Security Control Assessor Representative SCAR

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related discipline with 4-12+ years of experience. (Experience may be substituted for education depending on contract requirements.)
• 3-5+ years of experience in DoD cybersecurity, RMF, or information assurance.
• Requires an active DoD TS/SCI clearance.
• Hands-on experience with the RMF lifecycle, including control validation and assessment.
• Experience preparing and maintaining RMF artifacts (SSP, SAR, POA&M, Risk Assessment, Contingency Plans, etc.).
• Working knowledge of NIST SP 800-53, CNSSI 1253, DoDI 8500.01/8510.01, and AFI 17-101.
• Experience interpreting STIGs, SRGs, ACAS/Nessus scan results, and system hardening requirements.
• Ability to assess vulnerabilities, evaluate risk impact, and recommend mitigation strategies
• Strong written and verbal communication skills, including the ability to brief stakeholders and produce clear technical documentation.
• Ability to perform duties on classified networks and handle sensitive information appropriately.
• DoD 8570/8140 Baseline Certification: IAM-II (e.g., CAP, CASP+, CISM, GSLC), or IAT-II/IAT-III equivalent depending on system requirements.

Nice To Haves

• Prior experience as a SCAR, SCA, ISSO, ISSM, or RMF Assessor for DoD or Air Force programs.
• Experience with eMASS, Xacta, or other RMF automation tools.
• Knowledge of cybersecurity architecture, enterprise networks, virtualization, and system lifecycle management.
• Experience supporting or validating controls on classified systems at various impact levels (IL4-IL6, JWICS/SIPR/NIPR).
• Hands-on experience performing Security Test & Evaluation (ST&E).
• Experience analyzing audit logs, monitoring tools, and cybersecurity alerts.
• Familiarity with Zero Trust principles, DoD cloud security models, and current cyber threat landscapes.
• Advanced cybersecurity certifications (e.g., CISSP, CCSP, CEH, GSNA, GSCP, GCIH).
• Experience briefing senior leaders or government authorization officials.

Responsibilities

• Supports the development, maintenance, and review of RMF cybersecurity documentation, including: System Security Plan (SSP) Cybersecurity Plan Security Assessment Report (SAR) Risk Assessment Reports (RAR) Plan of Actions and Milestone (POA&Ms) Standard Operating Procedures (SOPs) and system operating procedures
• Support all RMF activities to obtain and sustain Authority to Operate (ATO) or Interim Approval to Test (IATT).
• Conduct security control assessments to validate effectiveness and compliance with DoD_instrsturctions, NIST SP 800-53, CNSSI 1253, and AFI 17-101.
• Validate system configurations, architectures, STIG/SRG compliance, and vulnerability management practices.
• Review cybersecurity artifacts for accuracy, completeness, and alignment to system categorization.
• Manage cybersecurity baselines, continuous monitoring, audit remediation, and configuration control for classified and unclassified systems.
• Provide expert recommendations on security architecture, risk mitigation, and prioritization of vulnerabilities based on mission impact.
• Develop and maintain cybersecurity strategies supporting both short-term and long-term program objectives.
• Perform periodic risk assessments and evaluate security posture against evolving threats and compliance mandates.
• Assist government personnel with incident response activities, data sanitization processes, and secure media handling.
• Interface with government independent assessment teams to support assessment and authorization efforts.
• Ensure continuous accountability of hardware, software, and digital artifacts on classified networks.
• Maintain awareness of emerging cybersecurity threats and recommend updates to policies, plans, and procedures.