Next Orbits INC is seeking a Senior FedRAMP / CMMC Security & Compliance Engineer to lead hands-on compliance execution across federal and defense-aligned environments. This role involves translating FedRAMP and CMMC requirements into practical implementations while partnering closely with various teams to ensure compliance outcomes are met effectively.
Responsibilities:
- Lead hands-on support for FedRAMP and CMMC compliance initiatives , with primary responsibility for control mapping, implementation alignment, and assessment readiness
- Translate FedRAMP (NIST 800-53) and CMMC / NIST 800-171 requirements into concrete technical and operational controls across cloud and system environments
- Own control mappings, ensuring accuracy, traceability, and alignment between framework requirements and real-world implementations
- Partner closely with engineering, DevOps, IT, and security teams to support deployment and enforcement of security controls , not just documentation
- Support the development and maintenance of compliance artifacts, including SSPs, control narratives, and supporting evidence
- Drive evidence strategy and collection, ensuring artifacts are defensible, complete, and aligned with assessor expectations
- Serve as a senior point of accountability during assessments, readiness reviews, and stakeholder discussions
- Identify compliance gaps, risks, and ambiguities early and proactively drive remediation plans
- Provide clear guidance to technical teams on how to meet control requirements in practical, scalable ways
- Review and validate control implementations and supporting documentation produced by other contributors
- Help establish and reinforce consistent compliance practices, patterns, and standards across environments
- Communicate effectively with both technical and non-technical stakeholders, translating complex requirements into actionable guidance
- Operate with a strong bias toward execution, progress, and outcomes in fast-moving or imperfect environments
Requirements:
- 8+ years of experience in security, compliance, or risk management roles within regulated or federal-aligned environments
- Strong hands-on experience supporting FedRAMP and/or CMMC initiatives, including control mapping and implementation support
- Demonstrated ability to translate compliance frameworks into real technical and operational controls
- Experience working directly with cloud environments (e.g., AWS, Azure, or GCP), including security-relevant services such as IAM, logging, encryption, monitoring, and vulnerability management
- Proven ability to operate independently and lead compliance execution without heavy oversight
- Comfort working in ambiguous environments and making sound judgment calls
- Experience supporting audits, assessments, or readiness activities
- Strong written and verbal communication skills, with the ability to explain compliance concepts clearly to engineering and leadership audiences
- US Citizenship required
- Experience working in federal, DoD, or defense-adjacent environments
- Familiarity with AWS GovCloud and/or Azure Government
- Experience supporting compliance in cloud-native or hybrid environments
- Prior involvement in environments pursuing or maintaining ATOs
- Experience collaborating with external assessors, auditors, or third-party partners
- Background in environments where security, compliance, and engineering work closely together