• Ensure the security, compliance, and continuous monitoring of enterprise information systems • Support federal security frameworks, risk management activities, and audit readiness efforts while safeguarding sensitive organizational data • Collaborate with technical teams, leadership, and auditors to assess vulnerabilities • Maintain authorization documentation and strengthen governance and compliance processes • Support risk management and continuous monitoring activities to identify and mitigate security vulnerabilities • Administer and maintain GRC tools to support audit logging, compliance reporting, and security control monitoring • Prepare documentation and evidence to support federal audits (NIST 800‑53, FISMA, SOC 1/SOC 2, DATA Act, etc.) • Maintain and update Security Authorization Package artifacts such as SSPs, Risk Assessments, and Security Control Assessments • Support remediation activities and track audit inquiries and corrective actions • Assist with project management functions including milestone tracking, compliance forecasting, and deliverable oversight • Produce regular security posture reports and executive‑level dashboards • Ensure enforcement of security policies, procedures, and RMF requirements • Work cross‑functionally with administrators, developers, and stakeholders to integrate security best practices • Translate complex technical vulnerabilities into clear, actionable insights for leadership and auditors

Role Description As a Lead CMMC Cybersecurity Assessor (LCCA), you will serve as the senior authority responsible for directing and executing formal CMMC Level 2 assessments for organizations required to have the CMMC certification. In this role, you will lead assessment teams, validate compliance with Department of War (DoW/DoD) cybersecurity requirements, and make final determinations regarding certification readiness. You will oversee the full assessment lifecycle, including: - Scoping - Evidence review - Technical validation - Final reporting This position requires deep expertise in cybersecurity frameworks, strong leadership capabilities, and the ability to communicate complex findings clearly and objectively to both internal teams and client stakeholders. The LCCA plays a critical role in maintaining the integrity, consistency, and rigor of the CMMC assessment process while ensuring assessments align with: - 32 CFR Part 170 - The CMMC Assessment Process (CAP) - C3PAO Professional Code of Conduct - Kieri Solutions ethical standards Qualifications - Lead CMMC Certified Assessor (LCCA) certification required - Previous certification as a CMMC Certified Assessor (CCA) - Listed in the Cyber AB Marketplace as a LCCA - Active security clearance - 7+ years of hands-on IT or cybersecurity experience, including networking, servers, virtualization, cloud or hybrid environments, and user endpoints - Demonstrated experience with cybersecurity compliance frameworks such as: NIST SP 800-171, RMF, FedRAMP, ISO 27001, SOC, PCI - Strong ability to interpret technical and compliance requirements and evaluate control implementation objectively - Excellent analytical, technical writing, and documentation skills - Ability to lead complex assessment engagements and coordinate cross-functional technical teams - Strong attention to detail, time management, and ability to perform under structured assessment timelines - Team-oriented mindset with a commitment to collaboration and assessment integrity Requirements - Lead CMMC Certified Assessor (LCCA) certification required - Previous certification as a CMMC Certified Assessor (CCA) - Listed in the Cyber AB Marketplace as a LCCA - Active security clearance - 7+ years of hands-on IT or cybersecurity experience, including networking, servers, virtualization, cloud or hybrid environments, and user endpoints - Demonstrated experience with cybersecurity compliance frameworks such as: NIST SP 800-171, RMF, FedRAMP, ISO 27001, SOC, PCI - Strong ability to interpret technical and compliance requirements and evaluate control implementation objectively - Excellent analytical, technical writing, and documentation skills - Ability to lead complex assessment engagements and coordinate cross-functional technical teams - Strong attention to detail, time management, and ability to perform under structured assessment timelines - Team-oriented mindset with a commitment to collaboration and assessment integrity Benefits - Base Pay: $155,000-$165,000 - Remote Work & Flexible Schedule: Work from home full-time with the option to travel - Work-Life Balance: We prioritize work-life balance with flex-time policies and strictly limited overtime - Competitive Benefits: Enjoy benefits, including 401(k) match, health insurance, and more

Lead investigations and remediation efforts, champion AI and automation in SecOps, develop detection engineering and threat hunting capabilities, and operationalize threat intelligence to identify emerging threats across the attack surface.

• Your main goal will be to strengthen n8n’s product and platform security by driving hands-on security work that helps engineering teams reduce risk, ship securely, and build a growing security practice from an early stage. • Vulnerability management and disclosure • Own day-to-day vulnerability intake and triage workflows, including the security inbox and bug bounty submissions. • Coordinate remediation with engineering teams and help track issues through to resolution with clear priorities and follow-through. • Support coordinated disclosures, GitHub Security Advisories, and researcher communication in a timely and structured way. • Security tooling and technical assessments • Operate and improve security tooling across the SDLC, including scanning, alert triage, and workflow tuning. • Run practical security assessments such as targeted reviews, validation of findings, and remediation tracking from internal or external testing. • Help improve visibility into product and platform risk through actionable findings, documentation, and technical recommendations. • Secure product development support • Partner with engineers to embed security into design, development, and release processes in pragmatic ways. • Support threat modeling, secure coding guidance, and lightweight security reviews across product and platform areas. • Create clear, useful documentation that helps teams understand risks and apply secure development practices. • Security operations and team foundations • Support the coordination of security incidents by helping with investigation, tracking, communication, and follow-up actions. • Contribute to playbooks, runbooks, and internal processes that improve security readiness over time. • Help shape how the security function works in practice as the team grows, together with the Head of Security and future hires.