About IonQ:
IonQ, Inc. [NYSE: IONQ] is the world’s leading quantum platform and merchant supplier - delivering integrated quantum solutions across computing, networking, sensing, and security. IonQ’s newest generation of quantum computers, the IonQ Tempo, is the latest in a line of cutting-edge systems that have been helping customers and partners including Amazon Web Services, and AstraZeneca achieve 20x performance results and accelerate innovation in drug discovery, materials science, financial modeling, logistics, cybersecurity, and defense. In 2025, the company achieved 99.99% two-qubit gate fidelity, setting a world record in quantum computing performance.
Headquartered in College Park, Maryland, IonQ has operations in California, Colorado, Massachusetts, Tennessee, Washington, Italy, South Korea, Sweden, Switzerland, Canada, and the United Kingdom. Our quantum computing services are available through all major cloud providers, while we also meet the needs of networking and sensing customers across land, sea, air, and space. IonQ is making quantum platforms more accessible and impactful than ever before.
Location: This position can work onsite or hybrid from one of our offices or fully remote in the US.
Travel: Up to 10%
Job ID: 1615
The Role:
We are looking for a Governance, Risk, and Compliance (GRC) Engineer to join our Security team. As a GRC Engineer, you’ll be part of a cross-functional team whose mission is to lead IonQ on its journey to build the world’s best quantum computers to solve the world’s most complex problems.
Quantum computing and national security are inseparable. IonQ operates at the intersection of cutting-edge research and the defense industrial base, making rigorous cybersecurity compliance a core business imperative. In this role, you will own and drive IonQ’s Cybersecurity Maturity Model Certification (CMMC) posture, from implementing technical controls and maintaining System Security Plans to guiding internal teams through audit readiness. The ideal candidate is a detail-oriented practitioner who can translate complex regulatory requirements into practical, operational controls.
In your first 90 days you will conduct a gap assessment of our current CMMC posture, map CUI data flows across our environments, and begin building or maturing our SSP and associated artifacts.
Responsibilities:
- Own end-to-end CMMC implementation and audit readiness, including scoping, control mapping, SSP and POA&M development, evidence collection, and remediation tracking.
- Interpret and apply DFARS clause requirements, including DFARS 252.204-7012, 252.204-7019, and 252.204-7020, translating contractual obligations into operational controls and maintaining accurate SPRS submissions.
- Conduct recurring internal audits of NIST 800-171 security controls on a defined cadence to validate continued compliance, and support preparation for C3PAO assessments including evidence packages and assessment logistics.
- Assess CUI environments to meet CMMC boundary requirements, including network segmentation, access control, media protection, and FIPS-validated encryption, and evaluate cloud environments against CMMC scoping guidance.
- Implement technical controls across NIST 800-171 practice families, including MFA, audit logging, configuration management, incident response, and vulnerability management.
- Serve as a CMMC subject matter resource, contributing to compliance roadmaps, facilitating readiness workshops, and advising on DFARS flow-down requirements for subcontractors.
- Collaborate with legal and contracts teams to review FAR/DFARS clauses in new and existing contracts, flagging CUI obligations and CMMC level requirements, and coordinate on ITAR and EAR obligations as they intersect with CUI handling.
- Support the organization’s GRC platform for evidence management, POA&M tracking, and risk register maintenance, and contribute to compliance dashboards for leadership.
Requirements:
- 2–4 years of professional experience in cybersecurity, compliance, or IT security, with direct exposure to NIST SP 800-171 or CMMC compliance programs.
- Experience developing or contributing to SSPs, POA&Ms, and assessment artifacts, and participating in CUI environment scoping.
- Working knowledge of DFARS cybersecurity clauses (7012, 7019, 7020) and the CMMC 2.0 framework.
- A technical background in systems administration, cloud security, or security engineering sufficient to engage with IT and engineering teams on control implementation.
- Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience.
Preferred Qualifications:
- Familiarity with ITAR and EAR and how export control obligations intersect with CUI handling in a defense-adjacent research environment.
- Hands-on experience with GRC platforms (e.g., Hyperproof, Drata, Anecdotes AI) and security tooling such as CSPM or vulnerability scanners.
- Prior experience in a defense contractor, national laboratory, government, or high-security research environment.
- CMMC certifications (CCP or CCA) are a strong plus, as are CISSP, CISM, CISA, or CRISC.
The approximate base salary range for this position is $83,430 - $109,232. The total compensation package includes base, bonus, equity, and a range of benefit options found on our career site.
