Senior GRC Engineer (CMMC/FedRAMP)

About Workstreet

At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in frameworks such as CMMC, NIST 800-171, NIST 800-53, FedRAMP, enabling companies to meet regulatory requirements and strengthen their cybersecurity posture from day one.

The Opportunity 

We are seeking a Senior GRC Engineer who is highly motivated, detail-oriented, and experienced with FedRAMP Moderate and High authorizations, with complementary experience supporting CMMC and NIST SP 800-171–based programs. The ideal candidate brings strong client-facing communication skills, the ability to manage multiple compliance initiatives simultaneously, and experience leading or mentoring a small delivery team.

This role is primarily focused on guiding SaaS providers and federal contractors through the FedRAMP authorization lifecycle, including readiness, assessment support, and continuous monitoring. A smaller portion of the role supports defense contractors pursuing CMMC Level 1 and Level 2 compliance and related NIST 800-171 requirements. The successful candidate will play a critical role in helping clients achieve and sustain federal and DoD compliance while leading high-quality delivery across engagements.

• Interpret and Apply FedRAMP Requirements: Analyze and apply NIST SP 800-53 controls, FedRAMP baselines, and agency-specific requirements to ensure client compliance.
• Develop and Maintain FedRAMP Documentation: Author and maintain System Security Plans (SSPs), control implementation narratives, POA&Ms, SAPs, SARs, and continuous monitoring artifacts.
• Conduct FedRAMP Readiness Assessments: Perform gap analyses and readiness reviews to prepare organizations for JAB or Agency ATO pathways.
• Support Authorization and Assessment Activities: Coordinate with Third-Party Assessment Organizations (3PAOs), cloud service providers, and government stakeholders throughout the FedRAMP lifecycle.
• Boundary Definition & Scoping: Lead CMMC/FedRAMP authorization boundary definition and system scoping activities, including identification of in-scope components, interconnections, data flows, and shared responsibility models to ensure alignment with FedRAMP PMO and agency expectations.
• Manage Continuous Monitoring Programs: Oversee monthly, quarterly, and annual FedRAMP continuous monitoring requirements, including vulnerability management, incident response reporting, and change control.
• Lead FedRAMP Engagements: Manage multiple concurrent client projects, ensuring milestones, deliverables, and quality standards are consistently met or exceeded.
• Support CMMC and NIST 800-171 Compliance Efforts: Assist defense contractors with interpreting CMMC 2.0 and NIST SP 800-171 controls and implementing compliant security programs.
• Develop CMMC Documentation: Contribute to SSPs, POA&Ms, and supporting artifacts required for CMMC Level 1 and Level 2 readiness.

• Strong organizational and project management skills with the ability to manage multiple FedRAMP-focused engagements concurrently
• 5+ years of experience in GRC, with deep exposure to FedRAMP, NIST SP 800-53, and federal compliance programs
• Working knowledge of CMMC 2.0 and NIST SP 800-171 requirements
• 3+ years of experience leading or mentoring a small team
• Experience authoring and reviewing SSPs, POA&Ms, and assessment artifacts
• Familiarity with federal cloud environments (AWS GovCloud, Azure Government, GCC High)
• Experience working with SaaS providers, federal contractors, or regulated technology organizations
• Ability to thrive in a fast-paced, consulting or startup environment

• FedRAMP-specific experience supporting JAB or Agency ATOs
• CMMC Registered Practitioner (RP), CCP, or CCA certification
• CISSP, CISM, or Security+ certification
• Experience with DFARS clauses and CUI handling requirements
• Familiarity with SPRS reporting and DoD assessment workflows
• Prior experience working directly with 3PAOs or C3PAOs

• Career Development: Clear path with mentorship and training opportunities
• Technical Training: Comprehensive onboarding on security and compliance frameworks
• Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities.
• Growth Opportunity: Early-stage company with significant room for career advancement.
• Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team.

• Reliable high-speed internet connection.
• Quiet, professional home office setup.
• Must be amenable to work US Eastern Time zone hours.
• Fluency in written and verbal English communication skills.

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.