Job Description: Senior Security Consultant – CMMC Expert

About Bright Defense
Bright Defense is dedicated to delivering top-tier Security, Risk, and Compliance consulting services. Our commitment to excellence, participation, integrity, and collaboration sets us apart in the industry. We strive to create a dynamic and inclusive environment where innovation and teamwork drive success.

Who We Look For

We are seeking a seasoned Senior Security Consultant with deep expertise in the Cybersecurity Maturity Model Certification (CMMC) ecosystem, including experience supporting Department of Defense (DoD) contractors and environments handling Controlled Unclassified Information (CUI). The ideal candidate has a minimum of 8 years of security, compliance, or risk experience and holds one or more CyberAB-recognized credentials:

CyberAB Registered Practitioner (RP)
CMMC Certified Professional (CCP)
CMMC Certified Assessor (CCA)

You are a master communicator and active listener, skilled at navigating diverse audiences—technical teams, executives, and frontline operational staff. You are self-aware, adaptable, and capable of connecting people, data, regulatory requirements, and real-world scenarios. Our consultants are mature, humble, and genuine, consistently going above and beyond for clients and colleagues. You are ethical, trustworthy, and committed to our core values even in challenging situations. A passion for learning and technology is essential, as is the ability to inspire and excite others.

This role is open to U.S. citizens only and requires work within the United States.

What We Do

Our Security Consultants work with clients across all levels of their organizations—C-suite to shop floor—helping them achieve strategic initiatives and maintain compliance in complex regulatory environments. We deliver realistic, data-driven guidance that creates meaningful value. Our consultants specialize in breaking down complicated frameworks such as CMMC into practical, actionable, and achievable steps.

Key Responsibilities

CMMC & DoD-Focused Responsibilities

Lead or support CMMC assessments, readiness engagements, and gap analyses for DoD contractors.
Develop and validate client evidence and documentation aligned to CMMC practices, processes, and assessment objectives.
Guide clients on implementing and maturing NIST SP 800-171 and NIST SP 800-172 security requirements.
Support clients through CMMC Level 1 and Level 2 certification readiness, including mock assessments and pre-audit coaching.
Interpret and apply CyberAB, DoD, and DIB policy updates, ensuring clients maintain compliance over time.
Develop and maintain System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), network diagrams, asset inventories, and other CMMC-required artifacts.
Advise on the protection of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).

General Security & Compliance Responsibilities

Manage or participate in Cybersecurity, Information Security, Risk, Compliance, and/or Data Privacy programs or projects.
Conduct compliance framework mapping and implementation across industry standards.
Perform regulatory mapping and support regulatory readiness for new laws and requirements.
Deliver advisory support, risk assessments, and remediation planning.
Produce risk, compliance, and information security reporting and monitoring deliverables.
Develop roadmaps to mature Risk, Compliance, and Information Security strategies, programs, and controls.
Design and enable cyber control functions and processes, including change management for regulatory adoption.
Prepare clients for external audits and serve as an internal auditor for audit readiness.
Work with GRC and cybersecurity tools, technologies, and platforms.
Design or mature controls for areas such as Secure SDLC, IAM, Business Continuity, Cloud Security, and Resiliency.
Apply industry-specific regulations and standards such as SOC 2, ISO 27001, CMMC, NIST SP 800-171, NIST SP 800-53, HIPAA, PCI, CCPA/CPRA.
Coordinate and advise clients through external audits and certification processes.

Qualifications

Required

U.S. citizenship (required)
Authorization for permanent employment in the United States (no immigration sponsorship available)
Humble, Hungry, Smart
Demonstrated business and technology acumen
Strong written and verbal communication skills
Experience solving real business problems with measurable outcomes
Proven track record of delivering results in consulting or security roles
Experience working with and/or leading teams
Ability to work across industries, roles, functions, and technologies
Experience with CMMC, NIST SP 800-171, FCI/CUI protection, or DoD contractor environments
One or more CyberAB-recognized certifications (RP, CCP, or CCA) or the ability and willingness to obtain them within a defined time frame

Preferred

Bachelor’s degree
10+ years of professional experience
Relevant certifications such as CISSP, CISM, CGRC, ISSAP, CRISC, CyberAB-RP/CCP/CCA, PCI-QSA
Experience across our service offerings, including governance, risk, compliance, and security engineering
Experience supporting Defense Industrial Base (DIB) organizations

Additional Information

Bright Defense collects and uses Personal Information for human resources, employment, benefits administration, and business-related purposes. To comply with our regulatory obligations under the California Consumer Privacy Act (CCPA), we notify you of the Personal Information we collect. To access our CCPA Policy, including the categories of Personal Information we collect and the purposes for which we intend to use this information, please visit our Privacy Policy.

Bright Defense is an equal opportunity employer (EOE). All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Senior Security Consultant – CMMC Expert