1

Security Control Assessor Jobs (NOW HIRING)

Security Control Assessor

Washington, DC ยท On-site

$165K - $185K/yr

Job Title Security Control Assessor The most security-conscious organizations trust Telos Corporation to protect their vital IT assets. The reputation of our company rests on the quality of our ...

Security Control Assessor (SCA) LOCATION Chantilly, VA 20151 CLEARANCE TS/SCI Full Poly (Please note this position requires full U.S. Citizenship) KEY SUMMARY We are seeking a meticulous and detail ...

Security Control Assessor (SCA) LOCATION San Antonio, TX 78208 CLEARANCE TS/SCI Full Poly (Please note this position requires full U.S. Citizenship) KEY SUMMARY We are seeking a meticulous and detail ...

Security Control Assessor (SCA) LOCATION Aurora, CO 80014 CLEARANCE TS/SCI Full Poly (Please note this position requires full U.S. Citizenship) KEY SUMMARY We are seeking a meticulous and detail ...

Security Control Assessor (SCA) LOCATION Honolulu, HI 96815 CLEARANCE TS/SCI Full Poly (Please note this position requires full U.S. Citizenship) KEY SUMMARY We are seeking a meticulous and detail ...

Security Control Assessor (SCA) LOCATION Reston, VA 20190 CLEARANCE TS/SCI Full Poly (Please note this position requires full U.S. Citizenship) KEY SUMMARY We are seeking a meticulous and detail ...

Security Control Assessor (SCA) LOCATION Tysons, VA 22182 CLEARANCE TS/SCI Full Poly (Please note this position requires full U.S. Citizenship) KEY SUMMARY We are seeking a meticulous and detail ...

POSITION OVERVIEW As a Security Control Assessor, you will play a key role in conducting Security Control Assessments at various government sites, with approximately 85% of your time on travel ...

next page

Showing results 1-20

Security Control Assessor information

See salary details

$8

$58

$78

How much do security control assessor jobs pay per hour?

As of Jul 12, 2026, the average hourly pay for security control assessor in the United States is $58.77, according to ZipRecruiter salary data. Most workers in this role earn between $50.48 and $68.03 per hour, depending on experience, location, and employer.

Can you make $500,000 a year in cyber security?

Security Control Assessors typically earn salaries ranging from $70,000 to $150,000 annually, depending on experience, certifications, and location. Reaching a $500,000 annual salary in cybersecurity generally requires senior roles, specialized expertise, management positions, or consulting work with high-value contracts.

Is SOC an entry level job?

A Security Control Assessor (SOC) role is typically not entry-level; it usually requires prior experience in cybersecurity, knowledge of security frameworks, and relevant certifications such as CISSP or Security+. Entry-level positions in cybersecurity may include roles like Security Analyst or Technician, with SOC roles often requiring more specialized skills and experience. However, some organizations offer junior or trainee SOC positions for those starting their cybersecurity careers.

What are the key skills and qualifications needed to thrive as a Security Control Assessor, and why are they important?

To thrive as a Security Control Assessor, you need expertise in information security principles, risk management frameworks like NIST RMF, and a relevant bachelor's degree or equivalent work experience. Familiarity with security assessment tools, compliance management systems, and certifications such as CISSP, CISA, or CAP is typically required. Strong analytical thinking, attention to detail, and effective communication are crucial for evaluating security controls and reporting findings clearly. These skills ensure accurate risk assessments, regulatory compliance, and robust protection of organizational information assets.

What skills do you need to be a security control assessor?

A security control assessor needs strong knowledge of cybersecurity frameworks, risk management, and security controls. Skills in analyzing security policies, conducting assessments, and familiarity with tools like NIST, ISO standards, and vulnerability scanning are essential. Certifications such as CISSP or CISA can also enhance qualifications.

What is the difference between Security Control Assessor vs Security Analyst?

AspectSecurity Control AssessorSecurity Analyst
CertificationsRisk Management Framework (RMF), CISSP, CISACISSP, Security+
Work EnvironmentFederal agencies, DoD, government complianceCorporate, cybersecurity teams, IT departments
ResponsibilitiesAssess security controls, ensure compliance, auditMonitor security, analyze threats, implement security measures

The Security Control Assessor primarily evaluates security controls for compliance and risk management, often within government agencies. In contrast, the Security Analyst focuses on monitoring and analyzing security threats to protect organizational assets. While both roles require cybersecurity knowledge and certifications like CISSP, their focus areas and work environments differ significantly.

