GRC Engineer (CMMC/FedRAMP)

About Workstreet

At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one.

We are seeking a GRC Engineer who is highly motivated, detail-oriented, and has foundational knowledge of FedRAMP Moderate and High baseline requirements, with complementary experience supporting CMMC and NIST SP 800-171-based programs. The ideal candidate brings strong client-facing communication skills and the ability to contribute to multiple compliance initiatives simultaneously.

This role is focused on guiding clients through federal compliance frameworks, supporting both SaaS providers and federal contractors through the FedRAMP authorization lifecycle—including readiness assessment, authorization support, and continuous monitoring—as well as advising defense contractors on CMMC Level 1 and Level 2 compliance and related NIST 800-171 requirements. The successful candidate will play a critical role in helping clients achieve and sustain federal and DoD compliance while leading high-quality delivery across all engagements.

• Interpret and Apply FedRAMP Requirements:
  Analyze and apply NIST SP 800-53 controls, FedRAMP baselines, and agency-specific requirements to ensure client compliance.
• Develop and Maintain FedRAMP Documentation:
  Develop and maintain System Security Plans (SSPs), control implementation narratives, POA&Ms, SAPs, SARs, and continuous monitoring artifacts.
• Conduct FedRAMP Readiness Assessments:
  Perform gap analyses and readiness reviews to prepare organizations for JAB or Agency ATO pathways.
• Support Authorization and Assessment Activities:
  Coordinate with Third-Party Assessment Organizations (3PAOs), cloud service providers, and government stakeholders throughout the FedRAMP lifecycle.
• Boundary Definition & Scoping:
  Perform CMMC/FedRAMP authorization boundary definition and system scoping activities, including identification of in-scope components, interconnections, data flows, and shared responsibility models to ensure alignment with FedRAMP PMO and agency expectations.
• Support Continuous Monitoring Programs:
  Conduct monthly, quarterly, and annual FedRAMP continuous monitoring requirements, including vulnerability management, incident response reporting, and change control.
• Support FedRAMP Engagements:
  Assist on multiple concurrent client projects, ensuring milestones, deliverables, and quality standards are consistently met or exceeded.
• Support CMMC and NIST 800-171 Compliance Efforts:
  Assist defense contractors with interpreting CMMC 2.0 and NIST SP 800-171 controls and implementing compliant security programs.
• Develop CMMC Documentation:
  Contribute to SSPs, POA&Ms, and supporting artifacts required for CMMC Level 1 and Level 2 readiness.

• Strong organizational and project management skills with the ability to manage multiple engagements concurrently
• 2+ years of experience in GRC, with exposure to FedRAMP, NIST SP 800-53, and federal compliance programs
• Working knowledge of CMMC 2.0 and NIST SP 800-171 requirements
• Experience authoring and reviewing SSPs, POA&Ms, and assessment artifacts
• Familiarity with federal cloud environments (AWS GovCloud, Azure Government, GCC High)
• Experience working with SaaS providers, federal contractors, or regulated technology organizations
• Ability to thrive in a fast-paced, consulting, or startup environment

• FedRAMP-specific experience supporting JAB or Agency ATOs
• CMMC Registered Practitioner (RP), CCP, or CCA certification
• CISSP, CISM, or Security+ certification
• Experience with DFARS clauses and CUI handling requirements
• Familiarity with SPRS reporting and DoD assessment workflows
• Prior experience working directly with 3PAOs or C3PAOs

• Reliable high-speed internet connection.
• Quiet, professional home office setup.
• Must be amenable to work US Eastern Time zone hours.
• Fluency in written and verbal English communication skills.

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.

Employment with Workstreet is contingent upon the successful completion of a background check, which may include verification of employment history, education, and other relevant information, in compliance with applicable laws.