Compliance Engineer

CyberSheath Services International LLC is a rapidly growing Managed Services Provider primarily focused on providing CMMC Compliance and Cybersecurity services to the Defense Industrial Base (DIB). We are excited to be expanding our staff due to our growth and are looking to add to our team!   

CyberSheath integrates compliance and threat mitigation efforts and eliminates redundant security practices that don’t improve and, in fact, may weaken an organization’s security posture. Our professionals advise clients where to stop spending, where to invest, and how to take what they are already doing and integrate it in a way that delivers improved security.    

Successful candidates for CyberSheath are self-motivated, think out of the box, work, and solve issues independently. Confident, ‘doers’ who ‘get the job done’ and strive to ‘do the right thing, even when no one is looking’ are the types of candidates who thrive in our culture.  Additionally, our most successful team members are self-starters and willing to put on many hats to succeed. CyberSheath is fast-growing and seeks candidates who want to be part of our upward trajectory.   

We are seeking a Compliance Engineer who will be responsible for implementing and maintaining the technical security controls required under the Cybersecurity Maturity Model Certification (CMMC). This individual will work in close partnership with our dedicated compliance team to ensure that our organization and our clients adhere to all relevant standards, frameworks, and best practices.  

As the CMMC Compliance-Focused Engineer, you will be both a strategic partner and a hands-on contributor—collecting evidence of compliant work, configuring IT/security systems, and guiding internal teams on best practices. You will also interface directly with our clients, supporting formal CMMC audits and providing expert input on technical compliance measures.  

Key Responsibilities  

CMMC Implementation & Maintenance  

• Implement, configure, and maintain security controls in line with CMMC requirements (e.g., GPOs, M365 tenant hardening, Intune, Conditional Access, Defender for Endpoint, SIEM).  

• Collaborate with internal and external stakeholders to ensure ongoing compliance with CMMC standards.  

• Serve as the internal subject matter expert on CMMC-related technical questions and processes.  

Technical Configuration & Operations  

• Design and deploy secure configurations for Microsoft 365, Azure, Azure Virtual Desktop, and the Microsoft Defender XDR suite.  

• Manage security baselines, conditional access policies, and monitoring/alerting configurations.  

• Coordinate with IT operations and security teams to remediate vulnerabilities and align with compliance objectives.  

Hands-On Infrastructure & Security Tools  

• Utilize Active Directory, firewalls, and related security or network tools to ensure compliance and gather logs/artifacts as evidence.  

• Demonstrate the ability to log in, review configurations, and interpret outputs (e.g., system events, access logs, firewall logs) to support compliance documentation.  

• Work with cross-functional teams to update and maintain security configurations that align with CMMC requirements.  

Compliance Evidence & Artifact Collection  

• Gather, document, and maintain the artifacts necessary to demonstrate compliance (system configurations, implementation records, access control logs, and related evidence).  

• Collaborate with cross-functional teams (IT, Security, DevOps) to validate and record operational and security processes in compliance with CMMC.  

Audit Support & Client Engagement  

• Provide expert guidance and support during client-facing CMMC audits, which may include up to 25% travel.  

• Communicate technical aspects of CMMC controls and remediation strategies clearly to both technical and non-technical audiences.  

• Represent the organization’s CMMC posture to external auditors, clients, and partners.  

Flexible Schedule & After-Hours Work  

• Execute security or IT controls that must take place outside standard business hours (e.g., evenings or weekends) to minimize disruption to production environments.  

• Coordinate with relevant teams to schedule and perform critical updates or implementations that require off-peak windows.  

• Document changes, communicate outcomes, and ensure smooth transitions back to normal operations.  

Continuous Improvement & Collaboration  

• Stay current on emerging threats, security trends, and CMMC updates; integrate these insights into ongoing compliance efforts.  

• Work closely with the dedicated compliance function to define, refine, and improve internal processes that align with CMMC requirements.  

• Identify opportunities to streamline technical controls, automate evidence collection, and enhance security posture.  

Qualifications & Skills  

Required Experience:  

• Proven experience (3–5+ years) in implementing and managing technical security controls in Microsoft-focused environments.  

• Hands-on experience with: