Security Controls Assessor

Full-Time, Direct Hire Position with Full Benefits and Matching 401(k) Plan

Minimum Clearance Required: Clearable


The Security Controls Assessor is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls within an Information System or inherited by an Information System to determine the overall effectiveness of the controls. The Security Controls Assessor provides a report detailing the deficiencies discovered during the assessment and provides a recommended corrective action plan addressing the identified vulnerabilities. The Security Controls Assessor supports the FISMA and FedRAMP consulting and assessment services and works and performs assigned tasks with minimal supervision and support. The Security Assessor works closely with system stakeholders to document system information, consults on architecture and security topics, and ensures that security controls are implemented appropriately and operating as intended.

Key Responsibilities:

  • Gather and organize technical information about information systems.
  • Gather and organize technical information about missions, goals, and requirements.
  • Perform consulting and assessment tasks in accordance with an established quality system.
  • Support vulnerability scanning using government or commercial-off-the-shelf tools.
  • Support security assessments and consulting services.
  • Support project tasks involving the integration of tools or methodologies to resolve organizational and system security problems.
  • Develop deliverables and a security authorization package including, but not limited to: System Security Plan, Information System Contingency Plan, Security Assessment Plan, Security Assessment Report.

Minimum Requirements:

  • Bachelor’s degree in Cyber Security, Computer Science, or related discipline.
  • At least 3 years of relevant industry experience in performing tasks associated with the Risk Management Framework.
  • At least 1 year of experience with FISMA consulting and assessment projects.
  • Working understanding of cloud architectures, network components, policies and procedures, and security tools and mechanisms.
  • Familiar with FISMA requirements and NIST guidance.
  • Experience using security tools, such as Nessus, WebInspect, AppDetective, and others.
  • Must be able to work both independently and in a team environment.
  • Must have strong written, verbal, and presentation communication skills.
  • Currently have, or able to obtain security clearance.
  • At least 1 IT Security-related professional certification (e.g., CISSP, CAP, CISA).

Preferred Qualifications (Not all of these are mandatory but are considered a plus):

  • Experience performing FedRAMP assessments.
  • Experience engineering cloud systems.
  • Experience with cloud system administration (e.g., database, system, network).

To apply for this job email your details to