Information Assurance Security Specialist (Control Assessor)

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Data Science, Engineering, Mathematics, or a closely related discipline or equivalent practical experience (as permitted by the contract).
• Minimum 4 years of relevant experience supporting enterprise IT environments, with demonstrated work aligned to Information Assurance.
• At least one: CGRC/CAP, CASP+, Cloud+, PenTest+, Security+, or GSEC.
• Must be able to obtain and maintain Public Trust suitability and all required system access (e.g., CAC-enabled accounts) to perform duties.
• This position is aligned to applicable DoD Manual 8140.03 work role 612 (NIST: SP-RM-002); contractor personnel must meet DoD 8570.01-M baseline certification requirements and transition to DoD Manual 8140.03 work role requirements, including required training, knowledge, skills, abilities, and tasks, within Government-directed timelines.

Nice To Haves

• Alternate/equivalent certifications may be accepted with Government approval.
• Preferred/Work-center dependent: Microsoft Certified: Azure Administrator Associate or Microsoft Certified: Windows Server Hybrid Administrator Associate.

Responsibilities

• Assess and validate implementation of security controls using applicable RMF requirements, CNSSI 1253 control sets, assessment procedures from NIST SP 800-53A with DoD-specific assignment values, overlays, and implementation guidance.
• Plan, execute, and document security control assessments, including interviews, artifact/evidence review, and test result validation supporting authorization decisions and risk acceptance determinations.
• Track and report status of major deliverables, including Risk Assessments, Risk Acceptance, accreditation & authorization efforts (A&A), Control Correlation Identifier (CCI) completion, and Plans of Action and Milestones
• Recommend corrective actions and process improvements; maintain accuracy and timeliness of assessment inputs to eMASS (Enterprise Mission Assurance Support Services) and other accreditation requirements.
• Validate evidence of authorization in required security documentation (e.g., System Security Plan, Security Assessment Report, POA&M (Plan of Actions & Milestones), authorization decision documentation) and support audit readiness for FISMA (Federal Information Security Modernization Act) security control testing.
• Review and evaluate the effects of security system changes, including interfaces with other Information Systems, document assessment impacts and required updates to authorization artifacts.
• Support reciprocity by providing directed information in NIST security documents to Government stakeholders.
• Support continuous monitoring by reviewing and updating system assets and security artifacts as part of the Continuous Monitoring process and Annual Review process.
• Coordinate with system owners, engineers, and cybersecurity teams to validate remediation actions and closure evidence for assessment findings.