Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Security Control Assessor

$75k - $95k

Tyto Athene, LLC

Description

Tyto Athene is seeking a Security Control Assessor (SCA) to support a federal customer in Washington, DC. The successful candidate will evaluate information systems to ensure compliance with FISMA, NIST, and agency security requirements by conducting thorough security control assessments, documenting objective evidence, and communicating risk in a clear and actionable manner.

The ideal candidate is a detail-oriented cybersecurity professional with exceptional analytical, organizational, and interpersonal skills who can collaborate effectively with technical teams, system owners, and stakeholders while maintaining the highest standards of quality, accuracy, and professionalism throughout the assessment process.

Responsibilities:

  • Support RMF steps 4 –assess, 5 –authorize, step 6 –monitor controls: conducting system security assessments, supporting the system security authorization to operate process, and conducting annual assessments, respectively

  • Produce quality security assessment deliverables, ensuring the content of each deliverable is specific to the subject systems, complete, and accurate

  • Develop and execute a security and privacy assessment plan for each security assessment project

  • Create and maintain test cases for security assessment testing

  • Perform security testing at the control-requirement level for each unique component of each system (e.g., application, web application server, financial systems, database server/instance, operating systems, specialized appliances, network and infrastructure devices, and end-user devices (e.g., mobile phones, laptops, etc.)

  • Conduct technical content review and analysis of technical reports from security vulnerability scan, penetration test, and configuration compliance scan tools with respect to the subject system’s context and environment in order to analyze the findings accurately and completely

  • Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings

  • Document and provide findings and recommendations that are concise, system-specific, and actionable

  • Perform and document client and system-specific risk analysis for each finding identified during each assessment in accordance with NIST SP 800-30, the client’s risk appetite, and the client’s security policies. The results of this risk analysis shall be documented in the Security Assessment Report (SAR) for each assessed FISMA system, and a summary of the assessment results and risk shall be provided in the respective Assessment/Authorization Briefing.

Qualifications

Required:

  • Bachelor's degree and at least four (4) years of total IT experience, including at least two (2) years supporting cybersecurity, information assurance, or Governance, Risk, and Compliance (GRC) activities within the NIST Risk Management Framework (RMF) lifecycle.

  • High school diploma with 8 years of experience in Functional Responsibility area may be substituted for a Bachelor’s Degree

  • PMP, ISO 27001, or CISM certifications equate to 3 years of experience in Functional Responsibility each

  • ITIL, CISSP, or other relevant IT management certifications equate to 2 years of general experience each

  • Thorough knowledge of the Federal Information Security Modernization Act (FISMA), NIST Risk Management Framework (RMF), and Security Assessment and Authorization (SA&A) processes.

  • Demonstrated knowledge of NIST SP 800-53 Rev. 5, NIST SP 800-53A Rev. 5, and NIST SP 800-137.

  • Experience assessing security controls and evaluating the effectiveness of technical, operational, and management safeguards.

  • Ability to assess the severity of identified weaknesses and deficiencies, communicate risk effectively, and recommend appropriate corrective actions.

  • Strong critical thinking, analytical, and problem-solving skills with exceptional attention to detail.

  • Ability to balance security requirements with operational and mission objectives.

  • Excellent technical writing skills, including experience developing assessment reports and documenting security findings.

  • Strong verbal communication and interpersonal skills with the ability to collaborate effectively with technical teams, system owners, and stakeholders.

Desired:

  • Certified Authorization Professional (CAP)

  • Certified in Risk and Information Systems Control (CRISC)

  • Experience with GRC Tools such as ServiceNow, CSAM, etc.

Clearance: US Citizen with Public Trust eligibility required

Location: On-site in DC, minimal remote flexibility

About Tyto Athene

Compensation:

  • Compensation is unique to each candidate and relative to the skills and experience they bring to the position. Salary for this role is between $75-95K. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Benefits:

  • Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave.

Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation that drives measurable success. Our expertise spans four core technology domains—Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT—empowering our clients with cutting-edge solutions tailored to their evolving needs. With over 50 years of experience, Tyto Athene proudly support Defense, Intelligence, Space, National Security, Civilian, Health, and Public Safety clients across the United States and worldwide.

At Tyto Athene, we believe that success starts with our people. We foster a collaborative, innovative, and mission-driven environment where every team member plays a critical role in shaping the future of technology. Are you ready to join #TeamTyto?

Tyto Athene, LLC is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, [sexual orientation, gender identity,] national origin, disability, status as a protected veteran, or any characteristic protected by applicable law.

