Cybersecurity Assessor (CMMC)

TL;DR

Cybersecurity Assessor (CMMC): Conducting security control assessments for commercial and government clients, including developing and reviewing System Rules of Engagement (ROE), Security Assessment Plans (SAPs), and Security Assessment Reports (SARs) with an accent on CMMC-aligned evidence review, risk-based remediation guidance, and POA&M support. Focus on leading assessment meetings, validating system boundaries and control baselines, and performing continuous monitoring to ensure controls remain effective throughout the information system lifecycle.

Location: Remote

Salary: $90,000–$115,000

Company

hirify.global is a cybersecurity and digital services company serving Federal government and commercial customers.

What you will do

• Conduct security control assessments to determine overall control effectiveness and the vulnerability state of components, applications, and databases within a system boundary.
• Develop, document, and review ROE, SAPs, and SARs, including quality control of assessment deliverables.
• Run assessment kick-off activities, build schedules and resource plans, and lead post-assessment meetings with customers.
• Review system boundaries, common controls, security categorization, and applicable security control baselines based on system categorization.
• Review cyber/system/network evidence for accuracy and completeness and provide feedback to improve assessment outcomes.
• Support POA&M efforts and perform continuous monitoring to ensure implemented security controls remain functional across the system lifecycle.

Requirements

• Experience conducting cybersecurity/security control assessments for commercial and/or government customers.
• Ability to develop and review assessment documentation (ROE, SAPs, SARs) and perform quality control on deliverables.
• Strong knowledge of risk-based approaches for security control implementation and vulnerability remediation.
• Experience reviewing and validating system boundaries, common controls, and security categorization/effective control baselines.
• Ability to review and assess cyber/system/network evidence for accuracy and completeness.
• Ability to support POA&M mitigation tracking and timelines in line with customer policy requirements.

Culture & Benefits

• Fully remote work with off-site responsibilities as needed.
• Customer-service mindset paired with subject-matter expertise.
• Growth-oriented environment with accountability and adaptability.
• Security and integrity-focused approach to client outcomes.

Hiring process

• Interviews to evaluate cybersecurity assessment experience and CMMC-aligned knowledge.
• Discussion of assessment approach, documentation quality, and customer-facing delivery.