Overview 
Overview

The Virtual Information Systems Security Engineer (ISSE) is responsible for designing, implementing, and maintaining cybersecurity architectures that meet federal compliance standards while protecting client environments across multiple sectors. This role encompasses the full range of responsibilities typically held by an in-house Information Systems Security Manager (ISSM), with the added challenge of supporting multiple clients under diverse compliance frameworks. 

The ISSE will play a key role in advancing CCS’s defense compliance program and driving the continuous growth of our cybersecurity practice. The position requires deep knowledge of DFARS, NIST guidelines, NISPOM, and CMMC, as well as the ability to tailor technical and compliance solutions to each client’s operational and regulatory requirements. 

Key Responsibilities 

•       Serve as the primary cybersecurity engineer and compliance advisor for clients operating under DFARS 252.204-7012, NIST SP 800-171/53, NISPOM, and CMMC 2.0 frameworks.

•       Design, implement, and document secure architectures balancing compliance, risk management, and operational efficiency.

•       Develop, maintain, and review System Security Plans (SSPs), POA&Ms, and Incident Response Plans aligned with DoD and NIST standards.

•       Conduct gap analyses and readiness assessments for CMMC 2.0 and NIST SP 800-171 control compliance.

•       Develop and assist clients with implementing security policies, procedures, and awareness training programs.

•       Identify and mitigate cybersecurity risks and vulnerabilities across client environments.

•       Collaborate with defense compliance and vCISO teams to implement secure system configurations and continuous monitoring programs.

•       Support system authorization and accreditation processes (RMF / NISPOM / CMMC).

•       Build and maintain POA&Ms and assist with remediation planning and execution.

•       Participate in client security governance processes, reporting status and recommendations to stakeholders.

•       Evaluate and recommend new technologies, tools, and configurations to enhance compliance and security posture.

•       Guide clients through external audits, assessments, and certification activities.

•       Gain knowledge/expertise in the handling of FOCI-mitigated clients and associated compliance requirements.

•       Prepare and present technical findings and risk reports to executive and nontechnical audiences.

•       Perform other job-related duties as assigned.

Qualifications 

•       Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience.

•       Extensive knowledge of:

o    DFARS 252.204-7012 and related DoD cybersecurity mandates. o   NIST SP 800-171, NIST SP 800-53, and supporting frameworks. o     National Industrial Security Program Operating Manual (NISPOM).

o    CMMC 2.0 maturity levels, domains, and practices.

•       7+ years of experience in IT administration and security engineering.

•       5+ years working in the defense sector supporting compliance or accreditation efforts.

•       2+ years of experience administering Office 365 GCC High / Azure Gov Cloud environments.

•       Familiarity with Cisco, Meraki, and Fortinet network products.

•       Experience with VMware, Veeam, Microsoft Windows Server, and related management tools.

•       Experience with vulnerability management (e.g., Nessus, Qualys), SIEM, and endpoint protection platforms.

•       Knowledge of RMF, STIGs, and DISA hardening standards.

•       Strong written and verbal communication skills; able to translate technical findings into business context.

•       US Citizenship required; ability to obtain or maintain DoD security clearance (Secret or higher).

Certifications 

Required / Strongly Preferred: 
o    CISSP, Cyber AB CCP/CCA, or equivalent.      
Preferred: 
o     CISM or CISA 
o    CCSP or Azure Security Engineer Associate 
o     CAP (Certified Authorization Professional) 
o    CMMC Certified Professional (CCP) or CMMC Assessor (CCA) 
 

Compensation & Benefits 

•       Competitive compensation based on experience and certifications.

•       Flexible remote schedule and client engagement model.

•       Opportunities for professional growth within a rapidly expanding cybersecurity and compliance practice.

•       Access to ongoing CMMC/DFARS/NIST training, certification pathways, and mentorship programs.