CMMC Cybersecurity Specialist

The CMMC Cybersecurity Specialist is responsible for implementing, maintaining, and continuously improving ACG's cybersecurity posture to support CMMC Level 2 compliance, federal contract requirements, and the protection of Controlled Unclassified Information (CUI). This role operates in a structured, high-expectation environment where documentation, accountability, and execution are non-negotiable. The position supports audits, assessments, and secure operations across the organization while ensuring alignment with NIST SP 800-171 and internal QMS policies., * CMMC & Compliance Execution

• Lead day-to-day implementation and sustainment of CMMC Level 2 controls.
• Maintain alignment with NIST SP 800-171 requirements and federal cybersecurity expectations.
• Prepare, organize, and maintain audit-ready compliance evidence.
• Support assessor interactions following approved communication procedures.

Cybersecurity Operations

• Implement and monitor technical and administrative security controls.
• Support secure configuration, access control, logging, monitoring, and incident response.
• Coordinate vulnerability management, patching, and remediation tracking.
• Ensure secure handling, storage, and transmission of CUI.

Documentation & QMS

• Develop, update, and maintain cybersecurity policies, SOPs, standards, and forms.
• Ensure documentation meets formatting, version control, and annual review requirements.
• Maintain traceability between controls, evidence, and system implementation.

Training & Cross-Functional Support

• Support cybersecurity and CMMC awareness training for employees and contractors.
• Coordinate role-based training and acknowledgment tracking.
• Work closely with HR on personnel security requirements.
• Support Operations and Project Teams on secure practices for federal projects.
• Provide executive-level compliance and risk status updates.

KPIs Impacted

• CMMC control implementation completion percentage
• Audit readiness and evidence completeness
• Policy and SOP review compliance
• Incident response and remediation timelines
• Training completion rates

Do you have experience in Vulnerability management?, * 3+ years of experience in cybersecurity, compliance, or information security.

• Hands-on experience with CMMC Level 2 and NIST SP 800-171.
• Experience supporting audits or formal assessments (CMMC, NIST, ISO, SOC, etc.).
• Experience in federal contracting or regulated environments preferred., * Proven experience in cybersecurity roles with a focus on system security plans, vulnerability management, or network security.
• Strong knowledge of computer networking concepts including LAN/WAN architecture, routing protocols such as OSPF/EIGRP/BGP, TCP/IP stack, DNS/ DHCP configuration.
• Hands-on experience with firewall management (Cisco ASA), IDS/IPS systems, SIEM tools like Splunk or SolarWinds, and open-source scripting languages such as Python or Bash for automation.
• Familiarity with cloud computing platforms such as AWS or Google Cloud Platform along with cloud infrastructure security best practices including FedRAMP compliance.
• Understanding of threat intelligence frameworks and attack frameworks for proactive threat detection & response., * cybersecurity: 3 years (Required)

Pulled from the full job description

• 401(k)
• Health insurance
• 401(k) matching
• Paid time off
• Vision insurance
• Dental insurance
• Profit sharing, * 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Vision insurance

ACG is a fast-growing, family-minded small business built on ownership, discipline, and results. We value clear communication, strong documentation, and consistent follow-through. Our roles move quickly and require people who are organized, emotionally mature, and comfortable with direct feedback. Strong performance and execution translate directly into real financial and professional growth.