Overview:Job Title: Senior Cybersecurity Engineer Job Location: Tampa, FL Job Responsibilities:We are seeking an experienced Senior Cybersecurity Engineer to join our team to lead the implementation, maintenance, and continuous improvement of our cybersecurity controls in alignment with CMMC (Cybersecurity Maturity Model Certification) and ISO 27001 standards. This critical role will ensure that our organization meets or exceeds security and compliance requirements, safeguarding sensitive information and systems while supporting business objectives. The Senior Cybersecurity Engineer will work closely with internal teams, vendors, and third-party auditors to develop, implement, and maintain effective security policies and controls. This position requires a deep understanding of cybersecurity frameworks, risk management practices, and regulatory requirements.
Implement and Maintain CMMC & ISO 27001 Requirements: Lead the design, implementation, and continuous improvement of CMMC and ISO 27001 compliance across systems and services, ensuring adherence to applicable controls, risk management frameworks, and cybersecurity standards.
Azure GCC-High Security Architecture: Architect and implement security solutions and configurations tailored to Azure GCC-High to support compliance with CMMC and ISO 27001 requirements, including data protection, access control, and network security.
Hybrid Environment Security Management: Maintain security policies and procedures that apply to the hybrid environment, ensuring seamless integration of on-premises systems with Azure GCC-High resources, while ensuring compliance with both CMMC and ISO 27001 standards.
Risk Management and Vulnerability Assessments: Perform regular risk assessments, vulnerability scans, and gap analysis to identify potential compliance gaps and threats related to CMMC and ISO 27001, and develop mitigation strategies to address them.
Collaboration with Compliance Teams: Work closely with internal compliance, audit, and governance teams to ensure that security controls and policies meet CMMC, ISO 27001, and other regulatory requirements. Assist with audit preparation, documentation, and reporting.
Incident Response and Monitoring: Develop and manage incident response protocols and procedures that meet the needs of both CMMC and ISO 27001. Actively monitor security systems for threats, vulnerabilities, and non-compliance.
Documentation and Reporting: Ensure thorough documentation of security configurations, compliance audits, and the implementation of CMMC and ISO 27001 controls. Report regularly to management on compliance status, audit findings, and risk posture.
Training and Awareness: Provide security training and awareness programs to internal teams to ensure CMMC and ISO 27001 requirements are understood and adhered to throughout the organization.
Minimum Qualifications:
Active, in-scope US Government issuedTop Secretclearance
Due to the nature of the work and contract requirements,US Citizenship is required.
7+ years of experience in systems security engineering or a related IT security role, with a focus on compliance, risk management, and government regulations.
A minimum of five (5) years’ experience participating in and managing IT security activities
Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or equivalent.
Experience with vulnerability management tools and techniques.
Expertise in implementing and managing security controls (e.g., NIST SP 800-53, NIST SP 800-171, ISO 27001, CMMC).
Desired Qualifications:
In-depth experience with ISO 27001 risk management frameworks and controls.
Familiarity with FedRAMP, ITAR, FISMA, and other federal cybersecurity regulations.
Strong understanding of Data Loss Prevention (DLP), Identity and Access Management (IAM), and security automation tools.
Proven experience in conducting CMMC audits, ISO 27001 audits, and understanding of the specific controls required by both frameworks.
Experience managing security in ahybrid IT environment(combination of on-premises and cloud-based systems).F
F amiliarity with Security Information and Event Management (SIEM) tools (e.g., Splunk, Microsoft Sentinel).
Education:
Bachelors or Associate’s degree in a relevant discipline (e.g., Computer Science, Business, Electrical Engineering, Information Systems, Telecommunications, Finance). OR at least ten years of general experience of which seven years is directly related experience.
Job ID 2024-6376 of Openings 1