Submit a Referral (

Location US-DC-Washington

ID 2026-1920

Category Cybersecurity

Position Type Full-Time

Vacancy posted 3 days ago
Similar jobs that could be interesting for youBased on the Security Control Assessor in Washington DC vacancy
  •  ...Security Control Assessor Location: Alexandria, Virginia (Onsite) Role Overview We are seeking a skilled and detail-oriented Security Control Assessor. The successful candidate will be responsible for evaluating, testing, and validating the effectiveness of security... 
    Suggested

    Apex Systems

    Alexandria, VA
    4 days ago
  • $155k - $165k

     ...we’ve described you and your dream workplace, please apply and share in the many benefits and opportunities we offer. Security Control Assessor III Responsibilities: Leads comprehensive security assessments for complex or high-impact systems. Oversees control... 
    Suggested
    For contractors

    Electrosoft

    Washington DC
    5 days ago
  •  ...Security Control AssessorLocation: Arlington, VA (On-Site)Citizenship: US onlyClearance: Active TS/SCI (DHS EOD Suitability required)Company: Argo Cyber Systems, LLC - Service-Disabled Veteran-Owned Small Business (SDVOSB)About Argo Cyber SystemsArgo Cyber Systems provides... 
    Suggested

    Argo Cyber Systems

    Arlington, VA
    1 day ago
  •  ...Job Description We are seeking an experienced Security Control Assessor to support the assessment, validation, and authorization of DoD information systems. This role requires a strong background in the Risk Management Framework (RMF) process, security control assessment... 
    Suggested
    Immediate start
    Flexible hours

    Novul Solutions

    Arlington, VA
    1 day ago
  •  ...Modern Technology Solutions, Inc. (MTSI) is seeking a Security Control Assessor (SCA) to support an MTSI contract with the Assistant Secretary of the Air Force, Acquisition, Technology and Logistics. The SCA is responsible for conducting a comprehensive assessment... 
    Suggested
    Contract work

    Modern Technology Solutions Inc

    Washington DC
    22 hours ago
  •  ...Position Overview The Security Control Assessor must fulfill a variety of cybersecurity functions, to include: System Administrator, Enterprise Oversight, certification and accreditation, SAP and SCI assessment and authorization (A&A), Platform Information Technology... 
    For contractors
    Work experience placement
    Work at office
    Local area
    Worldwide

    G-Force Solutions

    Arlington, VA
    2 days ago
  •  ...Security Control Assessor Security Control Assessor Location: Arlington, VA (On-Site) Citizenship: US only Clearance: Active TS/SCI (DHS EOD Suitability required) Company: Argo Cyber Systems, LLC - Service-Disabled Veteran-Owned Small Business (SDVOSB)... 
    Contract work
    For contractors

    Argo Cyber Systems

    Arlington, VA
    2 days ago
  •  ...Cyber Security And Privacy Control Assessment Support This role offers excellent compensation, career growth potential, and a total rewards package that includes PTO, paid holidays and corporate events, continuing education reimbursements, 401K, an Employee Stock Purchase... 

    Tetra Tech

    Arlington, VA
    4 days ago
  • $112.5k

     ...Security Control Assessor Leidos is seeking mid- to senior-level Security Control Assessors to join our SCA team. This position requires significant travel—please review the position overview below for important details. The maximum starting salary for this role is... 
    Daily paid
    Local area
    Remote work
    Work from home

    Leidos

    Alexandria, VA
    2 days ago
  • $130k - $150k

     ...Senior Security Control Assessor Overview: TSA is currently seeking a Senior Security Control Assessor who will serve as a Functional Lead and provide support to our NAVAIR customer in the DC Metro area. Roles/Responsibilities: Leads cybersecurity... 

    Technology Security Associates

    Arlington, VA
    1 day ago
  • $120k - $135k

     ...Senior Security Control Assessor Cybersecurity Blu Omega is seeking a Senior Security Control Assessor to support a federal program focused on security and privacy control assessments. This role operates within a highly regulated financial environment and is responsible... 
    Permanent employment
    Temporary work

    Blu Omega

    Arlington, VA
    2 days ago
  •  ...Job Description We are seeking a highly skilled Security Control Assessor (SCA) to support independent cybersecurity assessments of systems in accordance with the Risk Management Framework (RMF). This role is responsible for evaluating the implementation and effectiveness... 
    2 days per week

    Centurion Consulting Group, LLC

    Andrews Air Force Base, MD
    2 days ago
  • $87k - $198k

     ...Security Control Assessor and System Certification Specialist, Senior The Opportunity: Function as a Senior System Certification Specialist or Security Control Assessor as part of a team in the performance of Assessment and Authorization (A&A) activities ensuring... 
    Full time
    Contract work
    Part time
    Local area
    Remote work

    Booz Allen Hamilton

    Arlington, VA
    more than 2 months ago
  • TLA is seeking a Security Assessor for evaluating the effectiveness of security measures and controls within the organization's information systems and software applications to ensure the protection of data and compliance with industry standards and regulations. This role... 
    Work experience placement

    Tla Llc

    Washington DC
    3 days ago
  • Direct experience in NIST security control assessments Direct experience in System Security Plan (SSP) development Direct experience conducting or supporting NIST-based risk assessments Demonstrated success interfacing directly with system owners and executive management... 

