1

Security Controls Assessor Jobs in Reston, VA (NOW HIRING)

This Assessor is responsible for leading the Risk Management Engineering (RME) team in planning and ... Complete and execute a cloud Security Controls Test (SCT) plan. * Provide the final cloud analysis ...

TLA is seeking a Security Assessor for evaluating the effectiveness of security measures and controls within the organization's information systems and software applications to ensure the protection ...

TLA is seeking a Security Assessor for evaluating the effectiveness of security measures and controls within the organization's information systems and software applications to ensure the protection ...

next page

Showing results 1-20

Security Controls Assessor information

See Reston, VA salary details

$9

$61

$81

How much do security controls assessor jobs pay per hour?

As of Jul 11, 2026, the average hourly pay for security controls assessor in Reston, VA is $61.14, according to ZipRecruiter salary data. Most workers in this role earn between $52.50 and $70.77 per hour, depending on experience, location, and employer.

What are Security Controls Assessors?

Security Controls Assessors are professionals responsible for evaluating and validating the effectiveness of security controls within an organization's information systems. They conduct assessments to ensure compliance with regulatory standards, such as NIST, FISMA, or other security frameworks. Their work helps organizations identify vulnerabilities, manage risks, and maintain the confidentiality, integrity, and availability of critical data. Security Controls Assessors often provide recommendations for remediation and support efforts to achieve or maintain security certifications.

What are the key skills and qualifications needed to thrive as a Security Controls Assessor, and why are they important?

To thrive as a Security Controls Assessor, you need expertise in information security frameworks, risk assessment methodologies, and compliance requirements, often supported by a degree in cybersecurity or related fields and certifications like CISSP, CISA, or CAP. Familiarity with tools such as vulnerability scanners, security assessment platforms, and compliance management systems is typically required. Strong analytical thinking, attention to detail, and effective communication skills help you identify risks and clearly report findings to stakeholders. These skills ensure that organizations maintain robust security postures and meet regulatory requirements to protect critical assets.

What are some common challenges Security Controls Assessors face when evaluating compliance across multiple systems?

Security Controls Assessors often encounter challenges with inconsistent documentation, varying system configurations, and differing interpretations of compliance standards across departments. Coordinating with multiple teams to collect evidence and clarify control implementations can be time-consuming, especially in large organizations. Staying current with evolving regulations and ensuring all systems meet the latest requirements also demands continuous learning and adaptability. Building strong communication channels with system owners and IT staff helps overcome these hurdles and ensures thorough, accurate assessments.

What Does a Security Controls Assessor Do?

A security controls assessor (SCA) evaluates the security controls within network systems to identify vulnerabilities and recommend actions to correct problems, working either alone or as part of a team. As a security controls assessor, your duties begin with conducting an in-depth assessment of the management, operations, and technical security controls. You must analyze information and prepare reports describing the vulnerability level of the network with specific detail as to what compromises data systems. You then develop a plan to address vulnerabilities and continue to monitor the security of network systems.

What is the difference between Security Controls Assessor vs Security Analyst?

AspectSecurity Controls AssessorSecurity Analyst
CertificationsISO 27001 Lead Auditor, CISSP, CISACISSP, Security+
Work EnvironmentAssessing security controls, compliance auditsMonitoring security systems, incident response
Employer & IndustryGovernment agencies, compliance firmsCorporate IT, cybersecurity teams

The Security Controls Assessor primarily evaluates and verifies security controls for compliance, often in government or regulated environments. In contrast, a Security Analyst focuses on monitoring, analyzing, and responding to security threats within organizations. While both roles require security certifications and involve cybersecurity, their core responsibilities and work settings differ significantly.

What are popular job titles related to Security Controls Assessor jobs in Reston, VA? For Security Controls Assessor jobs in Reston, VA, the most frequently searched job titles are:
What job categories do people searching Security Controls Assessor jobs in Reston, VA look for? The top searched job categories for Security Controls Assessor jobs in Reston, VA are:
What cities near Reston, VA are hiring for Security Controls Assessor jobs? Cities near Reston, VA with the most Security Controls Assessor job openings:
Security Controls Assessor

Security Controls Assessor

Modern Technology Solutions, Inc.

Washington, DC • On-site

$180K - $220K/yr

Full-time

Medical, Retirement, PTO

Re-posted 25 days ago


Job description

Modern Technology Solutions, Inc. (MTSI) is seeking a Security Control Assessor (SCA) to support an MTSI contract with the Assistant Secretary of the Air Force, Acquisition, Technology and Logistics.
The SCA is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an Information System (IS) to determine the overall effectiveness of the controls. SCAs also provide an assessment of the severity of weaknesses or deficiencies discovered in the IS and its environment of operation and recommend corrective actions to address identified vulnerabilities. Responsibilities will cover Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities within the customer's area of responsibility.
Your essential job functions will include but may not be limited to:
  • Perform oversight of the development, implementation and evaluation of IS security program policy; special emphasis placed upon integration of existing SAP network infrastructure.
  • Perform assessment of ISs, based upon the Risk Management Framework (RMF) methodology in accordance with the Joint Special Access Program (SAP) Implementation Guide (JSIG).
  • Advise the Information System Owner (ISO), Information Data Owner (IDO), Program Security Officer (PSO), and the Delegated and/or Authorizing Official (DAO/AO) on any assessment and authorization issues.
  • Evaluate authorization packages and make recommendations to the AO and/or DAO for authorization.
  • Evaluate IS threats and vulnerabilities to determine whether additional safeguards are required.
  • Advise the Government concerning the impact levels for confidentiality, integrity, and availability for the information on a system.
  • Ensure security assessments are completed and results documented and prepare the Security Assessment Report (SAR) for the authorization boundary.
  • Initiate a Plan of Action and Milestones (POA&M) with identified weaknesses for each authorization boundary assessed, based on findings and recommendations from the SAR.
  • Evaluate security assessment documentation and provide written recommendations for security authorization to the Government.
  • Assess proposed changes to authorization boundaries operating environment and mission needs to determine the continuation to operate.
  • Review and concur with all sanitization and clearing procedures in accordance with Government guidance and/or policy.
  • Assist the Government compliance inspections.
  • Assist the Government with security incidents that relate to cybersecurity and ensure that the proper and corrective measures have been taken.
  • Evaluate hardware and software to determine security impact that it might have on authorization boundaries.
  • Evaluate the effectiveness and implementation of Continuous Monitoring Plans.

Required:
  • 10 years related experience required; 9 years' highly desired.
  • Prior performance in roles such as System, Network Administrator or ISSO
  • Minimum of 2 years' experience in SAP, SCI or Collateral Information Systems (IS) Security and the implementation of regulations identified in the description of duties.
  • Prior performance in the role of ISSO and ISSM.

Education Requirements:
  • Bachelor's Degree in Computer Science, Computer Engineering or a related field

Clearance Requirements:
  • Current/active Top Secret/SCI; Current or recent DoD SAP access
  • Subject to a Counterintelligence (CI) polygraph

The pay range for this position is $180,000/year to $220,000/year; however, base pay offered may vary depending on established government contract ranges, job-related knowledge, skills, and experience, and other factors. MTSI offers a full range of medical benefits, 401k, ESOP, paid time off, and other benefits, dependent on the position offered. Base pay information is based on market location. Applications will be accepted on an ongoing basis. This posting will be renewed periodically until the position is filled.
#LI-LS1
#mtsi
#lawrenciumsaskatchewantrout
#LI-Onsite