Motion Recruitment Partners, LLC
Senior Cybersecurity Engineer- Hybrid Alexandria, VA
Motion Recruitment Partners, LLC, Arlington, Virginia, United States, 22201
Senior Cybersecurity Engineer- Compliance & Risk Management
This role is responsible for managing multiple regulatory frameworks-CMMC, FedRAMP, SCRM, NIST 800-171/53, and ISO 27001:2022-across hybrid cloud environments. You will lead a small team of junior engineers performing vulnerability assessments and security scanning, build and maintain security documentation and policies, respond to time-sensitive client security requests, and coordinate third-party audits.
The company is located in
Alexandria, VA
and will be a hybrid model of 3 days onsite a week.
What You Will Be Doing:
Lead enterprise cybersecurity compliance programs (CMMC, FedRAMP, SCRM, NIST frameworks, ISO 27001:2022).
Own monthly compliance reporting and KPI dashboards for executive leadership.
Plan, coordinate, and support third-party audits (NIST 800-171, CMMC, ISO 27001, FedRAMP), including follow-up remediation activities.
Maintain and organize compliance evidence repositories and SaaS-based control implementations.
Evaluate, recommend, and implement security controls across AWS, Azure, and Office 365 environments and supported applications.
Oversee Risk Management Framework (RMF) processes for government contracts and DoD-facing applications (including ATO/IATT/IATO documentation).
Run weekly POA&M reviews and monthly security assessments.
Develop, update, and enforce security policies, procedures, and technical standards.
Lead vulnerability management efforts and coordinate security assessments and penetration testing.
Manage the business continuity/COOP program, including disaster recovery and crisis response planning.
Direct incident response activities and lead investigations of security events.
Mentor, coach, and manager of junior cybersecurity engineers and analysts.
Serve as a primary interface with federal agencies, auditors, and compliance assessors.
Collaborate with system architects to define and implement security requirements for existing workloads, cloud migrations, and hybrid environments.
Own completion of customer cybersecurity questionnaires and due diligence requests under tight deadlines.
Partner with the Contracts division on RFP responses related to IT security, controls, data privacy, and regulatory compliance.
Support implementation and ongoing management of the cybersecurity supply chain risk management (C-SCRM) program.
Develop compliance documentation and security narratives for proposals and business development efforts.
Act as a subject matter expert on internal security controls, frameworks, and regulations.
Required Skills & Experience:
Bachelor’s degree in Cybersecurity, Computer Science, or a related discipline; equivalent experience may be considered in lieu of a degree.
7 years of experience in cybersecurity engineering and compliance.
5 years of enterprise experience leading risk and compliance initiatives involving multiple security frameworks.
Security certification (or ability to obtain within 6 months); CISSP, CCSP, or CISM preferred.
Deep, hands-on experience with NIST 800-171, NIST 800-53, RMF, and DoD compliance frameworks.
Practical experience with CMMC and FedRAMP authorization processes.
Proficiency with Office 365 security configuration and administration.
Experience with vulnerability scanning platforms (e.g., ACAS, Nessus, Rapid7, Qualys, or similar).
Strong analytical, investigative, and information-gathering skills and the ability to manage multiple concurrent tasks under tight deadlines.
Excellent written and verbal communication skills for engaging stakeholders at all levels.
Applicants must be currently authorized to work in the United States on a full-time basis now and in the future. This position doesn’t provide sponsorship.
#J-18808-Ljbffr
This role is responsible for managing multiple regulatory frameworks-CMMC, FedRAMP, SCRM, NIST 800-171/53, and ISO 27001:2022-across hybrid cloud environments. You will lead a small team of junior engineers performing vulnerability assessments and security scanning, build and maintain security documentation and policies, respond to time-sensitive client security requests, and coordinate third-party audits.
The company is located in
Alexandria, VA
and will be a hybrid model of 3 days onsite a week.
What You Will Be Doing:
Lead enterprise cybersecurity compliance programs (CMMC, FedRAMP, SCRM, NIST frameworks, ISO 27001:2022).
Own monthly compliance reporting and KPI dashboards for executive leadership.
Plan, coordinate, and support third-party audits (NIST 800-171, CMMC, ISO 27001, FedRAMP), including follow-up remediation activities.
Maintain and organize compliance evidence repositories and SaaS-based control implementations.
Evaluate, recommend, and implement security controls across AWS, Azure, and Office 365 environments and supported applications.
Oversee Risk Management Framework (RMF) processes for government contracts and DoD-facing applications (including ATO/IATT/IATO documentation).
Run weekly POA&M reviews and monthly security assessments.
Develop, update, and enforce security policies, procedures, and technical standards.
Lead vulnerability management efforts and coordinate security assessments and penetration testing.
Manage the business continuity/COOP program, including disaster recovery and crisis response planning.
Direct incident response activities and lead investigations of security events.
Mentor, coach, and manager of junior cybersecurity engineers and analysts.
Serve as a primary interface with federal agencies, auditors, and compliance assessors.
Collaborate with system architects to define and implement security requirements for existing workloads, cloud migrations, and hybrid environments.
Own completion of customer cybersecurity questionnaires and due diligence requests under tight deadlines.
Partner with the Contracts division on RFP responses related to IT security, controls, data privacy, and regulatory compliance.
Support implementation and ongoing management of the cybersecurity supply chain risk management (C-SCRM) program.
Develop compliance documentation and security narratives for proposals and business development efforts.
Act as a subject matter expert on internal security controls, frameworks, and regulations.
Required Skills & Experience:
Bachelor’s degree in Cybersecurity, Computer Science, or a related discipline; equivalent experience may be considered in lieu of a degree.
7 years of experience in cybersecurity engineering and compliance.
5 years of enterprise experience leading risk and compliance initiatives involving multiple security frameworks.
Security certification (or ability to obtain within 6 months); CISSP, CCSP, or CISM preferred.
Deep, hands-on experience with NIST 800-171, NIST 800-53, RMF, and DoD compliance frameworks.
Practical experience with CMMC and FedRAMP authorization processes.
Proficiency with Office 365 security configuration and administration.
Experience with vulnerability scanning platforms (e.g., ACAS, Nessus, Rapid7, Qualys, or similar).
Strong analytical, investigative, and information-gathering skills and the ability to manage multiple concurrent tasks under tight deadlines.
Excellent written and verbal communication skills for engaging stakeholders at all levels.
Applicants must be currently authorized to work in the United States on a full-time basis now and in the future. This position doesn’t provide sponsorship.
#J-18808-Ljbffr