• Work as part of the Infrastructure team defining and improving our general security posture across legacy and green field resources including data, applications and networks • Provide point of expertise on application, data and network security to our wider engineering teams - engaging with them in order to ensure consistent adoption of security policies and best practice • Participate in the automation of software to our cloud platform and embed security into our methodology, embracing DevSecOps • Improve our monitoring and alerting systems to enhance them with specific and relevant security data points • Participate in an on-call rotation and assist with troubleshooting issues that arise • Defining and implementing a Security Incident Response process/policy with regular evolvement, testing and adherence

• Work as part of the Infrastructure team defining and improving our general security posture across legacy and green field resources including data, applications and networks • Provide point of expertise on application, data and network security to our wider engineering teams - engaging with them in order to ensure consistent adoption of security policies and best practice • Participate in the automation of software to our cloud platform and embed security into our methodology, embracing DevSecOps • Improve our monitoring and alerting systems to enhance them with specific and relevant security data points • Participate in an on-call rotation and assist with troubleshooting issues that arise • Defining and implementing a Security Incident Response process/policy with regular evolvement, testing and adherence

Role Description We are seeking a Cybersecurity Compliance Consultant (CCP) to guide Department of Defense (DoD) contractors through the rigorous CMMC 2.0 and NIST 800-171 certification process. This documentation-intensive, client-facing role requires the ability to bridge technical and compliance worlds, translating raw technical data into high-quality, defensible Policies, Standard Operating Procedures (SOPs), and System Security Plans (SSPs) that stand up to C3PAO audits. Key Responsibilities - Policy Development and Authoring: Lead the development and localization of all 14 CMMC policy domains. Authoring deliverables such as Policies, Procedures, Plans, and ancillary documents. - GRC Platform Management: Act as the primary administrator for our GRC tool (e.g., FutureFeed, Apptega, or Microsoft Purview). Track maturity, map evidence to assessment objectives, and maintain client progress dashboards. - Evidence Collection and Orchestration: Coordinate with client technical leads to identify, collect, and validate evidence. - SSP & POA&M Ownership: Draft the System Security Plan (SSP) and manage the Plan of Action and Milestones (POA&M) to ensure remediation gaps are closed. - Client Advisory: Support team working with multiple clients, translating complex federal requirements into actionable task lists for their internal teams. Qualifications - 3–5 years in Cybersecurity GRC, IT Audit, or Information Assurance - Certified CMMC Professional (CCP), CMMC Registered Practitioner (RP) can be accepted in lieu of the CCP, provided the candidate attains certification within the first few months of employment. - Security+ certification - Deep working knowledge of NIST 800-171 (110 controls) and the CMMC Assessment Guide (320 assessment objectives) - Exceptional technical writing skills with demonstrable ability to produce clear, defensible compliance documentation. - Ability to manage multiple client engagements simultaneously while maintaining quality and attention to detail. - Excellent client communication skills with the ability to translate complex technical requirements into actionable guidance for non-technical stakeholders. Requirements - Must be a U.S. Citizen - Self-direction and accountability in a fully remote environment; manage multiple client relationships independently with minimal oversight - Exceptional technical writing skills with the ability to translate complex requirements into clear, actionable documentation - Meticulous attention to detail and commitment to producing audit-ready deliverables - Consultative mindset that balances regulatory requirements with practical business constraints - Strong analytical and problem-solving capabilities when troubleshooting compliance gaps - Collaborative approach when working with client technical leads and senior platform engineers - Adaptability as compliance frameworks evolve and client needs change Benefits - Salary: $100,000 – $125,000 annually, commensurate with experience - Comprehensive benefits package - Remote work environment - Opportunity to grow with a scaling company Company Description BOOST delivers integrated back-office and technology solutions that empower government contractors to focus on their core mission and thrive in a competitive landscape. We bring deep expertise in cybersecurity, compliance, accounting, contracts, human resources, recruiting, and strategic advisory to solve the operational challenges faced by government contractors.

Lead and oversee security initiatives by monitoring application vulnerabilities, performing secure code reviews, and implementing security controls to protect cloud and on-premise environments while ensuring compliance with federal security...