1

Security Controls Assessor Jobs in Springfield, VA

TLA is seeking a Security Assessor for evaluating the effectiveness of security measures and controls within the organization's information systems and software applications to ensure the protection ...

TLA is seeking a Security Assessor for evaluating the effectiveness of security measures and controls within the organization's information systems and software applications to ensure the protection ...

Assess the effectiveness of security controls in information systems * Conduct security control ... testing and evaluations * Identify security gaps and vulnerabilities in systems * Collaborate with ...

Assess the effectiveness of security controls in information systems * Conduct security control ... testing and evaluations * Identify security gaps and vulnerabilities in systems * Collaborate with ...

Assess the effectiveness of security controls in information systems * Conduct security control ... testing and evaluations * Identify security gaps and vulnerabilities in systems * Collaborate with ...

next page

Showing results 1-20

Security Controls Assessor information

See Springfield, VA salary details

$9

$61

$82

How much do security controls assessor jobs pay per hour?

As of Jul 15, 2026, the average hourly pay for security controls assessor in Springfield, VA is $61.72, according to ZipRecruiter salary data. Most workers in this role earn between $53.03 and $71.44 per hour, depending on experience, location, and employer.

What are Security Controls Assessors?

Security Controls Assessors are professionals responsible for evaluating and validating the effectiveness of security controls within an organization's information systems. They conduct assessments to ensure compliance with regulatory standards, such as NIST, FISMA, or other security frameworks. Their work helps organizations identify vulnerabilities, manage risks, and maintain the confidentiality, integrity, and availability of critical data. Security Controls Assessors often provide recommendations for remediation and support efforts to achieve or maintain security certifications.

What are the key skills and qualifications needed to thrive as a Security Controls Assessor, and why are they important?

To thrive as a Security Controls Assessor, you need expertise in information security frameworks, risk assessment methodologies, and compliance requirements, often supported by a degree in cybersecurity or related fields and certifications like CISSP, CISA, or CAP. Familiarity with tools such as vulnerability scanners, security assessment platforms, and compliance management systems is typically required. Strong analytical thinking, attention to detail, and effective communication skills help you identify risks and clearly report findings to stakeholders. These skills ensure that organizations maintain robust security postures and meet regulatory requirements to protect critical assets.

What are some common challenges Security Controls Assessors face when evaluating compliance across multiple systems?

Security Controls Assessors often encounter challenges with inconsistent documentation, varying system configurations, and differing interpretations of compliance standards across departments. Coordinating with multiple teams to collect evidence and clarify control implementations can be time-consuming, especially in large organizations. Staying current with evolving regulations and ensuring all systems meet the latest requirements also demands continuous learning and adaptability. Building strong communication channels with system owners and IT staff helps overcome these hurdles and ensures thorough, accurate assessments.

What Does a Security Controls Assessor Do?

A security controls assessor (SCA) evaluates the security controls within network systems to identify vulnerabilities and recommend actions to correct problems, working either alone or as part of a team. As a security controls assessor, your duties begin with conducting an in-depth assessment of the management, operations, and technical security controls. You must analyze information and prepare reports describing the vulnerability level of the network with specific detail as to what compromises data systems. You then develop a plan to address vulnerabilities and continue to monitor the security of network systems.

What is the difference between Security Controls Assessor vs Security Analyst?

AspectSecurity Controls AssessorSecurity Analyst
CertificationsISO 27001 Lead Auditor, CISSP, CISACISSP, Security+
Work EnvironmentAssessing security controls, compliance auditsMonitoring security systems, incident response
Employer & IndustryGovernment agencies, compliance firmsCorporate IT, cybersecurity teams

The Security Controls Assessor primarily evaluates and verifies security controls for compliance, often in government or regulated environments. In contrast, a Security Analyst focuses on monitoring, analyzing, and responding to security threats within organizations. While both roles require security certifications and involve cybersecurity, their core responsibilities and work settings differ significantly.

