Security Control Assessor

ECS Tech Inc-posted 3 days ago
$90,000 - $120,000/Yr
Full-time • Mid Level
Washington, DC
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

ECS is seeking a Security Control Assessor to work in our Washington, DC office. Overview ECS is seeking a Security Control Assessor to support the Department of State (DOS), Bureau of Diplomatic Technology (DT). This role is part of the Independent Security Control Assessment (ISCA) team, responsible for ensuring high-value and mission-critical systems comply with federal cybersecurity policies. The ideal candidate will serve as a Security Control Assessor, executing the full RMF Step 4 lifecycle. This includes developing Security Assessment Plans (SAP), conducting detailed control testing under NIST SP 800-53A Rev. 5, and producing Security Assessment Reports (SARs) that enable Authorizing Officials to make informed risk-based decisions.

  • Assessment Planning (RMF Step 4): Develop and finalize Security Assessment Plans (SAP) that identify controls to be tested, assessment methods (examination, interview, testing), and required tools.
  • Collaborate with system stakeholders to understand system boundaries and identify control testing strategies aligned with NIST SP 800-53A and SP 800-115.
  • Security Control Assessment: Perform independent and comprehensive assessments of security controls using manual and automated techniques to verify they are implemented correctly and operating as intended.
  • Document objective evidence of control implementation and effectiveness, including screenshots, logs, and interview notes.
  • Assess control inheritance from common control providers and external service providers.
  • Reporting & Risk Analysis: Develop Security Assessment Reports (SAR) detailing all findings, vulnerabilities, and residual risks.
  • Prepare Risk Acceptance Recommendation Reports and Executive Summary Briefings for the Authorizing Official (AO).
  • Analyze security tool reports to determine residual risk and differentiate between false positives and valid findings before assigning vulnerabilities.
  • Remediation & Continuous Monitoring: Coordinate with ISSOs and system owners to validate mitigation strategies and update Plans of Action and Milestones (POA&Ms).
  • Conduct retesting of remediated vulnerabilities and update the SAR and Closure Verification Reports accordingly.
  • Support ongoing continuous monitoring by assessing a subset of controls annually to confirm continued compliance.
  • Clearance: Active Secret Security Clearance.
  • Experience: 5+ years of Information Security experience, with at least 3 years specifically supporting security assessment teams (SCA).
  • Framework Proficiency: Deep understanding of NIST SP 800-53 Rev. 5 (Security and Privacy Controls), NIST SP 800-53A (Assessment Procedures), and NIST SP 800-37 Rev. 2 (RMF).
  • Technical Writing: Proven experience developing RMF artifacts including SAPs, SARs, and POA&Ms.
  • Assessment Tools: Experience using eGRC tools (e.g., ArchAngel, CSAM, Xacta, Archer, ArchAngel) and analyzing vulnerability scan reports.
  • Communication: Strong ability to present control deficiencies and risk implications to both technical and non-technical audiences.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service