Senior FedRAMP / CMMC Security & Compliance Engineer

Role: Senior FedRAMP / CMMC Security & Compliance Engineer
Location: Remote (Denver CO Preferred) 
Employment Type: Contract, ~9 months

Overview

We are seeking a Senior FedRAMP / CMMC Security & Compliance Engineer to lead hands-on compliance execution across federal and defense-aligned environments.

This role carries clear technical ownership and delivery leadership expectations. You will be responsible for translating FedRAMP and CMMC requirements into practical, defensible implementations—owning control mapping, evidence strategy, and deployment alignment across cloud platforms, systems, and teams.

This is not a policy-only or advisory role. It requires deep judgment, the ability to operate independently in ambiguous environments, and the confidence to lead compliance execution end-to-end while partnering closely with engineering, platform, and security stakeholders.

You will act as a trusted senior individual contributor who can “carry the ball,” proactively identify gaps and risks, and drive compliance outcomes forward without waiting for perfect instructions.

Responsibilities

• Lead hands-on support for FedRAMP and CMMC compliance initiatives, with primary responsibility for control mapping, implementation alignment, and assessment readiness.
• Translate FedRAMP (NIST 800-53) and CMMC / NIST 800-171 requirements into concrete technical and operational controls across cloud and system environments.
• Own control mappings, ensuring accuracy, traceability, and alignment between framework requirements and real-world implementations.
• Partner closely with engineering, DevOps, IT, and security teams to support deployment and enforcement of security controls, not just documentation.
• Support the development and maintenance of compliance artifacts, including SSPs, control narratives, and supporting evidence.
• Drive evidence strategy and collection, ensuring artifacts are defensible, complete, and aligned with assessor expectations.
• Serve as a senior point of accountability during assessments, readiness reviews, and stakeholder discussions.
• Identify compliance gaps, risks, and ambiguities early and proactively drive remediation plans.
• Provide clear guidance to technical teams on how to meet control requirements in practical, scalable ways.
• Review and validate control implementations and supporting documentation produced by other contributors.
• Help establish and reinforce consistent compliance practices, patterns, and standards across environments.
• Communicate effectively with both technical and non-technical stakeholders, translating complex requirements into actionable guidance.
• Operate with a strong bias toward execution, progress, and outcomes in fast-moving or imperfect environments.

Required Qualifications

• 8+ years of experience in security, compliance, or risk management roles within regulated or federal-aligned environments.
• Strong hands-on experience supporting FedRAMP and/or CMMC initiatives, including control mapping and implementation support.
• Demonstrated ability to translate compliance frameworks into real technical and operational controls.
• Experience working directly with cloud environments (e.g., AWS, Azure, or Google Cloud Platform), including security-relevant services such as IAM, logging, encryption, monitoring, and vulnerability management.
• Proven ability to operate independently and lead compliance execution without heavy oversight.
• Comfort working in ambiguous environments and making sound judgment calls.
• Experience supporting audits, assessments, or readiness activities.
• Strong written and verbal communication skills, with the ability to explain compliance concepts clearly to engineering and leadership audiences.
• ship required.

Preferred Qualifications

• Experience working in federal, DoD, or defense-adjacent environments.
• Familiarity with AWS GovCloud and/or Azure Government.
• Experience supporting compliance in cloud-native or hybrid environments.
• Prior involvement in environments pursuing or maintaining ATOs.
• Experience collaborating with external assessors, auditors, or third-party partners.
• Background in environments where security, compliance, and engineering work closely together.