CMMC Assessment Specialist
C3 Integrated Solutions, Arlington, VA, United States
C3 Integrated Solutions is a market leader in helping the Defense Industrial Base (DIB) navigate cybersecurity and compliance requirements, including CMMC, NIST 800-171, and GCC High. Backed by private equity and having recently merged with Ingalls Information Security, C3 is in an exciting period of rapid growth and innovation. We partner with organizations across the defense supply chain to secure their operations and position them for long-term success in a highly regulated environment. With the final CMMC rule now in effect and demand surging across the industry, this is a pivotal moment to join our team. You’ll be at the center of scaling a marketing engine that not only drives growth but also strengthens national security by empowering contractors to meet critical compliance standards. If you’re looking for an opportunity to build, innovate, and make an immediate impact, while working alongside a passionate team of experts, C3 is the place to do it.
We’re seeking a technical engineer interested in growing into CMMC compliance. In this role, you will support the preparation and demonstration of technical configurations for CMMC Level 2 assessments. The CMMC Assessment Specialist plays a key role representing clients in C3’s Cybersecurity Maturity Model Certification (CMMC) Assessment program.
What You’ll Do
Review and prepare client documentation to ensure successful pre‑assessments and assessments.
Document areas of non‑compliance and develop remediation plans.
Validate system scope (technology, people, business processes) for compliance.
Perform QA/QC and validate artifacts and evidence and ensure client success prior to assessment.
Validate, and defend System Security Plan(s), policies, and procedures in CMMC assessments.
Support and conduct mock assessments.
Manage customer expectations, internal and external resources, and relevant third parties to ensure engagements are successful.
Facilitate post‑assessment debriefings with clients to review findings and next steps.
Provide expert guidance on interpreting compliance requirements and translating them into actionable steps for clients.
Develop and maintain subject matter expertise in the laws, regulations, and government‑wide policies that govern cybersecurity data protection for the U.S. Defense Industrial Base, including:
DFARS (NIST SP 800-171, FedRAMP equivalency)
CMMC (Levels 1 & 2, boundary scoping)
CUI Program (NARA CUI Registry, CUI/CDI/CTI, FCI)
Export controls (ITAR/EAR)
Assist team members with client needs as needed.
Analyze assessment results and provide strategic recommendations for improving C3’s services.
Contribute to the development of internal best practices and methodologies for conducting assessments.
Mentor junior team members on assessment techniques and client management strategies.
What You’ll Bring
Technical understanding and experience leveraging Microsoft cloud services (Azure, Office 365) to meet compliance requirements, especially in Azure Government and Microsoft 365 GCC High environments.
Familiarity in compliance frameworks such as SOC, ISO, CMMI, SOX, or PCI.
Experience with Zscaler, CrowdStrike, or Airlock is a plus.
Very strong written and verbal communication skills, with the ability to convey technical information as a subject‑matter expert for various compliance frameworks.
High emotional intelligence and interpersonal skills, with an enthusiasm for collaboration and coordination with various client company stakeholders from executive management to entry‑level staff.
Strong organizational and time management skills with ability to correctly prioritize workload to maintain schedules, deadlines, and standards on assigned projects.
Ability to remain calm under pressure and be adaptable.
Ability to cross‑train into other specialties.
Awareness of the cybersecurity product/vendor landscape and current security best practices.
Awareness of U.S. export control requirements under ITAR and EAR.
Experience consulting with multiple clients at the same time.
Professional certifications such as the Cyber AB’s CCA (preferred) or CCP, or other industry credentials such as CISSP, CISM, CISA, or similar preferred.
3 or more years of experience implementing cybersecurity requirements for Department of Defense contractors or federal information systems.
Bachelor’s degree or higher in technology, engineering, or related field.
U.S. Person as defined in 22 CFR.
120.62
What You’ll Get
To be a part of one of the fastest‑growing companies in America, and a talented team to back you up.
An awesome culture, backed up by winning several Best Places to Work awards.
Remote work opportunities.
Medical, Dental, Vision Insurance.
Four weeks of Paid Time Off (vacation & sick leave).
Four weeks of Paid Maternity and Paternity leave.
Two days of Paid Volunteer Time.
401(k) with 4% company match.
