Job Description

We are seeking a highly skilled Security Control Assessor (SCA) to support independent cybersecurity assessments of systems in accordance with the Risk Management Framework (RMF). This role is responsible for evaluating the implementation and effectiveness of security controls, assessing residual risk, and providing actionable recommendations to support authorization decisions.

The ideal candidate brings deep DoD cybersecurity experience, strong analytical judgment, and the ability to communicate technical risk clearly to both cybersecurity and senior mission stakeholders. This is a high-visibility role supporting mission-critical systems in a dynamic national security environment.

Key Responsibilities

• Perform independent security control assessments of information systems in support of RMF authorization and continuous monitoring activities
• Evaluate the implementation, effectiveness, and compliance of security controls in accordance with NIST SP 800-53 and DoD cybersecurity requirements
• Review technical artifacts, system documentation, test results, and evidence to determine control inheritance, applicability, and residual risk
• Document assessment findings, vulnerabilities, recommendations, and risk impacts in clear and concise language
• Develop Security Assessment Reports (SARs), risk summaries, and briefing materials for Authorizing Officials and senior stakeholders
• Coordinate with system owners, ISSMs, engineers, and cybersecurity teams to validate findings and support remediation planning
• Assess cloud, hybrid, enclave, and enterprise architectures for cybersecurity compliance and security posture
• Support high-priority authorization decisions while ensuring alignment with mission execution and operational requirements

Required Qualifications

• 7+ years of experience in cybersecurity, RMF, information assurance, or related information security roles
• Demonstrated experience performing security control assessments, compliance reviews, or cybersecurity audits
• Strong knowledge of Risk Management Framework (RMF), NIST SP 800-53, and security assessment methodologies
• Experience analyzing technical evidence and articulating cybersecurity risk to technical and non-technical stakeholders
• Prior experience supporting complex DoD or enterprise IT systems
• Active Secret Clearance (or higher) required
• Ability to work onsite at Joint Base Andrews, MD two days per week
• Prior DoD cybersecurity experience required
• CISSP certification required

Preferred Qualifications

• Previous experience serving as a Security Control Assessor (SCA) or SCA-Validator
• Experience supporting Air Force systems or A4 mission environments
• Familiarity with cloud, hybrid, and enclave architectures
• Strong briefing, customer engagement, and stakeholder communication skills
• Additional certifications such as CISM or CISA preferredIdeal Candidate Profile

• Critical thinker with strong attention to technical detail
• Comfortable operating in mission-focused, high-visibility DoD environments
• Able to balance cybersecurity rigor with operational mission requirements
• Effective collaborator with engineers, program teams, and senior leadership
• Passionate about improving security posture and supporting national security missions