1

Security Control Assessor Jobs in Reston, VA (NOW HIRING)

Extensive experience with the NIST RMF and independently leading security control assessments from start to finish using the NIST Framework. * Experience in several of the following areas is required ...

Security Control Assessor (SCA)

Springfield, VA ยท On-site

$140K - $210K/yr

Overview VTG is looking for multiple levels (Level 2, 3 & 4) of a Security Control Assessor (SCA) in multiple locations. (Note: position is contingent upon program award and the postions are located ...

next page

Showing results 1-20

Security Control Assessor information

See Reston, VA salary details

$9

$61

$81

How much do security control assessor jobs pay per hour?

As of Jul 13, 2026, the average hourly pay for security control assessor in Reston, VA is $61.14, according to ZipRecruiter salary data. Most workers in this role earn between $52.50 and $70.77 per hour, depending on experience, location, and employer.

Can you make $500,000 a year in cyber security?

Security Control Assessors typically earn salaries ranging from $70,000 to $150,000 annually, depending on experience, certifications, and location. Reaching a $500,000 annual salary in cybersecurity generally requires senior roles, specialized expertise, management positions, or consulting work with high-value contracts.

Is SOC an entry level job?

A Security Control Assessor (SOC) role is typically not entry-level; it usually requires prior experience in cybersecurity, knowledge of security frameworks, and relevant certifications such as CISSP or Security+. Entry-level positions in cybersecurity may include roles like Security Analyst or Technician, with SOC roles often requiring more specialized skills and experience. However, some organizations offer junior or trainee SOC positions for those starting their cybersecurity careers.

What are the key skills and qualifications needed to thrive as a Security Control Assessor, and why are they important?

To thrive as a Security Control Assessor, you need expertise in information security principles, risk management frameworks like NIST RMF, and a relevant bachelor's degree or equivalent work experience. Familiarity with security assessment tools, compliance management systems, and certifications such as CISSP, CISA, or CAP is typically required. Strong analytical thinking, attention to detail, and effective communication are crucial for evaluating security controls and reporting findings clearly. These skills ensure accurate risk assessments, regulatory compliance, and robust protection of organizational information assets.

What skills do you need to be a security control assessor?

A security control assessor needs strong knowledge of cybersecurity frameworks, risk management, and security controls. Skills in analyzing security policies, conducting assessments, and familiarity with tools like NIST, ISO standards, and vulnerability scanning are essential. Certifications such as CISSP or CISA can also enhance qualifications.

What is the difference between Security Control Assessor vs Security Analyst?

AspectSecurity Control AssessorSecurity Analyst
CertificationsRisk Management Framework (RMF), CISSP, CISACISSP, Security+
Work EnvironmentFederal agencies, DoD, government complianceCorporate, cybersecurity teams, IT departments
ResponsibilitiesAssess security controls, ensure compliance, auditMonitor security, analyze threats, implement security measures

The Security Control Assessor primarily evaluates security controls for compliance and risk management, often within government agencies. In contrast, the Security Analyst focuses on monitoring and analyzing security threats to protect organizational assets. While both roles require cybersecurity knowledge and certifications like CISSP, their focus areas and work environments differ significantly.

What is the role of a security control assessor?

A security control assessor evaluates the effectiveness of security controls implemented within an organization to ensure they meet security standards and compliance requirements. They review documentation, conduct testing, and provide recommendations for improvement, often working with frameworks like NIST or ISO. Certification such as CISSP or CISA is commonly required for this role.

What are the main challenges Security Control Assessors face when evaluating complex information systems?

Security Control Assessors often encounter challenges such as rapidly evolving security threats, integrating new technologies, and ensuring compliance with multiple frameworks (like NIST, FISMA, or RMF). Assessing large, interconnected systems requires attention to detail and strong analytical skills to identify vulnerabilities and recommend effective controls. Collaboration with system owners, IT staff, and auditors is essential to obtain comprehensive documentation and clarify system boundaries, which can be a demanding part of the assessment process.

