1

Security Controls Assessor Jobs in Reston, VA (NOW HIRING)

Assess the effectiveness of security controls in information systems * Conduct security control ... testing and evaluations * Identify security gaps and vulnerabilities in systems * Collaborate with ...

Assess the effectiveness of security controls in information systems * Conduct security control ... testing and evaluations * Identify security gaps and vulnerabilities in systems * Collaborate with ...

Assess the effectiveness of security controls in information systems * Conduct security control ... testing and evaluations * Identify security gaps and vulnerabilities in systems * Collaborate with ...

Leidos is seeking mid- to senior-level Security Control Assessors to join our SCA team. This ... Validate cybersecurity controls, TTPs, STIGs, RMF controls, and compliance with DoD policies and ...

next page

Showing results 1-20

Security Controls Assessor information

See Reston, VA salary details

$9

$61

$81

How much do security controls assessor jobs pay per hour?

As of Jul 14, 2026, the average hourly pay for security controls assessor in Reston, VA is $61.14, according to ZipRecruiter salary data. Most workers in this role earn between $52.50 and $70.77 per hour, depending on experience, location, and employer.

What are Security Controls Assessors?

Security Controls Assessors are professionals responsible for evaluating and validating the effectiveness of security controls within an organization's information systems. They conduct assessments to ensure compliance with regulatory standards, such as NIST, FISMA, or other security frameworks. Their work helps organizations identify vulnerabilities, manage risks, and maintain the confidentiality, integrity, and availability of critical data. Security Controls Assessors often provide recommendations for remediation and support efforts to achieve or maintain security certifications.

What are the key skills and qualifications needed to thrive as a Security Controls Assessor, and why are they important?

To thrive as a Security Controls Assessor, you need expertise in information security frameworks, risk assessment methodologies, and compliance requirements, often supported by a degree in cybersecurity or related fields and certifications like CISSP, CISA, or CAP. Familiarity with tools such as vulnerability scanners, security assessment platforms, and compliance management systems is typically required. Strong analytical thinking, attention to detail, and effective communication skills help you identify risks and clearly report findings to stakeholders. These skills ensure that organizations maintain robust security postures and meet regulatory requirements to protect critical assets.

What are some common challenges Security Controls Assessors face when evaluating compliance across multiple systems?

Security Controls Assessors often encounter challenges with inconsistent documentation, varying system configurations, and differing interpretations of compliance standards across departments. Coordinating with multiple teams to collect evidence and clarify control implementations can be time-consuming, especially in large organizations. Staying current with evolving regulations and ensuring all systems meet the latest requirements also demands continuous learning and adaptability. Building strong communication channels with system owners and IT staff helps overcome these hurdles and ensures thorough, accurate assessments.

What Does a Security Controls Assessor Do?

A security controls assessor (SCA) evaluates the security controls within network systems to identify vulnerabilities and recommend actions to correct problems, working either alone or as part of a team. As a security controls assessor, your duties begin with conducting an in-depth assessment of the management, operations, and technical security controls. You must analyze information and prepare reports describing the vulnerability level of the network with specific detail as to what compromises data systems. You then develop a plan to address vulnerabilities and continue to monitor the security of network systems.

What is the difference between Security Controls Assessor vs Security Analyst?

AspectSecurity Controls AssessorSecurity Analyst
CertificationsISO 27001 Lead Auditor, CISSP, CISACISSP, Security+
Work EnvironmentAssessing security controls, compliance auditsMonitoring security systems, incident response
Employer & IndustryGovernment agencies, compliance firmsCorporate IT, cybersecurity teams

The Security Controls Assessor primarily evaluates and verifies security controls for compliance, often in government or regulated environments. In contrast, a Security Analyst focuses on monitoring, analyzing, and responding to security threats within organizations. While both roles require security certifications and involve cybersecurity, their core responsibilities and work settings differ significantly.

What are popular job titles related to Security Controls Assessor jobs in Reston, VA? For Security Controls Assessor jobs in Reston, VA, the most frequently searched job titles are:
What job categories do people searching Security Controls Assessor jobs in Reston, VA look for? The top searched job categories for Security Controls Assessor jobs in Reston, VA are:
What cities near Reston, VA are hiring for Security Controls Assessor jobs? Cities near Reston, VA with the most Security Controls Assessor job openings:
(684) Security Control Assessor

(684) Security Control Assessor

Arlo Solutions LLC

Washington, DC • On-site

Other

Posted 23 days ago


Job description

Position Description:

The Security Control Assessor (SCA) will be responsible for evaluating and assessing the security controls of Defense Security Cooperation Agency's (DSCA) information systems. This role involves conducting comprehensive assessments to ensure compliance with federal cybersecurity standards and providing recommendations to improve the agency's security posture.

Clearance:  Active Secret Clearance

Work Location:  Washington DC

Responsibilities and/or Success Factors: 

  • Conduct thorough assessments of security controls on DSCA's information systems and networks to ensure compliance with federal regulations, including NIST, FISMA, and DoD directives. 
  • Develop and maintain assessment documentation, including Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms). 
  • Perform risk assessments to identify potential security threats and vulnerabilities. 
  • Provide detailed recommendations to mitigate identified risks and enhance the security posture of DSCA's information systems. 
  • Collaborate with system owners, IT staff, and cybersecurity teams to ensure effective implementation of security controls. 
  • Conduct continuous monitoring activities to ensure ongoing compliance with security policies and procedures. 
  • Provide guidance on the security assessment and authorization (A&A) process, including developing and maintaining System Security Plans (SSPs).
  • Assist in the development and delivery of cybersecurity training and awareness programs for DSCA personnel. 
  • Stay current with the latest cybersecurity threats, trends, and technologies to continuously improve assessment methodologies and practices. 
  • Participate in security audits and reviews to ensure adherence to established security standards and best practices.


Minimum Qualifications Including Certificates:

  • Must be a US Citizen. 
  • Must have a Secret Clearance 
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (Master's degree preferred). 
  • Minimum of 5 years of experience in information security, with a focus on security control assessment and risk management. 
  • Certifications such as CISSP, CISM, CISA, CAP, or equivalent are highly desirable. 
  • In-depth knowledge of federal cybersecurity regulations and standards, including NIST SP 800 series and FISMA. 
  • Proven experience in conducting security control assessments and developing security assessment documentation. 
  • Excellent analytical, problem-solving, and decision-making skills. 
  • Strong communication and interpersonal skills, with the ability to effectively communicate complex cybersecurity concepts to technical and non-technical stakeholders. 
  • Ability to work independently and collaboratively in a fast-paced environment.

Desired Qualifications: 

  • eMASS, cloud, STIGS experience