Security Controls Assessor (SCA) - Senior

23 hours ago
Full-time
Senior
Cybersecurity
Avint

Avint

Avint, LLC provides transformational cybersecurity solutions to federal agencies and commercial organizations, optimizing security investments with a holistic strategy.

IT Services
11-50
Founded 2018

Description

  • Lead comprehensive security control assessments of complex information systems using interviews, examination, and testing methods.
  • Verify compliance with NIST SP 800-37, NIST SP 800-53, NIST SP 800-171, FISMA, and/or FedRAMP requirements.
  • Analyze system architectures, network diagrams, configuration settings, and policies to identify vulnerabilities and compliance gaps.
  • Review vulnerability scanning results and penetration testing reports to validate technical control implementation.
  • Serve as a senior technical escalation point and mentor for junior and mid-level Security Controls Assessors.
  • Perform peer reviews of assessment documentation, test results, and reports for technical accuracy and consistency.
  • Help define, refine, and standardize assessment methodologies, testing procedures, and reporting templates.
  • Author, review, and finalize Security Assessment Reports detailing findings, risks, and recommended remediations.
  • Present assessment findings and risk posture to Authorizing Officials, system owners, and other stakeholders.
  • Assist system owners with developing Plans of Action and Milestones and support continuous monitoring efforts.

Requirements

  • Bachelor’s degree in a related field or equivalent professional experience.
  • Security+ certification required; CISSP, CAP, or CASP preferred.
  • 8-10 years of dedicated experience in cybersecurity, information assurance, or IT auditing.
  • At least 6 years of hands-on experience performing security controls assessments of complex C4 systems.
  • Must be a U.S. citizen with no dual citizenship.
  • Ability to pass a background investigation and obtain/maintain DHS Suitability/Entry on Duty (EOD).
  • Strong analytical, critical thinking, and problem-solving skills with a high level of technical professional skepticism.
  • Excellent technical writing skills with the ability to document complex findings and defend results to stakeholders.
  • Exceptional interpersonal and diplomatic skills for collaboration with administrators, developers, and management.
  • Advanced knowledge of security control frameworks, operating system security, network protocols, access control mechanisms, and vulnerability management tools.
  • Familiarity with cloud security concepts across AWS, Azure, and Google Cloud, plus FedRAMP compliance.
  • Experience with vulnerability scanning tools such as Nessus and Qualys is preferred.

Benefits

  • Competitive salary range of $125,000-$141,000.
  • Full health insurance.
  • Generous time off.
  • Observation of federal holidays.
  • Professional development support.
  • Reimbursement for courses, exams, and tuition.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

RMF Process Lead (R-00177)

True Zero Technologies 11-50 Internet Software & Services

True Zero Technologies is hiring an RMF Process Lead to own and modernize federal Risk Management Framework workflows and support the transition to a new enterprise GRC or RMF platform.

22 hours, 45 minutes ago

Cyber Security Advisor

Centorrino Technologies 51-250 Internet Software & Services

Centorrino Technologies is hiring a Cyber Security Advisor in Australia to protect client digital environments, manage cyber risk and incidents, and support security governance and compliance.

Cybersecurity SIEM
22 hours, 45 minutes ago

Chief Information Security Officer – Indonesia

Binance 5K-10K Capital Markets

Binance is seeking a Chief Information Security Officer to lead cybersecurity, operational resilience, and regulatory compliance for its Indonesia operations.

Cybersecurity Penetration Testing
23 hours ago

Senior Technical Consultant - Network Security Operations

AHEAD 1K-5K IT Services

AHEAD is seeking a Senior Technical Consultant to lead ExtraHop Reveal(x) 360 cybersecurity deployments for enterprise clients, from sensor placement and detection tuning to integrations and advisory support.

AWS Azure CrowdStrike Cybersecurity DNS HTTP JavaScript Linux macOS Network Security Python REST API SIEM Splunk TCP/IP
23 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers