Security Control Assessor (SCA)

Novul Solutions

About The Position

We are seeking an experienced Security Control Assessor to support the assessment, validation, and authorization of DoD information systems. This role requires a strong background in the Risk Management Framework (RMF) process, security control assessment, and cybersecurity compliance. The ideal candidate will be skilled in evaluating how security controls are implemented, measuring their resilience and reliability, and determining how changes in operational or environmental conditions may affect system security.

Requirements

8+ years of experience in cybersecurity.
5+ years of experience in Certification and Accreditation (C&A), Assessment and Authorization (A&A), or closely related cybersecurity compliance functions.
Demonstrated expertise with the Risk Management Framework (RMF).
Strong knowledge of NIST SP 800-37, NIST SP 800-53, and CNSSI 1253.
Experience supporting DoD security authorization efforts and control validation activities.
Proven ability to review and assess system security documentation for completeness and accuracy.
Previous leadership or team lead experience.
Strong written and verbal communication skills, with the ability to explain assessment findings and remediation actions to technical and non-technical stakeholders.
Bachelor’s Degree required.

Responsibilities

Conduct in-depth security control assessments for DoD information systems in accordance with NIST SP 800-53, NIST SP 800-37, DoD RMF, and JSIG requirements.
Communicate government-approved mitigation and remediation guidance to system owners in support of the RMF process.
Assess and validate the implementation of security controls, including how they support system resilience, reliability, and overall cybersecurity posture.
Apply and interpret the Confidentiality, Integrity, and Availability (CIA) triad and related categorization impact levels (High, Moderate, Low) for assigned systems and programs.
Validate inherited security controls from hosted, interconnected, or external systems.
Evaluate program compliance with controls related to Ports, Protocols, and Services (PP&S), including proper handling, management, and review of log files.
Lead the review, preparation, and quality assurance of Authorization to Operate (ATO) packages and supporting documentation.
Identify control gaps, document findings, and provide actionable recommendations for remediation.
Coordinate with stakeholders, system owners, engineers, and cybersecurity teams to ensure security requirements are properly addressed.
Support assessment activities, artifact reviews, interviews, and technical validations required for authorization decisions.

Benefits

Paid Time Off PTO):TEN (10) Paid days off & FIVE (5) Floating days off.
Holidays: 11 Paid Holidays. Flex time can be utilized instead of holiday time usage.
Payroll: Paid Bi-Monthly.
401(k): Partnered with the SECOND LARGEST Retirement plan provider in the U.S. Guaranteed 3% match. Eligibility – 21 years of age or older, after 3 months of employment
Individual or company-wide performance and recognition awards (Quarterly
UNITED HEALTHCARE PPO, extensive national coverage.
INCLUDES: Medical/Dental/Vision/HSA.
Eligible on the first of the month, immediately after the start date.
Submit the enrollment form within 30 days of your start date otherwise, you will have to wait until October for the new year enrollment.
Training & Career Development Reimbursement of Tuition and training needed to support career development.
$150 monthly reimbursement contribution paid monthly towards parking expenses.
Receipts must be submitted by the close of business on the 25th of each month.
Reimbursements will be paid on the first payroll AFTER reimbursements are submitted each month.
Performance bonus – Project-based
Yearly bonus – Company based