Cyber Security Specialist

JOB SUMMARY

The Cybersecurity Specialist is responsible for designing, implementing, and maintaining the organization's IT cybersecurity program in alignment with NIST SP 800-171, Cybersecurity Maturity Model Certification (CMMC) IT requirements, and applicable federal regulations. This role owns the day-to-day security posture of on-premises infrastructure and Microsoft 365 (M365) environments, IT security best practices, supports audit readiness, and serves as the internal subject-matter expert for all matters related to the protection of IT assets.

This is a hands-on technical role that also requires strong communication skills - the Specialist must translate complex security requirements into actionable guidance for non-technical staff and effectively partner with the compliance manager on CMMC and NIST regulatory frameworks.

Responsibilities include:

• NIST SP 800-171 & CMMC Compliance
  • Support, update, and maintain the organization's System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all supporting compliance documentation relating to IT systems in coordination with the Compliance Manager.
  • Recommend, architect, and design the necessary compliance frameworks, enclaves, hardware, and software required to meet compliance requirements.
  • Conduct and track gap assessments against NIST SP 800-171 controls and CMMC Level 2 practice requirements
  • Lead remediation efforts for identified control gaps, coordinating with IT staff, management, and third-party vendors as needed
  • Prepare the organization for third-party CMMC assessments (C3PAO); serve as the primary IT point of contact during assessment activities
  • Maintain and update the CUI scope definition, data flow diagrams, and assessment boundary documentation based on organizational flow down information in coordination with the Compliance Manager.

• Infrastructure Security
  • Administer and harden on-premises Active Directory (AD), DNS, DHCP, and file server environments in accordance with security baselines (CIS Benchmarks, DISA STIGs)
  • Configure and manage firewalls, VLANs, and network segmentation controls to isolate CUI environments
  • Manage endpoint protection platforms (EPP/EDR) across all on-premises workstations and servers
  • Oversee patch management programs for operating systems, firmware, and third-party applications
  • Implement and monitor multi-factor authentication (MFA) for all user and privileged accounts
  • Control and audit use of removable media and portable storage devices
  • Administer and harden the Microsoft 365 security posture including Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams
  • Configure and manage Antivirus and EDR products
  • Implement and enforce Microsoft Purview Information Protection policies including CUI labeling to prevent data CUI data from entering commercial environments, data loss prevention (DLP), and retention policies
  • Manage Conditional Access policies, Entra ID (Azure AD) security settings, and Privileged Identity Management (PIM)
  • Configure and maintain Microsoft Secure Score benchmarks; remediate identified gaps on a defined schedule
  • Administer Microsoft Intune for mobile device management (MDM) and mobile application management (MAM)

• Monitoring and Incident Response
  • Monitor security event logs, SIEM alerts, and threat intelligence feeds on an ongoing basis
  • Lead investigation and response to security incidents; document findings and corrective actions in accordance with DFARS View phone number on click.appcast.io reporting requirements
  • Conduct periodic vulnerability scans and penetration test coordination; track and remediate findings
  • Perform user access reviews on a defined schedule; enforce least privilege and separation of duties
  • Manage and review privileged account activity and administrator access logs

• Policy, Training, and User Awareness
  • Develop, maintain, and enforce IT security policies, standards, and procedures
  • Provide targeted guidance on CUI handling, marking, and protection to program, engineering, and administrative staff related to IT equipment and software systems
  • Support HR in the security aspects of employee onboarding and offboarding processes

PRINCIPAL CONTACTS INSIDE/OUTSIDE THE COMPANY

This position interacts with a wide variety of Armor office employees and senior management.

COMPETENCY OR POSITION REQUIREMENTS

• Attention to Detail - CMMC and NIST documentation must be precise and audit-ready
• Communication - Ability to explain security requirements clearly to non-technical staff
• Ownership Mentality - Takes initiative on compliance gaps without waiting to be directed
• Discretion - Regularly handles sensitive data and must maintain strict confidentiality
• Collaboration - Works cross-functionally with compliance and operations teams
• Adaptability - CMMC rulemaking continues to evolve and must stay current and pivot quickly

EDUCATION

• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field
• Equivalent combination of education and directly relevant experience will be considered

EXPERIENCE

• Familiarity with Zero Trust Architecture principles and implementation
• 3-5+ years of hands-on experience in an IT security or systems administration role
• Proven experience administering Microsoft 365 security features in a production environment
• Experience managing on-premises Windows Server environments including Active Directory
• Familiarity with firewall administration
• Demonstrated experience implementing or assessing against NIST SP 800-171 controls
• Experience with CMMC compliance, gap assessments, or C3PAO assessments preferred
• Experience with GCC High, Preveil, SecureFrame, Quick Track solutions a plus

EXPERIENCE

• CompTIA Security+ or equivalent Required
• CompTIA CySA+ Preferred
• Certified CCMC Professional (CCP) Preferred
• Certificate CCA a plus

WORKING AND PHYSICAL CONDITIONS

• Primarily office-based
• Will be required to work outside of normal business hours for incident response or maintenance windows
• Ability to sit for extended periods and work at a computer workstation
• Occasional lifting of IT equipment (up to 40 lbs.)