Cyber Security Specialist

About the Company

Leonard Workforce Solutions is conducting a confidential search on behalf of a growing organization seeking a qualified candidate for the following position. Our client, a long-standing Department of Defense manufacturer supporting mission-critical defense and aerospace programs, is hiring a Cybersecurity & Compliance Specialist to lead the company's CMMC and CUI compliance program.

About the Role

Reporting to the IT & Systems Manager, this role owns the organization's cybersecurity posture, governance, readiness, training, and ongoing certification activities for information systems subject to CMMC and handling Controlled Unclassified Information. This is a hands-on leadership role. You will drive the strategic roadmap to achieve and maintain CMMC Level 2 compliance, own and maintain the System Security Plan (SSP) and POA&Ms, oversee implementation of NIST SP 800-171 controls, and serve as the primary liaison with customers, internal leadership, Registered Practitioner Organizations (RPO), and Certified Third-Party Assessor Organizations (C3PAO).

Responsibilities

• Provide governance and program management for CMMC Level 2 and NIST SP 800-171 compliance, including readiness assessments, gap analysis, and remediation planning
• Maintain and update the SSP, POA&Ms, risk assessments, and Information System Security (ISS) policies
• Submit and maintain data in PIEE, SPRS, and related DoD compliance systems
• Monitor applicable FAR/DFARS clauses and emerging regulatory requirements
• Lead incident response, disaster recovery, and business continuity planning activities
• Develop and deliver cybersecurity, CUI, and risk-awareness training (onboarding and annual)
• Oversee continuous monitoring, logging, vulnerability scanning, and system hardening in coordination with internal IT staff and External Service Providers (MDR, MSP, MSSP)
• Support supplier and vendor compliance efforts in partnership with Supply Chain
• Coordinate annual CMMC attestation and ongoing audit readiness

Qualifications

• Bachelor's degree in Computer Science, Information Systems, or a specialized cybersecurity program
• Minimum three years of experience across cybersecurity threat monitoring and remediation, corporate policy implementation, user training, Windows Server administration, Microsoft Entra ID, and Microsoft 365 / Exchange administration
• Must be a U.S. Person and authorized to access ITAR and EAR controlled technical data
• Previous employment with a Department of Defense contractor preferred
• Previous experience with CMMC and NIST 800-171 compliance preferred

Required Skills

• CMMC Level 2
• NIST SP 800-171
• Controlled Unclassified Information (CUI)
• System Security Plan (SSP) & POA&M
• Risk Assessment & Governance
• Incident Response
• Microsoft Entra ID
• Microsoft 365 / Exchange Administration
• Windows Server Administration
• Security Awareness Training

Pay range and compensation package

Compensation will be discussed with qualified candidates.

Equal Opportunity Statement

We are committed to diversity and inclusivity.