1

Security Control Assessor Jobs in Reston, VA (NOW HIRING)

Security Control Assessor

Washington, DC · On-site

$165K - $185K/yr

Job Title Security Control Assessor The most security-conscious organizations trust Telos Corporation to protect their vital IT assets. The reputation of our company rests on the quality of our ...

Security Control Assessor (SCA) LOCATION Chantilly, VA 20151 CLEARANCE TS/SCI Full Poly (Please note this position requires full U.S. Citizenship) KEY SUMMARY We are seeking a meticulous and detail ...

POSITION OVERVIEW As a Security Control Assessor, you will play a key role in conducting Security Control Assessments at various government sites, with approximately 85% of your time on travel ...

Security Control Assessor (SCA) LOCATION Reston, VA 20190 CLEARANCE TS/SCI Full Poly (Please note this position requires full U.S. Citizenship) KEY SUMMARY We are seeking a meticulous and detail ...

Security Control Assessor (SCA) LOCATION Tysons, VA 22182 CLEARANCE TS/SCI Full Poly (Please note this position requires full U.S. Citizenship) KEY SUMMARY We are seeking a meticulous and detail ...

POSITION OVERVIEW As a Security Control Assessor, you will play a key role in conducting Security Control Assessments at various government sites, with approximately 85% of your time on travel ...

Security Control Assessor

Arlington, VA · On-site

$110K - $130K/yr

Security Control AssessorLocation: Arlington, VA (On-Site)Citizenship: US onlyClearance: Active TS/SCI (DHS EOD Suitability required)Company: Argo Cyber Systems, LLC - Service-Disabled Veteran-Owned ...

next page

Showing results 1-20

Security Control Assessor information

See Reston, VA salary details

$9

$61

$81

How much do security control assessor jobs pay per hour?

As of Jul 13, 2026, the average hourly pay for security control assessor in Reston, VA is $61.14, according to ZipRecruiter salary data. Most workers in this role earn between $52.50 and $70.77 per hour, depending on experience, location, and employer.

Can you make $500,000 a year in cyber security?

Security Control Assessors typically earn salaries ranging from $70,000 to $150,000 annually, depending on experience, certifications, and location. Reaching a $500,000 annual salary in cybersecurity generally requires senior roles, specialized expertise, management positions, or consulting work with high-value contracts.

Is SOC an entry level job?

A Security Control Assessor (SOC) role is typically not entry-level; it usually requires prior experience in cybersecurity, knowledge of security frameworks, and relevant certifications such as CISSP or Security+. Entry-level positions in cybersecurity may include roles like Security Analyst or Technician, with SOC roles often requiring more specialized skills and experience. However, some organizations offer junior or trainee SOC positions for those starting their cybersecurity careers.

What are the key skills and qualifications needed to thrive as a Security Control Assessor, and why are they important?

To thrive as a Security Control Assessor, you need expertise in information security principles, risk management frameworks like NIST RMF, and a relevant bachelor's degree or equivalent work experience. Familiarity with security assessment tools, compliance management systems, and certifications such as CISSP, CISA, or CAP is typically required. Strong analytical thinking, attention to detail, and effective communication are crucial for evaluating security controls and reporting findings clearly. These skills ensure accurate risk assessments, regulatory compliance, and robust protection of organizational information assets.

What skills do you need to be a security control assessor?

A security control assessor needs strong knowledge of cybersecurity frameworks, risk management, and security controls. Skills in analyzing security policies, conducting assessments, and familiarity with tools like NIST, ISO standards, and vulnerability scanning are essential. Certifications such as CISSP or CISA can also enhance qualifications.

What is the difference between Security Control Assessor vs Security Analyst?

AspectSecurity Control AssessorSecurity Analyst
CertificationsRisk Management Framework (RMF), CISSP, CISACISSP, Security+
Work EnvironmentFederal agencies, DoD, government complianceCorporate, cybersecurity teams, IT departments
ResponsibilitiesAssess security controls, ensure compliance, auditMonitor security, analyze threats, implement security measures

The Security Control Assessor primarily evaluates security controls for compliance and risk management, often within government agencies. In contrast, the Security Analyst focuses on monitoring and analyzing security threats to protect organizational assets. While both roles require cybersecurity knowledge and certifications like CISSP, their focus areas and work environments differ significantly.

What is the role of a security control assessor?

A security control assessor evaluates the effectiveness of security controls implemented within an organization to ensure they meet security standards and compliance requirements. They review documentation, conduct testing, and provide recommendations for improvement, often working with frameworks like NIST or ISO. Certification such as CISSP or CISA is commonly required for this role.

