Security Control Assessor
$75k - $95kTyto Athene, LLC
Description
Tyto Athene is seeking a Security Control Assessor (SCA) to support a federal customer in Washington, DC. The successful candidate will evaluate information systems to ensure compliance with FISMA, NIST, and agency security requirements by conducting thorough security control assessments, documenting objective evidence, and communicating risk in a clear and actionable manner.
The ideal candidate is a detail-oriented cybersecurity professional with exceptional analytical, organizational, and interpersonal skills who can collaborate effectively with technical teams, system owners, and stakeholders while maintaining the highest standards of quality, accuracy, and professionalism throughout the assessment process.
Responsibilities:
Support RMF steps 4 –assess, 5 –authorize, step 6 –monitor controls: conducting system security assessments, supporting the system security authorization to operate process, and conducting annual assessments, respectively
Produce quality security assessment deliverables, ensuring the content of each deliverable is specific to the subject systems, complete, and accurate
Develop and execute a security and privacy assessment plan for each security assessment project
Create and maintain test cases for security assessment testing
Perform security testing at the control-requirement level for each unique component of each system (e.g., application, web application server, financial systems, database server/instance, operating systems, specialized appliances, network and infrastructure devices, and end-user devices (e.g., mobile phones, laptops, etc.)
Conduct technical content review and analysis of technical reports from security vulnerability scan, penetration test, and configuration compliance scan tools with respect to the subject system’s context and environment in order to analyze the findings accurately and completely
Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings
Document and provide findings and recommendations that are concise, system-specific, and actionable
Perform and document client and system-specific risk analysis for each finding identified during each assessment in accordance with NIST SP 800-30, the client’s risk appetite, and the client’s security policies. The results of this risk analysis shall be documented in the Security Assessment Report (SAR) for each assessed FISMA system, and a summary of the assessment results and risk shall be provided in the respective Assessment/Authorization Briefing.
Qualifications
Required:
Bachelor's degree and at least four (4) years of total IT experience, including at least two (2) years supporting cybersecurity, information assurance, or Governance, Risk, and Compliance (GRC) activities within the NIST Risk Management Framework (RMF) lifecycle.
High school diploma with 8 years of experience in Functional Responsibility area may be substituted for a Bachelor’s Degree
PMP, ISO 27001, or CISM certifications equate to 3 years of experience in Functional Responsibility each
ITIL, CISSP, or other relevant IT management certifications equate to 2 years of general experience each
Thorough knowledge of the Federal Information Security Modernization Act (FISMA), NIST Risk Management Framework (RMF), and Security Assessment and Authorization (SA&A) processes.
Demonstrated knowledge of NIST SP 800-53 Rev. 5, NIST SP 800-53A Rev. 5, and NIST SP 800-137.
Experience assessing security controls and evaluating the effectiveness of technical, operational, and management safeguards.
Ability to assess the severity of identified weaknesses and deficiencies, communicate risk effectively, and recommend appropriate corrective actions.
Strong critical thinking, analytical, and problem-solving skills with exceptional attention to detail.
Ability to balance security requirements with operational and mission objectives.
Excellent technical writing skills, including experience developing assessment reports and documenting security findings.
Strong verbal communication and interpersonal skills with the ability to collaborate effectively with technical teams, system owners, and stakeholders.
Desired:
Certified Authorization Professional (CAP)
Certified in Risk and Information Systems Control (CRISC)
Experience with GRC Tools such as ServiceNow, CSAM, etc.
Clearance: US Citizen with Public Trust eligibility required
Location: On-site in DC, minimal remote flexibility
About Tyto Athene
Compensation:
- Compensation is unique to each candidate and relative to the skills and experience they bring to the position. Salary for this role is between $75-95K. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.
Benefits:
- Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave.
Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation that drives measurable success. Our expertise spans four core technology domains—Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT—empowering our clients with cutting-edge solutions tailored to their evolving needs. With over 50 years of experience, Tyto Athene proudly support Defense, Intelligence, Space, National Security, Civilian, Health, and Public Safety clients across the United States and worldwide.
