×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Security Control Assessor; SCA

Job in Arlington, Arlington County, Virginia, 22201, USA
Listing for: Apavo
Full Time position
Listed on 2026-01-01
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Position: Security Control Assessor (SCA)

Description

Job Title: Security Control Assessor

Location: On-site in Arlington, VA

Department: Cyber Security Services

Reports To: Management

FLSA Status: Full Time/Non-exempt

Apavo is at the forefront of cybersecurity, providing services to military, defense, and critical infrastructure industries. Joining the Apavo team means becoming part of a company rooted in the principles of quality and communication. We value positive, candid interactions and the belief that everyone has valuable contributions to make. Apavo stands out for its commitment to a work-life balance and fostering a growth mindset among all team members.

If you are looking to make a meaningful impact in the cybersecurity world while growing professionally in a supportive environment, Apavo is the place for you.

Job Purpose

The security control assessor (SCAs) supports a critical, objective role to evaluate the effectiveness of implemented controls in mitigating security risks. The SCA will support a critical mission within the intelligence community. In the role as a SCA, you are expected to use automated scanning tools, manual techniques, and specialized testing methodologies to identify weaknesses and vulnerabilities. The SCA is expected to be a collaborative member of the RMF program of the organization, to provide intelligent input to system security architectures in order to align with RMF principles and guidelines.

This includes ensuring to guide the RMF process so that security controls are integrated seamlessly into system designs to provide comprehensive protection against threats and vulnerabilities.

This role supports a long‑term contract (currently in year 4 of 10) within the Intelligence Community.

Duties & Responsibilities

The SCA's specific duties include:

  • Advise the Information System Owner (ISO) concerning the impact levels for Confidentiality, Integrity, and Availability for the information on systems.
  • Ensure security assessments are completed for each IS.
  • Initiate a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR.
  • Evaluate security assessment documentation and provide written recommendations for security authorization to the CISO and AO.
  • Assess proposed changes to Information Systems, their environment of operation, and mission needs that could affect system authorization.
  • Serve as a cybersecurity technical advisor to the CISO and AO under their purview.
  • Be integral to the development of the monitoring strategy. The system‑level continuous monitoring strategy must conform to all applicable published DoD enterprise‑level or DoD Component‑level continuous monitoring strategies.
  • Determine and document in the SAR a risk level for every noncompliant security control in the system baseline.
  • Determine and document in the SAR an aggregate level of risk to the system and identify the key drivers for the assessment. The SCA's risk assessment considers threats, vulnerabilities, and potential impacts as well as existing and planned risk mitigation.
  • Develop the continuous monitoring plan specific to the information system.

The SCA is responsible for the RMF deliverables associated with Step 4 of DOD and IC RMF Policies for assigned systems. This includes, but is not limited to:

  • Security Assessment Plans (SAP) tailored to specific systems control requirements
  • Security control assessment input, which includes narratives for the review of controls and artifacts
  • Security Assessment Reports (SAR)
  • ATO recommendations or ATO with Condition Memorandums
  • Conduct initial remediation actions once a security assessment has been completed to ensure proper hand‑off to the ISSM and ISSOs.
  • Assessment of selected controls IAW continuous monitoring strategy

The SCA is expected to have additional duties as assigned in support of corporate cyber security services. Additional details are reviewed in accordance with company policies.

Required Skills & Experience
  • Strong knowledge of Risk Management Framework (RMF) 800-37 and continuous monitoring 800-137
  • Expert knowledge and hands‑on experience with FISMA Systems, NIST 800‑series guidelines, FIPS, Security Assessment & Authorization (SA&A) requirements…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search