Junior Security Control Assessor (On-Site)

Crest Security AssuranceWashington, DC
$117,000 - $123,000Onsite

About The Position

The candidate shall provide support for the customer’s security compliance program. This includes working with system owners, support teams, developers, vendors, and other stakeholders to conduct control assessments. The role involves ensuring that plans of action and milestones (POAMs) are properly tracked, managed, and remediated, and assisting with inventory management for security and privacy assets. The position also supports training and awareness activities by developing metrics and producing reports on program effectiveness. Additionally, the candidate will assist with the design and implementation of an authorization process aligned with NIST standards, ensuring proper security assessments for new or changed systems. A key responsibility is assisting with the development of a detailed security assessment framework based on NIST standards, identifying appropriate tools, techniques, and metrics for evaluating system and application security. The role also includes conducting security assessments, identifying vulnerabilities, documenting findings, and proposing remediation strategies.

Requirements

  • At least 2 years of experience performing the functions associated with this labor category.
  • Experience performing control assessments as part of a team in accordance with applicable NIST standards (NIST 800-53, Rev 5, or newer version, as applicable).
  • Experience preparing control assessment plans, executing technical and non-technical assessments actions, evaluating the risk associated with areas of deficiency, and documenting detailed findings and executive-level summaries of assessment results.
  • Experience briefing stakeholders on key findings, recommendations, risks, and impacts.
  • Experience providing direct support of information security compliance activities, including managing plans of actions and milestones (POA&Ms) and inventories of information systems.
  • Understanding of relevant laws and regulations, such as NIST guidance and OMB memoranda. This includes knowledge of the NIST Risk Management Framework and familiarity with key publications like NIST SP 800-37, 800-53, and 800-171.
  • Experience conducting security assessments on federal systems.
  • Experience assessing and mitigating risks associated with cybersecurity and data privacy.
  • Experience developing and implementing compliance programs, conducting risk assessments, and advising on compliance-related issues.
  • Experience with the system Authorization to Operate process, including understanding the documentation required, the levels of approval needed, and the most effective ways to manage this process within a federal environment.
  • Basic understanding of procurement processes and contract language requirements for federal mandates.
  • Experience communicating complex regulatory and compliance information in a clear and concise manner.
  • Experience tracking and reporting on training and awareness program performance, including calculating metrics to help measure the effectiveness of security, privacy, and social engineering training.
  • US Citizen is required.

Nice To Haves

  • Certified Information Systems Security Professional (CISSP)
  • GIAC Security Essentials Certification (GSEC)

Responsibilities

  • Work with system owners, support teams, developers, vendors, and other stakeholders as necessary to conduct control assessments.
  • Ensure that plans of action and milestones (POAMs) are properly tracked, managed, and remediated.
  • Assist with inventory management for security and privacy assets.
  • Support training and awareness activities by developing metrics and producing reports on program effectiveness.
  • Assist with the design and implementation of an authorization process that aligns with NIST standards, ensuring that new systems or significant changes to existing systems undergo proper security assessments before being authorized for operation with the environment.
  • Assist with the development of a detailed security assessment framework based on NIST standards, identifying the appropriate tools, techniques, and metrics for evaluating the security of systems and applications.
  • Conduct security assessments, identify vulnerabilities, document findings, and propose remediation strategies to address any identified security gaps.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service