Senior Cybersecurity / IT Systems Engineer (CMMC / DoD Compliance)

Position Summary

The Senior Cybersecurity / IT Systems Engineer is responsible for designing, implementing, and maintaining secure IT environments supporting both Classified and Controlled Unclassified Information (CUI) systems. This role ensures full compliance with DoD cybersecurity requirements, including CMMC, NIST standards, and RMF, across networked, standalone, and air-gapped environments.

This position owns end-to-end security posture, including system hardening, identity management, network security, and audit readiness.

Key Responsibilities

CMMC & DoD Compliance
  • Implement and maintain controls aligned with Cybersecurity Maturity Model Certification (Level 2/3)
  • Ensure compliance with NIST SP 800-171 (CUI) and NIST SP 800-53 (Classified systems via RMF)
  • Support Risk Management Framework processes including system categorization, control selection, implementation, assessment, and ATO lifecycle
  • Develop and maintain SSPs, POA&Ms, and audit artifacts
  • Prepare systems for C3PAO assessments and government accreditation

Classified & CUI Environment Security
  • Design, implement, and maintain environments handling:
    • Controlled Unclassified Information (CUI)
    • Classified data (Secret and above)
  • Enforce strict separation between classified, CUI, and unclassified networks
  • Implement cross-domain and data transfer controls per DoD policy
  • Ensure compliance with data handling, marking, storage, and transmission requirements
  • Support SCIF operations and accreditation requirements

System Hardening & Secure Architecture
  • Apply and enforce DISA STIGs across all systems
  • Design and secure:
    • Standalone and air-gapped systems
    • Classified enclaves and secure processing environments
    • Hybrid cloud (GovCloud / Azure Government where authorized)
  • Implement Zero Trust architecture and least privilege principles

Operating Systems (Windows & Linux)
  • Administer and harden Microsoft Windows Server (2016/2019/2022)
  • Manage Active Directory:
    • Group Policy (GPO) enforcement
    • Privileged access control and auditing
  • Administer and secure Red Hat Enterprise Linux (RHEL 7/8/9)
  • Implement:
    • Patch management (WSUS, SCCM, yum/dnf)
    • System auditing and logging (Event Logs, auditd)
    • Secure authentication mechanisms

Identity & Access Management
  • Implement Multi-Factor Authentication (MFA) across enterprise systems
  • Enforce identity governance, least privilege, and account lifecycle management
  • Support CAC/PIV authentication and enterprise identity integration

Network Security
  • Architect secure network environments:
    • VLAN segmentation and boundary protection
    • Firewalls, VPNs, IDS/IPS
  • Monitor network activity and respond to security events
  • Enforce secure data flows across classification boundaries

Endpoint & Server Security
  • Deploy endpoint protection and EDR solutions
  • Conduct vulnerability scanning (ACAS/Nessus) and remediate findings
  • Implement file integrity monitoring and configuration control
  • Maintain secure configurations across all systems

Air-Gapped & High-Security Systems
  • Design and operate air-gapped systems for classified and sensitive workloads
  • Implement controlled data transfer solutions:
    • Media scanning and sanitization
    • Manual review processes
    • One-way transfer mechanisms (data diodes where applicable)
  • Maintain compliance without reliance on external connectivity

Risk Management & Incident Response
  • Conduct risk assessments and continuous monitoring
  • Support incident detection, response, and forensic analysis
  • Maintain system readiness for ATO and re-accreditation

Documentation & Audit Support
  • Maintain complete audit-ready documentation and evidence repositories
  • Provide artifacts for CMMC and RMF audits
  • Interface with auditors, security teams, and government stakeholders

Required Qualifications

Experience
  • 7+ years in cybersecurity, system administration, or IT engineering
  • Direct experience supporting CUI and/or classified DoD systems
  • Hands-on experience with CMMC and RMF processes

Technical Expertise
  • NIST SP 800-171, NIST SP 800-53, DISA STIGs, Risk Management Framework
  • Windows Server / Active Directory and RHEL / Linux administration
  • Vulnerability management (ACAS/Nessus) and SIEM (Splunk, ELK)
  • Endpoint security, patching, and system hardening

Certifications (Preferred)
  • Certified Information Systems Security Professional
  • Certified Information Security Manager
  • CompTIA Security+
  • CMMC RP / CCA

Clearance
  • Active Secret clearance or ability to obtain
  • Must be a US citizen



Interested parties should submit a one page summary and two page resume listing your qualifications to: jobs@tnov.com