What are the main challenges Security Control Assessors face when evaluating complex information systems?

Security Control Assessors often encounter challenges such as rapidly evolving security threats, integrating new technologies, and ensuring compliance with multiple frameworks (like NIST, FISMA, or RMF). Assessing large, interconnected systems requires attention to detail and strong analytical skills to identify vulnerabilities and recommend effective controls. Collaboration with system owners, IT staff, and auditors is essential to obtain comprehensive documentation and clarify system boundaries, which can be a demanding part of the assessment process.

What are Security Control Assessors?

Security Control Assessors (SCAs) are professionals responsible for evaluating the security controls of information systems to ensure they meet required standards and regulations. They conduct assessments, document findings, and provide recommendations to help organizations manage risk and achieve compliance with frameworks such as NIST or FISMA. SCAs play a critical role in maintaining the security and integrity of sensitive data by identifying vulnerabilities and verifying that corrective actions are implemented effectively.
What are the most commonly searched types of Security Control Assessor jobs in Reston, VA? The most popular types of Security Control Assessor jobs in Reston, VA are:
What are popular job titles related to Security Control Assessor jobs in Reston, VA? For Security Control Assessor jobs in Reston, VA, the most frequently searched job titles are:
What job categories do people searching Security Control Assessor jobs in Reston, VA look for? The top searched job categories for Security Control Assessor jobs in Reston, VA are:
What cities near Reston, VA are hiring for Security Control Assessor jobs? Cities near Reston, VA with the most Security Control Assessor job openings:
Infographic showing various Security Control Assessor job openings in Reston, VA as of July 2026, with employment types broken down into 3% Locum Tenens, 26% Full Time, 3% Part Time, 1% Temporary, 66% Nights, and 1% Summer. Highlights an 88% Physical, 3% Hybrid, and 9% Remote job distribution, with an average salary of $127,169 per year, or $61.1 per hour.

Security Control Assessor

Northern Technologies Group, Inc.

Washington, DC • On-site

Other

Posted 4 days ago


Job description

Description

Job DescriptionPosition Summary Northern Technologies Group (NTG) is seeking an experienced Security Control Accessor to provide expert-level support to the Department of Defense (DoD) Chief Information Officer's SAP IT Cybersecurity program. This role delivers technical and managerial leadership across RMF activities, system accreditation, and enterprise-wide cyber compliance. The Security Control Accessor will serve as a trusted cybersecurity advisor, managing high-impact assessments and helping to ensure secure operations across highly classified SAP environments.Essential Duties and Responsibilities
  • Lead Risk Management Framework (RMF) activities, including the development, review, and validation of:
  • System Security Plans (SSPs)
  • Security Assessment Plans (SAPs)
  • Plan of Action and Milestones (POA&Ms)
  • Security Assessment Reports (SARs)
  • Security Control Traceability Matrices (SCTMs)
  • Act as an advisor to the Authorizing Official (AO), providing SME input to support Authorization to Operate (ATO) decisions.
  • Perform system security assessments, documentation reviews, and artifact evaluations in eMASS or equivalent tools.
  • Validate control inheritance and implementation across hybrid, cloud, AI/ML-enabled, or cross-domain architectures.
  • Provide technical guidance to system owners, ISSMs, SCAs, and program staff to maintain compliance with DoD cybersecurity mandates.
  • Assist in development and standardization of SOPs, cybersecurity scorecards, and dashboards.
  • Support cybersecurity incident response documentation and post-event reporting in classified environments.
  • Participate in enterprise-wide security initiatives, policy updates (e.g., JSIG revisions), and threat awareness activities.
  • Serve as eMASS administrator: manage accounts, permissions, workflows, and enterprise-level metrics reporting.
Minimum Qualifications (Knowledge, Skills, and Abilities)
  • Master's degree in cybersecurity or a related technical field
    (Or equivalent combination: e.g., Bachelor's + 2 years, or High School + 6 years of additional experience)
  • Minimum of 12 years of relevant cybersecurity experience, including leadership in RMF/A&A efforts.
  • Clearance: Active TS/SCI with eligibility for SAP access
  • Certifications: Must hold a cybersecurity certification at IAT Level III or IAM Level III (e.g., CISSP, CISM, CASP+)
Physical Demands and Work Environment 

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions.

While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand; walk; sit; and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate. 

Travel

Up to 10% - Local travel within NCR may be required; occasional CONUS travel possible

Shift

  • Standard 8-hour workdays, Monday-Friday (core hours: 9 AM-3 PM) 
  • May require occasional travel within the National Capital Region (NCR) and limited CONUS travel
  • On-call response may be required for critical system issues or classified facility access
Note

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship.