Senior CMMC SME Engineer with Security Clearance

Senior CMMC SME Engineer Work Type: Remote-first with occasional onsite customer engagements Location: Washington, DC Clearance: Clearable Company Description Big Impact Tech (BIT) is a Small Business providing IT and business management consulting to federal and commercial clients. We deliver mission-focused solutions in data, cloud, cybersecurity, and program management. Position Overview CyberVault Solutions is seeking a highly experienced Senior CMMC SME Engineer to independently lead advanced cybersecurity engineering, GCC High implementation, compliance modernization, Zero Trust transformation, and assessment readiness initiatives across regulated and defense-aligned environments. This role is designed for a mature technical leader capable of owning engineering and compliance engagements from architecture through operationalization. The ideal candidate possesses deep hands-on expertise across GCC High, Microsoft security technologies, CMMC readiness, RMF operationalization, Zero Trust architecture, compliance engineering, and operational governance. This is not a paperwork-only compliance role. We are seeking engineering-first professionals capable of designing, implementing, operationalizing, and defending real-world cybersecurity environments capable of withstanding formal assessor scrutiny and supporting long-term operational maturity. The ideal candidate will operate as a trusted advisor capable of independently leading customer conversations, recommending strategic improvements, driving cybersecurity maturity initiatives, and making sound engineering and compliance decisions with minimal oversight. CyberVault Solutions operates with an engineering-first mindset focused on real-world operational security, long-term sustainability, operational maturity, and measurable cybersecurity outcomes — not simply checklist-driven compliance exercises. This position begins on a part-time, as-needed basis with strong long-term leadership and growth potential.  Responsibilities Engineer, configure, and support Microsoft GCC High environments Lead CMMC Level 1 and Level 2 readiness initiatives Design and implement Zero Trust-aligned security architectures Perform readiness assessments, gap analyses, and remediation planning Develop and mature System Security Plans (SSPs) Build and manage POA&Ms, evidence repositories, governance artifacts, and compliance documentation Support implementation and operationalization of all 110 NIST SP 800-171 controls Configure and optimize Microsoft security technologies and cloud security baselines Implement identity, endpoint, data protection, and conditional access controls Operationalize RMF governance and continuous monitoring practices Support mock assessments, operational walkthroughs, and assessment preparation activities Produce executive-quality technical documentation, engineering deliverables, governance procedures, operational runbooks, and customer-facing artifacts Maintain high-quality written and verbal communication throughout customer engagements Provide technical leadership during customer engagements and modernization initiatives Conduct architecture reviews, troubleshooting, and modernization recommendations Collaborate directly with executive leadership, engineers, assessors, and customer stakeholders Assist with strategic cybersecurity roadmaps, governance maturity, and operational sustainability initiatives Support occasional proposal development, technical scoping, and pre-sales strategy discussions when needed Independently own technical engagements while maintaining strong communication and customer professionalism   Required Qualifications 10+ years of cybersecurity engineering, cloud security, compliance engineering, security architecture, or modernization experience 10+ years of Microsoft cloud engineering, Microsoft 365 security, Azure, GCC, or GCC High experience Deep expertise in: GCC High engineering