Security Control Assessor

ASRC Federal•Washington, DC

1d•Hybrid

About The Position

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work™ ASRC Federal Technology Solutions is seeking a Security Control Assessor to support our federal customer in the Washington, DC metro area. This role provides leadership in implementing and overseeing federal cybersecurity programs for multiple sites across the nation. The successful candidate will conduct security control reviews aligned with federal standards, particularly NIST SP 800-53 and the Risk Management Framework (RMF). The assessor will collaborate closely with penetration testing teams to evaluate program-level risk and assist sites in developing effective remediation strategies. This is a hybrid position.

Requirements

Education: Bachelor's degree in a related field.
Experience: 10+ years of cybersecurity experience, with extensive knowledge of federal security controls and RMF.
Experience in vulnerability analysis and remediation, including articulating the impact of unmet controls and threat actor behavior.
Proficiency in developing comprehensive Authorization Packages (SSP, SAR, POA&M).
Excellent written and oral communication skills with the ability to present technical findings to executive stakeholders.
Clearance: Active DOE Q-Clearance or Top Secret (TS) equivalent.

Nice To Haves

Familiarity with FedRAMP, cloud security authorization, and inherited controls.
Experience using Power BI for reporting and analytics.
Proficiency in MS Office Suite (especially Excel and Word).
Working knowledge of GRC platforms such as RegScale and Archer GRC Tools.

Responsibilities

Develop and execute assessment plans in alignment with NIST SP 800-53 security controls.
Review and interpret outputs from cybersecurity tools (e.g., Tenable, CrowdStrike).
Conduct security control reviews and assessments for federal systems under RMF.
Collaborate with penetration testing teams to evaluate risk and inform remediation strategies.
Provide mentorship to junior team members; contribute to the evolution of assessment methodologies and tools.
Assist in the development of Authorization Packages, including:
System Security Plans (SSPs)
Security Assessment Reports (SARs)
Plan of Action and Milestones (POA&Ms)
Support Purple Team engagement initiatives with sites.
Interpret and apply FedRAMP security requirements and inherited cloud controls.
Engage in discussions around architectural design and remediation strategies for common IT systems.
Monitor emerging technologies and industry trends (e.g., AI) for potential impact on federal cybersecurity policies.

Benefits

Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume