ZipRecruiter

Log In

1

Security Control Assessor Jobs in Reston, VA (NOW HIRING)

Electrosoft

Security Control Assessor

Washington, DC ยท Hybrid

Security Control Assessor III Responsibilities: * Leads comprehensive security assessments for complex or high-impact systems. * Oversees control testing strategies, validates remediation ...

IMAGINEEER LLC

SME Security Control Assessor

Arlington, VA ยท On-site +1

$45 - $50/hr

We are looking for a SME Security Control Assessor that supports security control assessment activities for HHS-ACF information systems by applying NIST security controls and frameworks to evaluate ...

Electrosoft

Security Control Assessor

Washington, DC ยท On-site

$155K - $165K/yr

Security Control Assessor III Responsibilities: * Leads comprehensive security assessments for complex or high-impact systems. * Oversees control testing strategies, validates remediation ...

TSA, Inc.

Senior Security Control Assessor

Arlington, VA

$130K - $150K/yr

Senior Security Control Assessor Overview: TSA is currently seeking a Senior Security Control Assessor who will serve as a Functional Lead and provide support to our NAVAIR customer in the DC Metro ...

Imagineeer LLC

SME Security Control Assessor

Arlington, VA ยท On-site

$45 - $50/hr

We are looking for a SME Security Control Assessor that supports security control assessment activities for HHS-ACF information systems by applying NIST security controls and frameworks to evaluate ...

next page

Showing results 1-20

People also search for

All JobsSecurity Control Assessor JobsSecurity Control Assessor Jobs in Reston, VA

Security Control Assessor information

See Reston, VA salary details

$9

$62

$82

How much do security control assessor jobs pay per hour?

As of May 30, 2026, the average hourly pay for security control assessor in Reston, VA is $62.11, according to ZipRecruiter salary data. Most workers in this role earn between $53.37 and $71.88 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Security Control Assessor, and why are they important?

To thrive as a Security Control Assessor, you need expertise in information security principles, risk management frameworks like NIST RMF, and a relevant bachelor's degree or equivalent work experience. Familiarity with security assessment tools, compliance management systems, and certifications such as CISSP, CISA, or CAP is typically required. Strong analytical thinking, attention to detail, and effective communication are crucial for evaluating security controls and reporting findings clearly. These skills ensure accurate risk assessments, regulatory compliance, and robust protection of organizational information assets.

What are the main challenges Security Control Assessors face when evaluating complex information systems?

Security Control Assessors often encounter challenges such as rapidly evolving security threats, integrating new technologies, and ensuring compliance with multiple frameworks (like NIST, FISMA, or RMF). Assessing large, interconnected systems requires attention to detail and strong analytical skills to identify vulnerabilities and recommend effective controls. Collaboration with system owners, IT staff, and auditors is essential to obtain comprehensive documentation and clarify system boundaries, which can be a demanding part of the assessment process.

What are Security Control Assessors?

Security Control Assessors (SCAs) are professionals responsible for evaluating the security controls of information systems to ensure they meet required standards and regulations. They conduct assessments, document findings, and provide recommendations to help organizations manage risk and achieve compliance with frameworks such as NIST or FISMA. SCAs play a critical role in maintaining the security and integrity of sensitive data by identifying vulnerabilities and verifying that corrective actions are implemented effectively.

What is the difference between Security Control Assessor vs Security Analyst?

AspectSecurity Control AssessorSecurity Analyst
CertificationsRisk Management Framework (RMF), CISSP, CISACISSP, Security+
Work EnvironmentFederal agencies, DoD, government complianceCorporate, cybersecurity teams, IT departments
ResponsibilitiesAssess security controls, ensure compliance, auditMonitor security, analyze threats, implement security measures

The Security Control Assessor primarily evaluates security controls for compliance and risk management, often within government agencies. In contrast, the Security Analyst focuses on monitoring and analyzing security threats to protect organizational assets. While both roles require cybersecurity knowledge and certifications like CISSP, their focus areas and work environments differ significantly.