At Tyto Athene, we believe that success starts with our people. We foster a collaborative, innovative, and mission-driven environment where every team member plays a critical role in shaping the future of technology. Are you ready to join #TeamTyto?
Tyto Athene, LLC is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, [sexual orientation, gender identity,] national origin, disability, status as a protected veteran, or any characteristic protected by applicable law.
Submit a Referral (
Location US-DC-Washington
ID 2026-1920
Category Cybersecurity
Position Type Full-Time
- ...Security Control Assessor Location: Alexandria, Virginia (Onsite) Role Overview We are seeking a skilled and detail-oriented Security Control Assessor. The successful candidate will be responsible for evaluating, testing, and validating the effectiveness of security...Suggested
$155k - $165k
...we’ve described you and your dream workplace, please apply and share in the many benefits and opportunities we offer. Security Control Assessor III Responsibilities: Leads comprehensive security assessments for complex or high-impact systems. Oversees control...SuggestedFor contractors- ...Security Control AssessorLocation: Arlington, VA (On-Site)Citizenship: US onlyClearance: Active TS/SCI (DHS EOD Suitability required)Company: Argo Cyber Systems, LLC - Service-Disabled Veteran-Owned Small Business (SDVOSB)About Argo Cyber SystemsArgo Cyber Systems provides...Suggested
- ...Job Description We are seeking an experienced Security Control Assessor to support the assessment, validation, and authorization of DoD information systems. This role requires a strong background in the Risk Management Framework (RMF) process, security control assessment...SuggestedImmediate startFlexible hours
- ...Modern Technology Solutions, Inc. (MTSI) is seeking a Security Control Assessor (SCA) to support an MTSI contract with the Assistant Secretary of the Air Force, Acquisition, Technology and Logistics. The SCA is responsible for conducting a comprehensive assessment...SuggestedContract work
- ...Position Overview The Security Control Assessor must fulfill a variety of cybersecurity functions, to include: System Administrator, Enterprise Oversight, certification and accreditation, SAP and SCI assessment and authorization (A&A), Platform Information Technology...For contractorsWork experience placementWork at officeLocal areaWorldwide
- ...Security Control Assessor Security Control Assessor Location: Arlington, VA (On-Site) Citizenship: US only Clearance: Active TS/SCI (DHS EOD Suitability required) Company: Argo Cyber Systems, LLC - Service-Disabled Veteran-Owned Small Business (SDVOSB)...Contract workFor contractors
- ...Cyber Security And Privacy Control Assessment Support This role offers excellent compensation, career growth potential, and a total rewards package that includes PTO, paid holidays and corporate events, continuing education reimbursements, 401K, an Employee Stock Purchase...
$112.5k
...Security Control Assessor Leidos is seeking mid- to senior-level Security Control Assessors to join our SCA team. This position requires significant travel—please review the position overview below for important details. The maximum starting salary for this role is...Daily paidLocal areaRemote workWork from home$130k - $150k
...Senior Security Control Assessor Overview: TSA is currently seeking a Senior Security Control Assessor who will serve as a Functional Lead and provide support to our NAVAIR customer in the DC Metro area. Roles/Responsibilities: Leads cybersecurity...$120k - $135k
...Senior Security Control Assessor Cybersecurity Blu Omega is seeking a Senior Security Control Assessor to support a federal program focused on security and privacy control assessments. This role operates within a highly regulated financial environment and is responsible...Permanent employmentTemporary work- ...Job Description We are seeking a highly skilled Security Control Assessor (SCA) to support independent cybersecurity assessments of systems in accordance with the Risk Management Framework (RMF). This role is responsible for evaluating the implementation and effectiveness...2 days per week
$87k - $198k
...Security Control Assessor and System Certification Specialist, Senior The Opportunity: Function as a Senior System Certification Specialist or Security Control Assessor as part of a team in the performance of Assessment and Authorization (A&A) activities ensuring...Full timeContract workPart timeLocal areaRemote work- TLA is seeking a Security Assessor for evaluating the effectiveness of security measures and controls within the organization's information systems and software applications to ensure the protection of data and compliance with industry standards and regulations. This role...Work experience placement
- Direct experience in NIST security control assessments Direct experience in System Security Plan (SSP) development Direct experience conducting or supporting NIST-based risk assessments Demonstrated success interfacing directly with system owners and executive management...