    Business Integra Inc

    Washington DC
    2 days ago
  • $130k - $147k

    SkyePoint Decisions is seeking an AWS Assessor in Washington, D.C. This role involves leading security assessments and ensuring cloud security compliance for government contracts. Candidates must have extensive experience in cloud security and meet specific educational... 

    SkyePoint Decisions

    Washington DC
    2 days ago
  • eTelligent Group is seeking a Senior Technical Lead for security assessments. The role involves developing SCSEMs and automated evaluation files while ensuring compliance with security standards. Candidates must demonstrate experience in information security and possess... 
    Remote job

    eTelligent Group

    Washington DC
    2 days ago
  • A leading IT service provider in Washington, D.C. is looking for a Senior Assessor / Security Assessor to conduct security process analysis and provide guidance on privacy and security activities. The ideal candidate will have at least 6 years of experience in consulting... 

    Business Integra Inc

    Washington DC
    2 days ago
  •  ...Third Party Cyber Assessor Denver, Colorado;Washington, District of Columbia; Chicago...  ...responsible for performing information security reviews of third parties that provide services...  ...to determine if information security controls are in place and documenting the... 
    Work at office
    Flexible hours
    Shift work
    Day shift

    Bank of America

    Washington DC
    22 hours ago
  •  ...Focuses on solving conflict, not blaming; Maintains confidentiality; Listens to others without interrupting; Keeps emotions under control; Remains open to others' ideas and tries new things. Judgement - Displays willingness to make decisions; Exhibits sound and accurate... 
    Work at office

    Healthcare Legal Solutions LLC

    Washington DC
    5 days ago
  • Assessor - Central Asia Contractor Position Status: Level: Mid-level, independent contractor Location: Central Asia Main Purpose of the...  ...contractor with experience evaluating ownership, management and control of private companies incorporated in Central Asia. Job... 
    Full time
    For contractors

    Page Mechanical Group, Inc.

    Washington DC
    3 days ago
  • $94.41k - $144.64k

     ...and business objectives. Provide strategic business assurance to clients by assisting in the implementation of new processes and controls that address key risks. Assess, manage and optimize information technology risk across a wide range of areas, including cybersecurity... 
    Local area

    Baker Tilly Advisory Group, LP

    Washington DC
    22 hours ago
  • $94.41k - $144.64k

     ...expand your work experiences and hone your skills as an IT risk professional in the areas of compliance, cybersecurity, and internal controls* You crave the opportunity to be part of a fast growing, entrepreneurial risk consulting practice where your hard work and... 
    Work experience placement
    Local area
    Remote work
    Worldwide

    Baker Tilly International

    Washington DC
    2 days ago
  • $95k - $143.6k

    Position Summary: This job is responsible for performing information security reviews of third parties that provide services to the bank. Key...  ..., during an assessment to determine if information security controls are in place and documenting the controls in assessment... 
    Shift work
    Day shift

    Bank of America

    Washington DC
    1 day ago
  • $23.16 per hour

     ...and analyzes various complex potential claims with emphasis on controlling losses through effective managed care. This includes following...  ...and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy... 
    For contractors
    Work at office
    Local area

    Highmark Health

    Washington DC
    1 day ago
  •  ...full-time position for a CMMC Certified Assessor (CCA) at CyberRx, Inc. You need to be...  ...collaborators dedicated to safeguarding national security and committed to partnering with our...  ...requirements related to handling Controlled Unclassified Information (CUI). Complete... 
    Full time
    For contractors
    Remote work

    CYBERRX INC

    Silver Spring, MD
    8 days ago
  • $27 - $32 per hour

     ...Utilizes all applicable tools available to effectively manage pipeline, system of record, vendor tracking software - queue, as well as control reporting. Provision timely and accurate figures, information, documents, or instructions to assigned attorney/trustee/vendor... 
    Remote job
    Temporary work
    Work experience placement
    Immediate start
    Work from home
    Monday to Friday

    Carrington

    Washington DC
    1 day ago
  • $36.58k - $67.06k

     ...guidelines. Updates claims audit records by entering, verifying, and securing data. Settle standard/complex claims through payment or denial...  ...regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear.... 
    Remote job
    Work experience placement
    Immediate start

    CareFirst BlueCross BlueShield

    Washington DC
    1 day ago
  •  ...dispute‑avoidance documentation. Coordinate with engineering, finance, legal, construction, operations, environmental, HSE, and project control stakeholders to support lender and DOE decision‑making. Engage in data‑room reviews, borrower/contractor interviews, site... 
    Contract work
    Temporary work
    For contractors
    Work at office
    Flexible hours

    ProSidian Consulting, LLC

    Washington DC
    1 day ago
  •  ...Focuses on solving conflict, not blaming; Maintains confidentiality; Listens to others without interrupting; Keeps emotions under control; Remains open to others' ideas and tries new things. Judgement - Displays willingness to make decisions; Exhibits sound and accurate... 
    Work at office

    Healthcare Legal Solutions LLC

    Washington DC
    1 day ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Security Control Assessor. Be the first to apply!