What are Security Control Assessors?

Security Control Assessors (SCAs) are professionals responsible for evaluating the security controls of information systems to ensure they meet required standards and regulations. They conduct assessments, document findings, and provide recommendations to help organizations manage risk and achieve compliance with frameworks such as NIST or FISMA. SCAs play a critical role in maintaining the security and integrity of sensitive data by identifying vulnerabilities and verifying that corrective actions are implemented effectively.
What are the most commonly searched types of Security Control Assessor jobs in Reston, VA? The most popular types of Security Control Assessor jobs in Reston, VA are:
What are popular job titles related to Security Control Assessor jobs in Reston, VA? For Security Control Assessor jobs in Reston, VA, the most frequently searched job titles are:
What job categories do people searching Security Control Assessor jobs in Reston, VA look for? The top searched job categories for Security Control Assessor jobs in Reston, VA are:
What cities near Reston, VA are hiring for Security Control Assessor jobs? Cities near Reston, VA with the most Security Control Assessor job openings:
Infographic showing various Security Control Assessor job openings in Reston, VA as of July 2026, with employment types broken down into 3% Locum Tenens, 26% Full Time, 3% Part Time, 1% Temporary, 66% Nights, and 1% Summer. Highlights an 88% Physical, 3% Hybrid, and 9% Remote job distribution, with an average salary of $127,169 per year, or $61.1 per hour.
Security Control Assessor (Mid/Senior)

Security Control Assessor (Mid/Senior)

OneZero Solutions

Washington, DC โ€ข On-site

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

This job post hasย expired today.ย Applications are no longer accepted.


Job description

We are an employee-centric company that truly values our team members and the contributions they make to our customers and the missions they support. We pride ourselves on being forward-leaning thinkers and on building teams that are, and continue to be, technically proficient across a broad range of cyber mission areas. OneZero full-time employees receive a highly competitive benefits package, including health, dental, vision, and life insurance, a 401(k) with company matching, paid time off and holidays, an employee referral program, and educational assistance. Additional details are available on our website: https://www.onezerollc.com/careers/

Position Title:ย Security Control Assessor (Mid/Senior)

Location: On-site in a SCIF in the National Capital Region (NCR) โ€“ Nebraska Avenue Complex, Washington, DC (work locations transitioning to ICCB Bethesda / St. Elizabeths). Telework is not authorized; a designated Key Person must be available on-site during core hours

Clearance: TS/SCI

Job Summary:

The Security Control Assessor (SCA) is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).

Education and Experience:

  • Mid-level: 3-5 years of experience
  • Senior level: 7-10 years of experience
  • Degree in Computer Science or related discipline from an accredited college or University required or the equivalent (7 years') combination of education, professional training or work experience.
  • At least one of the following certifications: Security+, CAP, CASP, GSLC, CISM, CISSP

Essential Duties:

  • Assess technical, operational, and management controls
  • Document findings in Security Assessment Reports (SARs)
  • Recommend corrective actions for identified vulnerabilities
  • Validate system security plans and control implementations
  • Evaluate Authorization packages and make authorization recommendations.
  • Evaluate IS threats and vulnerabilities to determine whether additional safeguards are required.
  • Advise the Information System Security Officer (ISSO) concerning the impact levels for confidentiality, integrity, and availability for information on a system.
  • Review and approve the IS Security Control Assessment Procedures, the Security Assessment Plan (SAP), the System Security Plan (SSP), and the Security Control Traceability Matrix (SCTM).
  • Perform configuration management of a client central repository for authorization documentation (i.e., Body of Evidence (BOE)), which is maintained using an Assessment and Authorization (A&A) workflow software application.
  • Thorough knowledge of NIST 800-53 security controls and required documentation.

OneZero Solutions, LLC is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws.

To request an accommodation, please contact us at recruiting@onezerollc.com or call (202) 987-2580.