Security Controls Assessor (SCA)


  • Evaluate Government customer systems against NIST SP 800-53 Security Controls.
  • Conduct a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by complex and diverse information systems to determine the overall effectiveness of the control implementation.
  • Function as an independent and unbiased advocate who provides evidence to validate the trustworthiness of the system for the designated Authorizing Official (AO).
  • Conduct hands-on security control testing, analyze Body of Evidence (BoE) documentation and test results, document risk and recommend countermeasures.
  • Provide an assessment of the severity of weakness or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities.
  • Conduct hands-on security testing leveraging commercial tools and custom developed scripts and procedures.
  • Execute vulnerability/compliance assessment tools and evaluate results for systems undergoing security assessment.
  • Prepare security assessment reports containing the results and findings form the assigned security control assessments.
  • Provide documentation to the customer which describes all identified system risks, planned test procedures taken and test results.


  • TS/SCI with Polygraph (active / in-scope)
  • Bachelor’s Degree
  • 4+ years of relative experience. Additional experience may be considered in lieu of a degree
  • Familiarity with conducting security assessment in support of accreditation and or authorization (A&A) decisions.
  • Familiarity with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and or 800-53A Revision 4 as well as 800-30, 37 and 39.
  • CompTIA Security+
  • Certified Information Systems Security Professional (CISSP)

Job Category: Cyber Security
Job Type: Full Time
Job Location: Herndon VA

Apply for this position

Allowed Type(s): .pdf, .doc, .docx