Security Control Assessor Representative (SCAR)

About The Position

Requirements

• 10+ years of relevant work experience, including experience as an ISSO, ISSM, SCA, SCAR, or similar roles.
• Mastery of the NIST Risk Management Framework (RMF), including all seven steps and in-depth knowledge of NIST SP 800-53 security controls and their application to complex government information systems.
• Comprehensive technical understanding and practical experience with Windows/Linux OS hardening (including STIGs), network protocols (TCP/IP), firewall configurations, IDS/IPS, cloud security (FedRAMP, AWS/Azure GovCloud), virtualization, and database security.
• Hands-on experience with vulnerability scanning (ACAS/Tenable.sc/Nessus), configuration assessment (SCAP/STIG tools), and log analysis/SIEM platforms (e.g., Splunk, Elastic Stack) to identify and evaluate security posture.
• Expert-level knowledge of DoD/Agency-specific security requirements (e.g., DoDI 8500.01, CNSSI 1253), IAVMs, and STIG implementation/verification.
• Proven ability to develop and review System Security Plans (SSPs), write comprehensive Security Assessment Reports (SARs), and manage Plans of Action and Milestones (POA&Ms).
• Strong capability in analyzing control effectiveness, identifying critical risks, and articulating residual risk to Authorizing Officials (AOs).
• A Bachelors degree in a relevant field or 3+ years of relevant experience
• Possess a valid certification that meets or exceeds DoD 8570.01-M IAM III requirements
• US Citizenship and an active Top Secret security clearance with SCI eligibility.

Responsibilities

• Reviewing, assessing, and providing advice/recommendations to the SCA/AO throughout the RMF process for assigned programs.
• Obtaining and maintaining Authority to Operate (ATO) approvals for various AFNWC weapon subsystems and supporting IT systems by adhering to the Risk Management Framework (RMF).