What is the role of a security control assessor?

A security control assessor evaluates the effectiveness of security controls implemented within an organization to ensure they meet security standards and compliance requirements. They review documentation, conduct testing, and provide recommendations for improvement, often working with frameworks like NIST or ISO. Certification such as CISSP or CISA is commonly required for this role.

What are the main challenges Security Control Assessors face when evaluating complex information systems?

Security Control Assessors often encounter challenges such as rapidly evolving security threats, integrating new technologies, and ensuring compliance with multiple frameworks (like NIST, FISMA, or RMF). Assessing large, interconnected systems requires attention to detail and strong analytical skills to identify vulnerabilities and recommend effective controls. Collaboration with system owners, IT staff, and auditors is essential to obtain comprehensive documentation and clarify system boundaries, which can be a demanding part of the assessment process.

What are Security Control Assessors?

Security Control Assessors (SCAs) are professionals responsible for evaluating the security controls of information systems to ensure they meet required standards and regulations. They conduct assessments, document findings, and provide recommendations to help organizations manage risk and achieve compliance with frameworks such as NIST or FISMA. SCAs play a critical role in maintaining the security and integrity of sensitive data by identifying vulnerabilities and verifying that corrective actions are implemented effectively.
More about Security Control Assessor jobs
What cities are hiring for Security Control Assessor jobs? Cities with the most Security Control Assessor job openings:
What are the most commonly searched types of Security Control Assessor jobs? The most popular types of Security Control Assessor jobs are:
What states have the most Security Control Assessor jobs? States with the most job openings for Security Control Assessor jobs include:
What job categories do people searching Security Control Assessor jobs look for? The top searched job categories for Security Control Assessor jobs are:
Infographic showing various Security Control Assessor job openings in the United States as of July 2026, with employment types broken down into 3% Locum Tenens, 26% Full Time, 2% Part Time, 1% Temporary, 1% Contract, and 67% Nights. Highlights an 89% Physical, 2% Hybrid, and 9% Remote job distribution, with an average salary of $122,236 per year, or $58.8 per hour.
(684) Security Control Assessor

(684) Security Control Assessor

Arlo Solutions LLC

Washington, DC โ€ข On-site

Full-time

Re-posted 20 days ago


Job description

Company Summary
Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future.
Position Description:
The Security Control Assessor (SCA) will be responsible for evaluating and assessing the security controls of Defense Security Cooperation Agency's (DSCA) information systems. This role involves conducting comprehensive assessments to ensure compliance with federal cybersecurity standards and providing recommendations to improve the agency's security posture.
Clearance: Active Secret Clearance
Work Location: Washington DC
Responsibilities and/or Success Factors:
  • Conduct thorough assessments of security controls on DSCA's information systems and networks to ensure compliance with federal regulations, including NIST, FISMA, and DoD directives.
  • Develop and maintain assessment documentation, including Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms).
  • Perform risk assessments to identify potential security threats and vulnerabilities.
  • Provide detailed recommendations to mitigate identified risks and enhance the security posture of DSCA's information systems.
  • Collaborate with system owners, IT staff, and cybersecurity teams to ensure effective implementation of security controls.
  • Conduct continuous monitoring activities to ensure ongoing compliance with security policies and procedures.
  • Provide guidance on the security assessment and authorization (A&A) process, including developing and maintaining System Security Plans (SSPs).
  • Assist in the development and delivery of cybersecurity training and awareness programs for DSCA personnel.
  • Stay current with the latest cybersecurity threats, trends, and technologies to continuously improve assessment methodologies and practices.
  • Participate in security audits and reviews to ensure adherence to established security standards and best practices.

Minimum Qualifications Including Certificates:
  • Must be a US Citizen.
  • Must have a Secret Clearance
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (Master's degree preferred).
  • Minimum of 5 years of experience in information security, with a focus on security control assessment and risk management.
  • Certifications such as CISSP, CISM, CISA, CAP, or equivalent are highly desirable.
  • In-depth knowledge of federal cybersecurity regulations and standards, including NIST SP 800 series and FISMA.
  • Proven experience in conducting security control assessments and developing security assessment documentation.
  • Excellent analytical, problem-solving, and decision-making skills.
  • Strong communication and interpersonal skills, with the ability to effectively communicate complex cybersecurity concepts to technical and non-technical stakeholders.
  • Ability to work independently and collaboratively in a fast-paced environment.

Desired Qualifications:
  • eMASS, cloud, STIGS experience

AAP Statement
We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.