Cyber Security Specialist (CMMC Compliance)

United StatesRemoteFull-timemid

OtherCyber Security SpecialistSecurity SpecialistSkilled Trades & Field Services

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

About Canopy Aerospace & Defense Canopy A&D is built to accelerate the future of advanced materials for space, defense, and maritime systems. Canopy delivers specialized materials and components that carry customers from concept through sustainment.

Technical Tools

azurecybersecuritylinux

About Canopy Aerospace & Defense

Canopy A&D is built to accelerate the future of advanced materials for space, defense, and maritime systems. Canopy delivers specialized materials and components that carry customers from concept through sustainment. Canopy A&D’s advanced signal attenuation technologies and production-scale manufacturing accelerate the fielding of platforms that are faster, cooler, and quieter. Our adaptive approach ensures solutions evolve at the pace of shifting challenges, keeping our customers ahead of the curve.

Summary: We are seeking a proactive and knowledgeable Cyber Security Specialist to lead our information security efforts, specifically focusing on achieving and maintaining CMMC 2.0 compliance (Level 1 and/or Level 2). This position acts as the bridge between technical IT security, manufacturing operations (OT), and contractual defense obligations. The ideal candidate understands the unique security challenges of the Aerospace & Defense industry, including the protection of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).

Lead the implementation, assessment, and continuous improvement of security controls aligned with NIST SP 800-171 and CMMC 2.0, ensuring organizational readiness for Level 2 certification.

Own and maintain the System Security Plan (SSP), Plans of Action and Milestones (POA&M), security policies, procedures, and compliance documentation.

Map and protect Controlled Unclassified Information (CUI) throughout its lifecycle, including data flows across engineering design (CAD/CAM), procurement, quality, manufacturing, and external suppliers.

Serve as the primary liaison for CMMC assessments, including coordination with C3PAOs, audit preparation, artifact management, and remediation tracking.

Implement and monitor security controls across both IT and OT environments, including identity and access management, multi-factor authentication, encryption, endpoint detection and response (EDR), SIEM, firewalls, and network segmentation.

Conduct vulnerability scanning, risk assessments, and gap analyses against NIST SP 800-171 controls, prioritizing mitigation efforts based on operational and contractual risk.

Lead cyber incident response activities, including documentation and reporting of incidents impacting CUI within required DFARS timelines (e.g., 72-hour reporting).

Partner cross-functionally with engineering, operations, quality, and leadership to embed cybersecurity into product development and manufacturing processes.

Oversee relationships with managed service providers (MSPs), cloud providers, and external security vendors to ensure secure configurations and regulatory compliance.

Develop and deliver practical cybersecurity training tailored to aerospace manufacturing personnel, including phishing awareness, secure technical data handling, and CUI best practices.

Establish compliance dashboards and executive reporting mechanisms to provide visibility into security posture and remediation progress.

Support and secure cloud environments, including Microsoft GCC High or Azure Government, where applicable.

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.

3–5+ years of experience in IT or Cybersecurity, including direct experience supporting CMMC, NIST SP 800-171, or DFARS compliance within the Defense Industrial Base.

Demonstrated hands-on experience implementing and assessing NIST SP 800-171 security controls.

Strong understanding of DFARS 252.204-7012 requirements and CMMC 2.0 framework.

Experience with Windows and/or Linux systems, Active Directory, identity and access management, firewalls, VPNs, endpoint protection platforms, and vulnerability management tools.

Familiarity with hybrid IT/OT environments and protecting intellectual property within CAD/CAM or manufacturing systems.

Ability to translate regulatory requirements into scalable technical and operational solutions.

Strong documentation, communication, and cross-functional leadership skills.

Must be a U.S. Person (U.S. Citizen or Permanent Resident) due to ITAR/EAR regulations.

Experience with Microsoft GCC High (or Azure GovCloud).

Experience with managed service providers (MSPs) in a manufacturing environment.

Background in NIST 800-172 or Advanced Persistent Threat (APT) protection.

CMMC Certified Professional (CCP or CCA), CISSP, CISM, Security+, or equivalent certification.