Junior Security Control Assessor

About The Position

Requirements

• Bachelor's degree (IT-related field preferred)
• Three (3) years of overall experience in a DoD or Federal IT environment
• Must have experience in at a minimum 3 of the following technology areas: Network, Windows, Unix, End Point Security, Cloud, Application, SQL, Oracle, ACAS, Traditional, RMF
• Have an active Secret with a willingness to upgrade to DoD Top Secret with SCI eligibility
• DoD 8570 IAT Level II certification
• Security+ CE
• CCNA
• CySA+
• GICSP
• GSEC
• CND
• SSCP
• Familiarity with STIGs (Security Technical Implementation Guides), Security Requirement Guides (SRGs), Plan of Action and Milestones (POA&Ms) and cybersecurity best practices
• Understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253
• Familiarity with relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS
• Strong written and verbal communication skills for reporting assessment findings.

Responsibilities

• Conduct cybersecurity assessments, audits, and inspections for DoD organizations and partners handling DoD information or connecting to the DoDIN.
• Evaluate systems and Defensive Cyberspace Operations using cyber threat emulation and performance-based testing.
• Adhere to policies and processes for each assessment type.
• Support assessment development and execution to ensure security expertise is properly applied.
• Coordinate logistics, test plans, and scope with the SCA Team Lead.
• Perform vulnerability assessments, capture results using STIG Viewer or designated tools, and document findings in eMASS.
• Analyze security gaps and provide mitigation recommendations.
• Validate cybersecurity controls, TTPs, STIGs, RMF controls, and compliance with DoD policies and guidelines.
• Provide risk analysis and assessment results for authorization recommendations.
• Participate in daily assessment reviews, in-briefs, and out-briefs, sharing findings with the SCA-R.