×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Cloud Computing: Infrastructure & Operations Azure

CMMC Security Engineer; US Hybrid

Job in Las Vegas, Clark County, Nevada, 89105, USA
Listing for: Intelligent Technical Solutions
Full Time position
Listed on 2026-06-19
Job specializations:
  • IT/Tech
    Cybersecurity, Cloud Computing: Infrastructure & Operations, Azure
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below
Position: CMMC Security Engineer (US Hybrid)

Responsibilities

  • Design and deploy CMMC‑compliant enclave architectures in Azure: cloud‑only (GCC/GCC High), hybrid (on‑prem + GCC), and on‑premises environments. Select and implement the appropriate topology (hub‑spoke, segmented) based on client requirements.
  • Provision and configure Microsoft 365 GCC and GCC High tenants including initial setup, domain verification, licensing assignment, and tenant hardening.
  • Configure Microsoft Entra  provisioning, Security Groups, Administrative Units, Conditional Access policies (MFA, device compliance, location‑based, session controls), Privileged Identity Management (PIM), and Identity Protection risk policies.
  • Deploy and configure Microsoft Intune: device enrollment, compliance policies, configuration profiles, security baselines (CIS/STIG), Bit Locker encryption with FIPS 140‑2 compliance, Windows Update for Business rings, and application management via Company Portal.
  • Deploy and configure Microsoft Sentinel:
    Log Analytics workspace setup, data connector deployment (M365, Entra , Defender, Azure Activity, Firewall, NSG flow logs), KQL‑based analytics rules, automation playbooks (Logic Apps), and CMMC compliance workbooks/dashboards.
  • Deploy and configure Microsoft Defender for Endpoint: device onboarding, antivirus policies, Attack Surface Reduction (ASR) rules, endpoint DLP, network protection, web content filtering, and vulnerability management.
  • Configure Microsoft Purview: sensitivity labels (CUI, FCI, Public), auto‑labeling policies, DLP policies across Exchange, SharePoint, Teams, and endpoints, and information barriers where required.
  • Design and implement Azure networking:
    Virtual Networks, subnets, NSGs, Azure Firewall, Azure Bastion, VPN Gateway (site‑to‑site and point‑to‑site), Private Endpoints, route tables, and DDoS Protection.
  • For hybrid environments: configure Azure AD Connect (or Cloud Sync), hybrid device join, pass‑through authentication or password hash sync, split DNS, and Azure Arc for on‑premises server management.
  • Configure encryption across the environment:
    Bit Locker (XTS‑AES 256), FIPS 140‑2 compliance mode, TLS 1.2+ enforcement, VPN encryption (IKEv2/AES‑256), and Purview encryption for CUI‑labeled content.
  • Execute remediation tasks from the CMMC Remediation Tracker as assigned by the GRC Consultant. Each task maps a specific NIST 800‑171 control objective to an Azure/M365 configuration with step‑by‑step instructions.
  • Capture and organize technical evidence for each implemented control: configuration screenshots, policy exports (JSON), audit log samples, compliance reports, and test results.
  • Support incident response capability deployment:
    Sentinel playbook creation, automated notification workflows, and incident response procedure testing.
  • Perform client environment migrations to GCC/GCC High (tenant‑to‑tenant migration using Bit Titan, Share Gate, or native Microsoft tools).
  • Work across 4‑7 concurrent client environments at various stages of build and remediation.
Job Qualifications – Required Technical Experience
  • Willing to work in a hybrid setup—remotely or on‑site at client locations, as required.
  • 3+ years hands‑on experience administering Microsoft Azure and M365 environments in a professional capacity (not lab‑only).
  • Direct experience configuring Conditional Access policies, Entra , and identity architecture (cloud‑only and hybrid with Azure AD Connect).
  • Direct experience deploying and managing Microsoft Intune for endpoint compliance, configuration profiles, security baselines, and Bit Locker management.
  • Direct experience deploying Microsoft Sentinel including data connectors, KQL query writing, analytics rules, and automation playbooks.
  • Experience configuring Azure networking: VNets, NSGs, Azure Firewall or third‑party NVA, VPN Gateway, and network security architecture.
  • Experience deploying Microsoft Defender for Endpoint including device onboarding, ASR rules, and vulnerability management.
  • Proficiency with Power Shell and Microsoft Graph API for automation and bulk configuration tasks.
  • Understanding of NIST SP 800‑171 controls and how they map to specific Azure/M365 technical implementations.
Strongly Preferred Technical Experience
  • Exper…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search