Company bonus structure.
Tuition reimbursement.
Employer‑sponsored disability and life insurance.
Professional development.
This is a remote position with minimal travel.
C3 Integrated Solutions is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity or expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.
This is a general description of the duties, responsibilities and qualifications required for this position. Physical, mental, sensory, or environmental demands may be referenced to communicate the way this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, C3 Integrated Solutions will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.
#J-18808-Ljbffr
We’re seeking a technical engineer interested in growing into CMMC compliance. In this role, you will support the preparation and demonstration of technical configurations for CMMC Level 2 assessments. The CMMC Assessment Specialist plays a key role representing clients in C3’s Cybersecurity Maturity Model Certification (CMMC) Assessment program.
What You’ll Do
Review and prepare client documentation to ensure successful pre‑assessments and assessments.
Document areas of non‑compliance and develop remediation plans.
Validate system scope (technology, people, business processes) for compliance.
Perform QA/QC and validate artifacts and evidence and ensure client success prior to assessment.
Validate, and defend System Security Plan(s), policies, and procedures in CMMC assessments.
Support and conduct mock assessments.
Manage customer expectations, internal and external resources, and relevant third parties to ensure engagements are successful.
Facilitate post‑assessment debriefings with clients to review findings and next steps.
Provide expert guidance on interpreting compliance requirements and translating them into actionable steps for clients.
Develop and maintain subject matter expertise in the laws, regulations, and government‑wide policies that govern cybersecurity data protection for the U.S. Defense Industrial Base, including:
DFARS (NIST SP 800-171, FedRAMP equivalency)
CMMC (Levels 1 & 2, boundary scoping)
CUI Program (NARA CUI Registry, CUI/CDI/CTI, FCI)
Export controls (ITAR/EAR)
Assist team members with client needs as needed.
Analyze assessment results and provide strategic recommendations for improving C3’s services.
Contribute to the development of internal best practices and methodologies for conducting assessments.
Mentor junior team members on assessment techniques and client management strategies.
What You’ll Bring
Technical understanding and experience leveraging Microsoft cloud services (Azure, Office 365) to meet compliance requirements, especially in Azure Government and Microsoft 365 GCC High environments.
Familiarity in compliance frameworks such as SOC, ISO, CMMI, SOX, or PCI.
Experience with Zscaler, CrowdStrike, or Airlock is a plus.
Very strong written and verbal communication skills, with the ability to convey technical information as a subject‑matter expert for various compliance frameworks.
High emotional intelligence and interpersonal skills, with an enthusiasm for collaboration and coordination with various client company stakeholders from executive management to entry‑level staff.
Strong organizational and time management skills with ability to correctly prioritize workload to maintain schedules, deadlines, and standards on assigned projects.
Ability to remain calm under pressure and be adaptable.
Ability to cross‑train into other specialties.
Awareness of the cybersecurity product/vendor landscape and current security best practices.
Awareness of U.S. export control requirements under ITAR and EAR.
Experience consulting with multiple clients at the same time.
Professional certifications such as the Cyber AB’s CCA (preferred) or CCP, or other industry credentials such as CISSP, CISM, CISA, or similar preferred.
3 or more years of experience implementing cybersecurity requirements for Department of Defense contractors or federal information systems.
Bachelor’s degree or higher in technology, engineering, or related field.
U.S. Person as defined in 22 CFR.
120.62
What You’ll Get
To be a part of one of the fastest‑growing companies in America, and a talented team to back you up.
An awesome culture, backed up by winning several Best Places to Work awards.
Remote work opportunities.
Medical, Dental, Vision Insurance.
Four weeks of Paid Time Off (vacation & sick leave).
Four weeks of Paid Maternity and Paternity leave.
Two days of Paid Volunteer Time.
401(k) with 4% company match.
Company bonus structure.
Tuition reimbursement.
Employer‑sponsored disability and life insurance.
Professional development.
This is a remote position with minimal travel.
C3 Integrated Solutions is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity or expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.
This is a general description of the duties, responsibilities and qualifications required for this position. Physical, mental, sensory, or environmental demands may be referenced to communicate the way this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, C3 Integrated Solutions will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.
#J-18808-Ljbffr