Cybersecurity Engineer

ABOUT THE ROLE: 

The Cybersecurity Engineer is a pivotal role dedicated to securing Nooks' unclassified networks and ensuring strict adherence to NIST SP 800-171 standards. While our classified infrastructure is vital, protecting our Controlled Unclassified Information (CUI) is equally critical to our mission and partner trust. 

This position requires a "player-coach" mindset—someone who can manage the compliance program but also has the technical ability to conduct deep-dive self-assessments and internal audits. You will own the security posture of our unclassified environment, specifically within our Google Workspace architecture. This role is ideal for a technical compliance professional who understands how to translate NIST controls into practical configurations within a modern, cloud-native collaborative environment. 

KEY RESPONSIBILITIES: 

• NIST 800-171 Governance: Serve as the primary owner for the unclassified environment's compliance posture. Manage and maintain the System Security Plan (SSP) to ensure accurate reflection of implemented controls against NIST SP 800-171 and CMMC Level 2 requirements. 
• Self-Assessments & Auditing: Independently plan and execute comprehensive self-assessments of the unclassified network. Act as an internal auditor to validate control effectiveness, generate SPRS scores, and identify gaps prior to third-party assessments. 
• Google Workspace Security: Architect and monitor security configurations within the network. Ensure Data Loss Prevention (DLP), access controls, and mobile device management (MDM) settings meet CUI protection requirements. 
• Remediation Management: Track findings and vulnerabilities; develop and manage Plans of Action & Milestones (POA&Ms) to drive timely remediation of security gaps. ● Audit Readiness: Lead the preparation for C3PAO assessments. Compile evidence artifacts, interview technical staff, and ensure the environment is "audit-ready" at all times. 
• Vendor & Supply Chain: Evaluate the compliance posture of third-party tools and

vendors integrated into the unclassified environment to ensure no breakage in the chain of trust. 

• Software Vetting & Compliance: Serve as the primary cybersecurity point of contact for evaluating new enterprise software introductions. Assess compliance requirements and ensure all tools meet network-specific security standards and organizational policies. 

REQUIRED QUALIFICATIONS: 

• Citizenship: You must be a US Citizen (Compliance requirement for accessing CUI/ITAR data). 
• Experience: A minimum of 5-8 years of experience in Cybersecurity, with at least 3 years focused specifically on NIST SP 800-171 compliance and implementation. ● Google Workspace Expertise: Demonstrated experience configuring and securing Google Workspace (formerly G-Suite) in a regulated environment. You must understand how to apply compliance controls to Drive, Gmail, and endpoint management. ● Assessment Skills: Proven ability to conduct technical self-assessments. You must be comfortable acting as an auditor, testing controls, and gathering evidence without supervision. 
• Framework Knowledge: Deep understanding of DFARS 252.204-7012/7019/7020, NIST SP 800-171, and CMMC Level 2 assessment guides. 
• Certifications: Active DoD 8570/8140 IAM Level II or III certification (e.g., CISSP, CISM, CASP+, or CAP). 
• Communication: Strong ability to explain technical requirements to non-technical leadership and document controls clearly for external auditors. 
• CMMC Ecosystem: Status as a CMMC Certified Professional (CCP) or Registered Practitioner (RP). 
• Google Certifications: Google Professional Cloud Security Engineer or Professional Google Workspace Administrator. 

PREFERRED QUALIFICATIONS: 

• Clearance: While this role focuses on the unclassified environment, an active Secret or Top Secret clearance is a plus. 
• Audit Experience: Experience functioning as a formal security control assessor (SCA) or QSA. 

COMPENSATION: 

• base salary (Per Level) 
• Yearly Bonus Structure + Equity Ownership in company 
• Medical, Dental and Vision benefits 
• 401k Employer Contribution Plan 
• Flexible PTO Policy 

LOCATION: 

• Remote (Must reside in the US)

TRAVEL: 

• This role requires approximately 10-20% travel for on-site assessments or team strategy meetings. 

ELIGIBILITY: 

● You must be a US Citizen.