Microsoft 365 security CMMC readiness NIST SP 800-171 RMF operationalization Zero Trust architecture SSP and POA&M development Governance and evidence management Hands-on experience with: Microsoft Defender Suite Microsoft Defender XDR Microsoft Purview Intune Entra ID / Azure AD Conditional Access Endpoint security and device compliance Microsoft Sentinel SIEM/SOAR environments Secure enclave architecture Experience with GRC platforms (any major platform) Strong understanding of assessment readiness, evidence defensibility, and assessor validation expectations Strong understanding that cybersecurity maturity extends beyond documentation and requires operational defensibility, technical implementation maturity, governance alignment, and sustainable processes Experience supporting regulated, defense-aligned, or federal environments Ability to bridge engineering implementation with governance, compliance, operational maturity, and business objectives Ability to balance cybersecurity, operational realities, customer priorities, and business objectives Comfortable presenting technical and compliance concepts to executive leadership, technical teams, and non-technical stakeholders Ability to independently lead customer engagements, workshops, and technical decision-making activities Ability to produce clear, defensible, executive-quality technical and compliance documentation Comfortable operating within a client-services and billable-delivery environment where accountability, communication, execution quality, and customer satisfaction are critical Comfortable operating within fast-moving consulting and modernization environments where adaptability, initiative, accountability, and ownership are highly valued   Preferred Certifications Certified CMMC Professional (CCP) preferred Certified CMMC Assessor (CCA) preferred CISSP CCSP CASP+ CISM Azure Security Engineer Associate Microsoft Cybersecurity Architect PMP certification preferred Security+ or equivalent certifications considered a plus Active or previous U.S. Government security clearance is a plus   Desired Traits & Leadership Attributes We are looking for professionals who: Operate like trusted technical advisors Operate with an ownership mentality and proactively solve problems Communicate clearly, early, and professionally Think strategically while remaining execution-focused Independently solve complex engineering and compliance challenges Build scalable workflows, governance models, and operational processes Are innovative, adaptable, and highly accountable Maintain exceptional written communication and documentation quality Operate effectively with minimal oversight Maintain professionalism and confidence in customer-facing engagements Are comfortable navigating ambiguity and evolving customer environments Value operational excellence, long-term sustainability, and engineering quality over checkbox compliance Are capable of independently driving initiatives, managing priorities, and maintaining momentum across customer engagements with minimal operational oversight Individuals in this role will often serve as a direct extension of CyberVault Solutions within customer environments and must maintain exceptional professionalism, communication, integrity, accountability, and technical credibility.   Work Structure Part-time / engagement-based Hours determined by active customer delivery requirements Remote-first with occasional onsite customer engagements, workshops, assessments, or strategic planning sessions as required Flexible engagement structure aligned to customer needs Compensation structure discussed during onboarding and aligned to experience, certifications, engagement scope, and customer requirements High-performing individuals may have opportunities to grow into long-term engineering leadership, practice leadership, or strategic advisory roles as CyberVault Solutions continues expanding its GCC High, CMMC, RMF, and Zero Trust capabilities