What are popular job titles related to Security Controls Assessor jobs in Springfield, VA? For Security Controls Assessor jobs in Springfield, VA, the most frequently searched job titles are:
What job categories do people searching Security Controls Assessor jobs in Springfield, VA look for? The top searched job categories for Security Controls Assessor jobs in Springfield, VA are:
What cities near Springfield, VA are hiring for Security Controls Assessor jobs? Cities near Springfield, VA with the most Security Controls Assessor job openings:

Security Assessor

TLA-LLC

Mclean, VA • On-site

Full-time

Medical, Dental, Vision, Retirement, PTO

Posted 29 days ago


Job description

TLA is seeking a Security Assessor for evaluating the effectiveness of security measures and controls within the organization's information systems and software applications to ensure the protection of data and compliance with industry standards and regulations. This role involves conducting comprehensive assessments, identifying vulnerabilities and security risks, and working with IT and development teams to recommend and validate remediation strategies. The ideal candidate possesses a deep understanding of cybersecurity principles, risk management frameworks, and the ability to communicate complex information clearly to technical and non-technical stakeholders.
Key Responsibilities
Conduct Security Assessments: Perform in-depth evaluations and testing of management, operational, and technical security controls across various systems, networks, and software applications.
Identify Vulnerabilities and Risks: Utilize assessment tools and manual techniques (e.g., vulnerability scanning, penetration testing, code review) to identify security weaknesses, document findings, and assess the severity of risk.
Documentation and Reporting: Prepare detailed documentation, including Security Assessment Plans (SAP), Security Assessment Reports (SAR), and Plans of Action and Milestones (POA&Ms), for identified weaknesses and deficiencies.
Ensure Compliance: Verify and validate that systems and processes meet established security requirements and industry-specific regulations and frameworks (e.g., NIST, ISO 27001, PCI DSS, HIPAA, FedRAMP).
Remediation and Collaboration: Collaborate with system owners, IT teams, and developers to recommend corrective actions, provide guidance on secure practices, and ensure the proper implementation of mitigation strategies.
Continuous Monitoring: Support the development and implementation of a continuous monitoring strategy and assess proposed changes to information systems that could affect their security posture.
Stay Current: Monitor and analyze security trends, threats, and new technologies to stay updated on emerging risks and mitigation techniques.
Requirements
Education: A Bachelor's degree in Computer Science, Information Security, Information Systems, or a related field, or equivalent work experience.
Experience: A minimum of 3-5 years of experience in cybersecurity, risk management, or security assessment/auditing roles.
Technical Knowledge: Strong knowledge of cybersecurity principles, network protocols, operating systems, and web application security.
Frameworks and Guidelines: In-depth understanding and practical experience with security frameworks and guidelines such as the NIST 800-series (e.g., RMF, NIST 800-53/53A, FIPS), ISO 27001, or similar.
Assessment Tools: Proficiency in using security assessment and vulnerability scanning tools (e.g., Nessus, Burp Suite, OWASP ZAP).
Analytical Skills: Excellent problem-solving, analytical, and critical thinking skills with strong attention to detail.
Communication: Strong written and verbal communication skills to prepare reports, present findings, and advise diverse stakeholders effectively.
Preferred Certifications
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Authorization Professional (CAP)
• Certified Information Systems Auditor (CISA)
• Offensive Security Certified Professional (OSCP) or Certified Ethical Hacker (CEH) (if applicable to the specific role's focus on penetration testing)
Qualified Security Assessor (QSA) (for roles specifically focused on PCI DSS compliance).
Benefits
At TLA, we build solutions that matter-supporting national security missions through technology innovation, collaboration, and excellence. Our team is passionate about leveraging modern technologies to deliver impactful, mission-focused outcomes for our customers.
We offer a competitive and comprehensive benefits package including:
  • Competitive salary and performance bonuses
  • Medical, dental, and vision coverage
  • Paid time off and federal holidays
  • 401(k) with company match
  • Education and certification reimbursement
  • Training and professional development opportunities
  • Employee referral bonuses and team events

TLA is proud to be an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.