$130k - $147k
SkyePoint Decisions is seeking an AWS Assessor in Washington, D.C. This role involves leading security assessments and ensuring cloud security compliance for government contracts. Candidates must have extensive experience in cloud security and meet specific educational...- eTelligent Group is seeking a Senior Technical Lead for security assessments. The role involves developing SCSEMs and automated evaluation files while ensuring compliance with security standards. Candidates must demonstrate experience in information security and possess...Remote job
- A leading IT service provider in Washington, D.C. is looking for a Senior Assessor / Security Assessor to conduct security process analysis and provide guidance on privacy and security activities. The ideal candidate will have at least 6 years of experience in consulting...
- ...Third Party Cyber Assessor Denver, Colorado;Washington, District of Columbia; Chicago... ...responsible for performing information security reviews of third parties that provide services... ...to determine if information security controls are in place and documenting the...Work at officeFlexible hoursShift workDay shift
- ...Focuses on solving conflict, not blaming; Maintains confidentiality; Listens to others without interrupting; Keeps emotions under control; Remains open to others' ideas and tries new things. Judgement - Displays willingness to make decisions; Exhibits sound and accurate...Work at office
- Assessor - Central Asia Contractor Position Status: Level: Mid-level, independent contractor Location: Central Asia Main Purpose of the... ...contractor with experience evaluating ownership, management and control of private companies incorporated in Central Asia. Job...Full timeFor contractors
$94.41k - $144.64k
...and business objectives. Provide strategic business assurance to clients by assisting in the implementation of new processes and controls that address key risks. Assess, manage and optimize information technology risk across a wide range of areas, including cybersecurity...Local area$94.41k - $144.64k
...expand your work experiences and hone your skills as an IT risk professional in the areas of compliance, cybersecurity, and internal controls* You crave the opportunity to be part of a fast growing, entrepreneurial risk consulting practice where your hard work and...Work experience placementLocal areaRemote workWorldwide$95k - $143.6k
Position Summary: This job is responsible for performing information security reviews of third parties that provide services to the bank. Key... ..., during an assessment to determine if information security controls are in place and documenting the controls in assessment...Shift workDay shift$23.16 per hour
...and analyzes various complex potential claims with emphasis on controlling losses through effective managed care. This includes following... ...and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy...For contractorsWork at officeLocal area- ...full-time position for a CMMC Certified Assessor (CCA) at CyberRx, Inc. You need to be... ...collaborators dedicated to safeguarding national security and committed to partnering with our... ...requirements related to handling Controlled Unclassified Information (CUI). Complete...Full timeFor contractorsRemote work
$27 - $32 per hour
...Utilizes all applicable tools available to effectively manage pipeline, system of record, vendor tracking software - queue, as well as control reporting. Provision timely and accurate figures, information, documents, or instructions to assigned attorney/trustee/vendor...Remote jobTemporary workWork experience placementImmediate startWork from homeMonday to Friday$36.58k - $67.06k
...guidelines. Updates claims audit records by entering, verifying, and securing data. Settle standard/complex claims through payment or denial... ...regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear....Remote jobWork experience placementImmediate start- ...dispute‑avoidance documentation. Coordinate with engineering, finance, legal, construction, operations, environmental, HSE, and project control stakeholders to support lender and DOE decision‑making. Engage in data‑room reviews, borrower/contractor interviews, site...Contract workTemporary workFor contractorsWork at officeFlexible hours
- ...Focuses on solving conflict, not blaming; Maintains confidentiality; Listens to others without interrupting; Keeps emotions under control; Remains open to others' ideas and tries new things. Judgement - Displays willingness to make decisions; Exhibits sound and accurate...Work at office
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Security Control Assessor. Be the first to apply!


