Don't miss updates, tips, webinars!Subscribe now
Opportunity sourced from the Official SkillBridge website. Not endorsed by the Department of Defense.
This opportunity provides hands-on experience supporting a CMMC Third-Party Assessor Organization (C3PAO) performing formal CMMC assessments for DoD contractors. Interns will be embedded in the assessment team and contribute to audit preparation, evidence evaluation, and reporting tasks—developing the foundational skills of a certified CMMC Assessor. Team members are trained on ISO/IEC 17020:2012 quality standards and industry best practices, including performance reviews and internal debriefs. This internship is ideal for transitioning service members seeking a career in cybersecurity, audit, and compliance.
During the internship, candidates will gain real-world experience conducting formal CMMC Level 2 assessments as a Certified CMMC Professional (CCP). Interns will support cybersecurity assessments for organizations in the Defense Industrial Base (DIB), reviewing system documentation, evaluating technical configurations, and interviewing personnel to verify compliance with the 110 CMMC security requirements.Interns will also participate in follow-up reviews of Plan of Action & Milestones (POA&Ms), collaborate with senior assessors to address escalation issues, and help develop detailed reports that drive certification success and client readiness. The role also provides exposure to report writing, evidence evaluation, and internal quality control aligned with accredited C3PAO assessment practices.Candidates will observe how CMMC Third-Party Assessor Organizations (C3PAOs) operate, and will gain insight into how impartial audits are conducted without providing implementation guidance.
Participants must possess a certification aligned with DoDM 8140.03, Security Control Assessor, under "Intermediate" or "Advanced" levels. Examples of intermediate certifications include CompTIA Security+, CASP+, PenTest+, or Cloud+; GIAC GSEC; ISC2 CGRC/CAPExamples of advanced certifications include ISC2 CISSP; CompTIA CySA+; ISACA CISM or CISA; Mile2 CISSO or CPTE; GIAC GCSA, GSLC, or GSNA.
Remote candidates will be considered on a case by case basis.
