CMMC Compliance Advisor

About Us

Steel Root is a cybersecurity services company that specializes in compliance for the U.S. Defense Industrial Base. We’re a startup in high demand, looking for a driven individual to join our team as a Compliance Advisor. We’re passionate about contributing daily to our positive culture, with a commitment to professional development and social responsibility. Steel Root serves a national client base from its headquarters in Salem, MA.

Job Description

Steel Root works with U.S. federal and defense contractors, many of whom are small businesses in manufacturing, high tech, or R&D, to build cybersecurity maturity and implement CMMC security practices.

The Compliance Advisor consults with clients on cybersecurity compliance and plays a lead role in driving forward technical implementation, documentation, and process maturity projects to help the client achieve a compliance-ready state. This includes conducting gap assessments, scoping a system boundary for handling CUI, building a project roadmap for achieving compliance, and acting as project manager on IT implementation projects to execute on that roadmap.

This role works collaboratively with client stakeholders including business leaders and IT, as well as our internal IT and security services teams and other third-party service providers.

Client engagements typically include the following elements:

  • Determine a system scope (technology, people, business processes) for compliance
  • Assess the current implementation of applicable security requirements (CMMC, NIST SP 800-171)
  • Develop a project roadmap for implementation
  • Manage the deployment of Steel Root security services into client environments
  • Manage customer expectations, our internal resources, and relevant third parties to ensure projects are successful
  • Draft and manage System Security Plan(s), policies, and procedures
  • Ongoing advisory on issues of security and compliance

About You

You’re a strong communicator interested in a fast-paced career in security consulting and professional services. You’re a strategic thinker, and passionate about the details. Your background includes hands-on experience managing information systems and you have a proven history of delivering excellent work and exceeding expectations.

A background in IT/IS, compliance and risk management, or management consulting is desirable, as is in-depth experience with one or more security frameworks (e.g., CMMC, NIST, CIS, MITRE ATT&CK).

Hands-on experience implementing NIST SP 800-171 or SP 800-53 is required.


  • U.S. citizenship
  • Highly motivated and detail-oriented
  • 2-5 years of experience implementing cybersecurity requirements for Department of Defense contractors (DFARS 252.204-7012, NIST SP 800-171) or federal information systems (NIST SP 800-53, RMF)
  • Awareness of the cybersecurity product/vendor landscape and current security best practices
  • Detailed understanding of the CMMC certification requirements (including assessment objectives and process maturity requirements up to Level 3) and DFARS 252.204-7012 requirements (including FedRAMP Moderate equivalency requirements for cloud service providers and paragraph (c) – (g) requirements)
  • Awareness of U.S. export control requirements under ITAR and EAR
  • High emotional intelligence and interpersonal skills
  • Very strong written and verbal communication skills
  • Strategic thinker and creative problem solver

Desired Characteristics

  • Experience leveraging Microsoft cloud services (Azure, Office 365) to meet compliance requirements, especially in Azure Government and Microsoft 365 GCC High environments
  • Professional certifications such as CISSP, CISM, CISA, and Microsoft or related certifications
  • Experience consulting with multiple clients at the same time
  • Contemporary, hands-on knowledge of Windows domain administration, networking, and common IT sysadmin functions
  • Public speaking
  • Bachelor’s degree or higher in technology, engineering, or related field


  • Competitive benefits package, including health, dental, 401(k), and cell phone stipend
  • Team Human work culture
  • Our customers make lasers and launch things into space
  • Work with wicked smaht teammates and hone your skills in one of the hottest niches in the cybersecurity market
  • Play with cool tech, work with customers that love us, and get in on the ground floor of a startup in growth mode

How to Apply

  1. Get to know us by reading about our services and the industries we serve, and follow us on social media (links in website footer, below).
  2. Then send your resume with cover letter to Every application is reviewed by a real human being.

Committed to Diversity

Steel Root is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.

This is a general description of the duties, responsibilities and qualifications required for this position. Physical, mental, sensory, or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Steel Root will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.