Senior CMMC SME Engineer Work Type: Remote-first with occasional onsite customer engagements Location: Washington, DC Clearance: Clearable Company Description Big Impact Tech (BIT) is a Small Business providing IT and business management consulting to federal and commercial clients. We deliver mission-focused solutions in data, cloud, cybersecurity, and program management. Position Overview CyberVault Solutions is seeking a highly experienced Senior CMMC SME Engineer to independently lead advanced cybersecurity engineering, GCC High implementation, compliance modernization, Zero Trust transformation, and assessment readiness initiatives across regulated and defense-aligned environments. This role is designed for a mature technical leader capable of owning engineering and compliance engagements from architecture through operationalization. The ideal candidate possesses deep hands-on expertise across GCC High, Microsoft security technologies, CMMC readiness, RMF operationalization, Zero Trust architecture, compliance engineering, and operational governance. This is not a paperwork-only compliance role. We are seeking engineering-first professionals capable of designing, implementing, operationalizing, and defending real-world cybersecurity environments capable of withstanding formal assessor scrutiny and supporting long-term operational maturity. The ideal candidate will operate as a trusted advisor capable of independently leading customer conversations, recommending strategic improvements, driving cybersecurity maturity initiatives, and making sound engineering and compliance decisions with minimal oversight. CyberVault Solutions operates with an engineering-first mindset focused on real-world operational security, long-term sustainability, operational maturity, and measurable cybersecurity outcomes — not simply checklist-driven compliance exercises. This position begins on a part-time, as-needed basis with strong long-term leadership and growth potential.  Responsibilities Engineer, configure, and support Microsoft GCC High environments Lead CMMC Level 1 and Level 2 readiness initiatives Design and implement Zero Trust-aligned security architectures Perform readiness assessments, gap analyses, and remediation planning Develop and mature System Security Plans (SSPs) Build and manage POA&Ms, evidence repositories, governance artifacts, and compliance documentation Support implementation and operationalization of all 110 NIST SP 800-171 controls Configure and optimize Microsoft security technologies and cloud security baselines Implement identity, endpoint, data protection, and conditional access controls Operationalize RMF governance and continuous monitoring practices Support mock assessments, operational walkthroughs, and assessment preparation activities Produce executive-quality technical documentation, engineering deliverables, governance procedures, operational runbooks, and customer-facing artifacts Maintain high-quality written and verbal communication throughout customer engagements Provide technical leadership during customer engagements and modernization initiatives Conduct architecture reviews, troubleshooting, and modernization recommendations Collaborate directly with executive leadership, engineers, assessors, and customer stakeholders Assist with strategic cybersecurity roadmaps, governance maturity, and operational sustainability initiatives Support occasional proposal development, technical scoping, and pre-sales strategy discussions when needed Independently own technical engagements while maintaining strong communication and customer professionalism   Required Qualifications 10+ years of cybersecurity engineering, cloud security, compliance engineering, security architecture, or modernization experience 10+ years of Microsoft cloud engineering, Microsoft 365 security, Azure, GCC, or GCC High experience Deep expertise in: GCC High engineering Microsoft 365 security CMMC readiness NIST SP 800-171 RMF operationalization Zero Trust architecture SSP and POA&M development Governance and evidence management Hands-on experience with: Microsoft Defender Suite Microsoft Defender XDR Microsoft Purview Intune Entra ID / Azure AD Conditional Access Endpoint security and device compliance Microsoft Sentinel SIEM/SOAR environments Secure enclave architecture Experience with GRC platforms (any major platform) Strong understanding of assessment readiness, evidence defensibility, and assessor validation expectations Strong understanding that cybersecurity maturity extends beyond documentation and requires operational defensibility, technical implementation maturity, governance alignment, and sustainable processes Experience supporting regulated, defense-aligned, or federal environments Ability to bridge engineering implementation with governance, compliance, operational maturity, and business objectives Ability to balance cybersecurity, operational realities, customer priorities, and business objectives Comfortable presenting technical and compliance concepts to executive leadership, technical teams, and non-technical stakeholders Ability to independently lead customer engagements, workshops, and technical decision-making activities Ability to produce clear, defensible, executive-quality technical and compliance documentation Comfortable operating within a client-services and billable-delivery environment where accountability, communication, execution quality, and customer satisfaction are critical Comfortable operating within fast-moving consulting and modernization environments where adaptability, initiative, accountability, and ownership are highly valued   Preferred Certifications Certified CMMC Professional (CCP) preferred Certified CMMC Assessor (CCA) preferred CISSP CCSP CASP+ CISM Azure Security Engineer Associate Microsoft Cybersecurity Architect PMP certification preferred Security+ or equivalent certifications considered a plus Active or previous U.S. Government security clearance is a plus   Desired Traits & Leadership Attributes We are looking for professionals who: Operate like trusted technical advisors Operate with an ownership mentality and proactively solve problems Communicate clearly, early, and professionally Think strategically while remaining execution-focused Independently solve complex engineering and compliance challenges Build scalable workflows, governance models, and operational processes Are innovative, adaptable, and highly accountable Maintain exceptional written communication and documentation quality Operate effectively with minimal oversight Maintain professionalism and confidence in customer-facing engagements Are comfortable navigating ambiguity and evolving customer environments Value operational excellence, long-term sustainability, and engineering quality over checkbox compliance Are capable of independently driving initiatives, managing priorities, and maintaining momentum across customer engagements with minimal operational oversight Individuals in this role will often serve as a direct extension of CyberVault Solutions within customer environments and must maintain exceptional professionalism, communication, integrity, accountability, and technical credibility.   Work Structure Part-time / engagement-based Hours determined by active customer delivery requirements Remote-first with occasional onsite customer engagements, workshops, assessments, or strategic planning sessions as required Flexible engagement structure aligned to customer needs Compensation structure discussed during onboarding and aligned to experience, certifications, engagement scope, and customer requirements High-performing individuals may have opportunities to grow into long-term engineering leadership, practice leadership, or strategic advisory roles as CyberVault Solutions continues expanding its GCC High, CMMC, RMF, and Zero Trust capabilities

• 

• Government Careers

Show more