[Hiring] Compliance Engineer @CyberSheath

Role Description

The CMMC Compliance Engineer will be responsible for designing, implementing, and maintaining data protection controls that safeguard Controlled Unclassified Information (CUI) across Microsoft 365 and Azure environments in alignment with CMMC Level 2 and NIST 800-171 requirements.

• Design, deploy, and manage Microsoft Purview Data Loss Prevention (DLP) policies across Exchange Online, SharePoint Online, OneDrive, Teams, and endpoint workloads.
• Implement and maintain Microsoft Purview sensitivity labels, including label taxonomy, protection settings, encryption, and user experience alignment.
• Configure and enforce auto-labeling and trainable classifiers to identify and protect CUI, export-controlled data, and other regulated data types.
• Integrate DLP and labeling controls with Conditional Access, endpoint controls, and Defender workloads to support defense-in-depth.
• Tune DLP policies to balance compliance enforcement with business usability, minimizing false positives while maintaining audit integrity.
• Support audit readiness and evidence collection, including documentation of DLP configurations, labeling schemas, policy enforcement, and control mappings to NIST 800-171 and CMMC practices.
• Collaborate with compliance, security operations, and engineering teams to remediate data handling gaps identified through assessments, audits, or incident response activities.

Qualifications

• Hands-on experience implementing Microsoft Purview DLP in regulated or compliance-driven environments.
• Practical experience with sensitivity labels, encryption, content marking, and access restrictions.
• Experience protecting CUI or similarly regulated data within Microsoft 365.
• Strong understanding of how DLP and information protection map to CMMC Level 2 / NIST 800-171 requirements.
• Experience supporting compliance audits or assessments with technical evidence and configuration artifacts.

Preferred Experience

• Experience in GCC or GCC High Microsoft environments.
• Familiarity with Endpoint DLP, Insider Risk Management, or Information Governance features.
• Experience integrating DLP with Defender for Endpoint, Microsoft Sentinel, or SOAR workflows.
• Background working with DoD contractors or highly regulated industries.

Work Environment

• 100% Remote work environment with occasional (25%) travel to client sites.

Budgeted Pay Range

$110,000 — $135,000 USD