Compensation will vary based on individual factors such as education, qualifications, and experience of the final candidate(s), specific office location, and calibration against relevant market data and internal team equity. Posted base salary figures are subject to change as new market data becomes available. Our benefits include comprehensive medical, dental, and vision plans, matching 401K, unlimited PTO and paid holidays, parental/adoption leave, legal insurance, and a home technology stipend. Details of participation in these benefit plans will be provided when a candidate receives an offer of employment.
At IonQ, we believe in fair treatment, access, opportunity, and advancement for all while striving to identify and eliminate barriers. We empower employees to thrive by fostering a culture of autonomy, productivity, and respect. We are dedicated to creating an environment where individuals can feel welcomed, respected, supported, and valued.
We are committed to equity and justice. We welcome different voices and viewpoints and do not discriminate on the basis of race, religion, ancestry, physical and/or mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, transgender status, age, sexual orientation, military or veteran status, or any other basis protected by law. We are proud to be an Equal Employment Opportunity employer.
US Technical Jobs. The position you are applying for will require access to technology that is subject to U.S. export control and government contract restrictions. Employment with IonQ is contingent on either verifying “U.S. Person” (e.g., U.S. citizen, U.S. national, U.S. permanent resident, or lawfully admitted into the U.S. as a refugee or granted asylum) status for export controls and government contracts work, obtaining any necessary license, and/or confirming the availability of a license exception under U.S. export controls. Please note that in the absence of confirming you are a U.S. Person for export control and government contracts work purposes, IonQ may choose not to apply for a license or decline to use a license exception (if available) for you to access export-controlled technology that may require authorization, and similarly, you may not qualify for government contracts work that requires U.S. Persons, and IonQ may decline to proceed with your application on those bases alone. Accordingly, we will have some additional questions regarding your immigration status that will be used for export control and compliance purposes, and the answers will be reviewed by compliance personnel to ensure compliance with federal law.
US Non-Technical Jobs. Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum. Accordingly, we will have some additional questions regarding your immigration status that will be used for export control and compliance purposes, and the answers will be reviewed by compliance personnel to ensure compliance with federal law.
If you are interested in being a part of our team and mission, we encourage you to apply!
Skills Required
- 2-4 years of professional experience in cybersecurity, compliance, or IT security
- Experience developing or contributing to SSPs, POA&Ms, and assessment artifacts
- Working knowledge of DFARS cybersecurity clauses and CMMC framework
- Technical background in systems administration, cloud security, or security engineering
- Bachelor's degree in Computer Science, Information Security, or equivalent
IonQ Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about IonQ and has not been reviewed or approved by IonQ.
-
Healthcare Strength — Comprehensive medical, dental, and vision coverage is described alongside HSA/FSA options, disability and life insurance, and mental health support. Inclusive elements such as transgender health benefits are also part of the package.
-
Parental & Family Support — Paid maternity, paternity, and bonding leave is described as fully paid for eligible employees. Additional leave types such as bereavement leave are also included in time-off provisions.
-
Retirement Support — A 401(k) plan with company matching up to 5% is included as part of the core package. Vesting is noted as applying over time, indicating the match is structured as a longer-term retention benefit.
IonQ Insights
What We Do
Quantum computers are a revolutionizing technology — they have the potential to transform business, society, and the planet for the better, and IonQ is at the forefront of this revolution. After over 25 years of academic research, IonQ was founded in 2015 by Chris Monroe and Jungsang Kim with $2 million in seed funding from New Enterprise Associates, a license to core technology from the University of Maryland and Duke University, and the goal of taking trapped ion quantum computing out of the lab and into the market. In the following three years, we raised an additional $20 million from GV, Amazon Web Services, and NEA, and built two of the world’s most accurate quantum computers. In 2019, we raised another $55 million in a round led by Samsung and Mubadala, and announced partnerships with Microsoft and Amazon Web Services to make our quantum computers available via the cloud. In 2020 and 2021, we built additional generations of high performance quantum hardware, added Google Cloud Marketplace to our cloud partner roster and announced a series of collaborations and business partnerships with leading academic and commercial institutions. On October 1st, 2021, IonQ began trading as IONQ on the New York Stock Exchange, making it the world's first public pure-play quantum computing company. We remain hard at work realizing the world-changing potential of quantum computing.
Why Work With Us
We’re growing a passionate, diverse team of collaborative, creative people. We believe in pursuing innovative, challenging work with integrity, alongside team members we can learn from and grow with.
Gallery
