifications such as CISSP, CISM, GIAC, or CCA/CCP (CMMC-specific certifications preferred).
Experience supporting DoD compliance or federal contracts is highly valued.

Requirements:

Design, implement, and monitor security controls aligned with CMMC requirements, including access controls, encryption, endpoint protection, and secure configurations.
Lead vulnerability assessments, scan remediation tracking, and continuous risk management across hybrid and cloud environments.
Prepare for and facilitate CMMC assessments (self and third-party), maintain certification documentation (SSP, POAM), and address audit findings.
Collaborate with compliance managers, legal/data protection officers, and operations teams to ensure continuous alignment with NIST SP 800-171/DFARS controls.

Red Cup IT

Computer Hardware & Networking

About Red Cup IT

Red Cup IT is an enterprise-grade IT firm that provides MSP, MSSP, Project Delivery, and Skill Augmentation solutions. We have been in business for twelve years and support clients across the United States. Our hallmark is the delivery of skillsets in more than 100 IT solutions and SaaS applications. Red Cup IT’s technical staff constantly cross-train across their specializations. Our company culture is unusual for firms of our nature. We strongly believe in IT skill transfer and knowledge sharing. Our customers’ business and IT leaders appreciate that we take care of the technical details so that they can focus on their strategic and business missions. Our end users appreciate the white glove support we provide. We focus on vendor relationship development and know how to get the most out of our partnerships on behalf of our clients.

Company type: SME

Industry: Computer Hardware & Networking

Founded: 2018

Company size: 11 - 50

Website LinkedIn See all jobs →

Job description

We are looking for a CMMC Security Engineer is responsible for implementing, maintaining, and leading cybersecurity efforts to ensure compliance with the Cybersecurity Maturity Model Certification (CMMC) standards, focusing on protecting Controlled Unclassified Information (CUI) for organizations in the Defense Industrial Base (DIB).

Key Responsibilities

Design, implement, and monitor security controls aligned with CMMC requirements, including access controls, encryption, endpoint protection, and secure configurations.
Lead vulnerability assessments, scan remediation tracking, and continuous risk management across hybrid and cloud environments.
Support incident response, threat hunting, and forensic analysis for cybersecurity events.
Prepare for and facilitate CMMC assessments (self and third-party), maintain certification documentation (SSP, POA&M), and address audit findings.
Collaborate with compliance managers, legal/data protection officers, and operations teams to ensure continuous alignment with NIST SP 800-171/DFARS controls.
Oversee CMMC continuous monitoring programs and identify compliance gaps in workflows.
Provide security awareness training and promote a culture of cybersecurity vigilance across departments.

Required Skills

Deep understanding of CMMC 2.0 framework, NIST SP 800-171, and DFARS requirements.
Experience conducting technical assessments, vulnerability management, and implementing FedRAMP Moderate or equivalent systems for CUI.
Strong documentation skills for policies, procedures, and audit support.
Ability to communicate technical findings to both technical and non-technical stakeholders.
Knowledge of cloud (e.g., Azure, Microsoft 365) and on-premise security technologies.

Typical Qualifications

Bachelor’s degree in Information Security, Computer Science, or a related field.
Professional certifications such as CISSP, CISM, GIAC, or CCA/CCP (CMMC-specific certifications preferred).
Experience supporting DoD compliance or federal contracts is highly valued.

Job Purpose

The role ensures a secure and compliant enclave for CUI, mitigates cybersecurity risks, leads compliance projects, and prepares for third-party assessments and audits under the evolving CMMC 2.0 regulations.

Ready to apply?

APPLY

Share ·