What are the most commonly searched types of Security Control Assessor jobs in Reston, VA? The most popular types of Security Control Assessor jobs in Reston, VA are:
What are popular job titles related to Security Control Assessor jobs in Reston, VA? For Security Control Assessor jobs in Reston, VA, the most frequently searched job titles are:
What job categories do people searching Security Control Assessor jobs in Reston, VA look for? The top searched job categories for Security Control Assessor jobs in Reston, VA are:
What cities near Reston, VA are hiring for Security Control Assessor jobs? Cities near Reston, VA with the most Security Control Assessor job openings:
Security Control Assessor jobs near you
Security Control Assessor

Security Control Assessor

cFocus Software Incorporated

Washington, DC โ€ข On-site

Full-time

Posted 22 days ago

Job description

Security Control Assessor
Position Title: Security Control Assessor
Program: SBA Enterprise Cybersecurity Services (ECS)Position Overview
The Security Control Assessor (SCA) shall provide cybersecurity assessment, authorization, and compliance support services for the U.S. Small Business Administration (SBA) Enterprise Cybersecurity Services (ECS) program. Key Responsibilities
  • Conduct independent security control assessments in accordance with NIST SP 800-53 Rev. 5 and NIST SP 800-53A methodologies.
  • Evaluate management, operational, and technical security controls for federal information systems and cloud environments.
  • Support the SBA Risk Management Framework (RMF) lifecycle including assessment, authorization, continuous monitoring, and ongoing authorization activities.
  • Develop and maintain Security Assessment Reports (SARs), Security Assessment Plans (SAPs), POA&Ms, risk findings, and remediation recommendations.
  • Review and validate cybersecurity documentation including System Security Plans (SSPs), Configuration Management Plans (CMPs), Incident Response Plans, ISCPs, and architecture diagrams.
  • Perform vulnerability assessment validation activities and verify remediation efforts for identified weaknesses and deficiencies.
  • Support Information System Continuous Monitoring (ISCM) activities and ongoing authorization (OA) evaluation support.
  • Assess compliance with FISMA, OMB Circular A-130, NIST guidance, FedRAMP requirements, and agency-specific cybersecurity policies.
  • Support audit readiness activities for Inspector General (IG), GAO, FISMA, and internal cybersecurity audits.
  • Assist with High Value Asset (HVA) assessment support activities in alignment with CISA and OMB guidance.
  • Coordinate with ISSOs, ISSMs, system owners, and engineering teams to evaluate cybersecurity risks and remediation strategies.
  • Support enterprise vulnerability management and risk reporting activities.
  • Participate in cybersecurity governance meetings, compliance reviews, and technical assessment briefings.
  • Document assessment findings, technical analysis, and recommendations with clear and concise reporting suitable for executive and technical stakeholders.
  • Support development of cybersecurity metrics, dashboards, and compliance reporting artifacts.
  • Ensure all assessment deliverables are peer reviewed, Section 508 compliant, and delivered in accordance with SBA-defined quality standards and timelines.
Required Qualifications
  • Bachelor's degree in Cybersecurity, Information Assurance, Information Technology, Computer Science, Engineering, or related field.
  • Minimum of six (6) years of experience supporting federal cybersecurity assessment, compliance, RMF, or security authorization activities.
  • Minimum of four (4) years of experience conducting security control assessments, vulnerability assessments, or cybersecurity compliance evaluations.
  • Demonstrated expertise in NIST RMF processes, NIST SP 800-53 Rev. 5, NIST SP 800-53A, and FISMA compliance requirements.
  • Experience developing Security Assessment Reports (SARs), Security Assessment Plans (SAPs), POA&Ms, and related accreditation documentation.
  • Experience supporting continuous monitoring, ongoing authorization (OA), and cybersecurity audit activities.
  • Knowledge of FedRAMP security assessment and continuous monitoring requirements.
  • Experience using cybersecurity assessment, vulnerability management, and governance/risk/compliance (GRC) tools.
  • Strong analytical, technical writing, and communication skills.
  • Relevant cybersecurity certifications such as CAP, CISSP, CISA, Security+, CEH, or equivalent preferred.
  • Ability to obtain and maintain a Moderate Risk background investigation and eligibility for higher-level clearances if required.
Desired Experience
  • Experience supporting civilian federal agencies such as SBA, DHS, or CISA.
  • Experience supporting FedRAMP cloud environments including Microsoft Azure, AWS, Microsoft 365, and SaaS platforms.
  • Experience supporting enterprise cybersecurity metrics, dashboards, and automated compliance reporting.

Apply