Senior Security Control Assessor Representative​/Systems Security Engineer Arlington, VA

(676) Senior Security Control Assessor Representative/Systems Security Engineer

Arlington, VA

The Department of War’s (DoW) Chief Digital and Artificial Intelligence Office (CDAO) is at the forefront of supporting the DoW with the adoption of innovative technologies such as data, analytics, and artificial intelligence to help accelerate predictions, forecasts, and interpretations for both strategic and tactical decisions across the enterprise. These ground‑breaking endeavors bring new challenges to the assessment of DoW IT systems that previously did not exist.

The Security Control Assessor (SCA) plays a pivotal role in comprehensively understanding the cybersecurity posture of a given capability within CDAO. The Senior SCA provides authoritative risk determinations and recommendations critical for the Authorizing Official (AO) to grant an Authority to Operate (ATO). Their assessments integrate technical rigor with regulatory compliance, ensuring a robust security posture and informing strategic decision‑making.

SCARs must go beyond a mere compliance focus on controls to articulate the inherent risks of systems.

Success in this position requires expertise in statutory guidance such as the NIST 800 series including SP 800‑160, DoDI 5000.88, DoDI 8500.01, DoD 8140.03, ISO 27001, COBIT, DoD RMF, along with current cybersecurity best practices. In addition, success in this role requires strong networking fundamentals and the ability to understand and interpret network and system architecture diagrams/topologies to assess security impacts across the environment.

The Senior SCAR should also possess foundational knowledge of cloud technologies, architecture, and a working understanding of Dev Sec Ops  practices and CI/CD pipelines to evaluate how security is integrated into modern delivery and operational processes.

• Provide the AO with an independent risk assessment of assigned systems and an authorization.
• Recommend risks and controls to the AO.
• Advise Program Managers on AO determination utilizing OVL documentation.
• Provide senior advisory support to CDAO AO regarding authorizations of CDAO capabilities.
• Utilize expert knowledge and experience regarding risk management strategies.
• Provide support regarding the agile authorization and OVL processes.
• Provide independent risk analysis and recommendation.
• Collaborate between the AO and the program as well as Program leadership.
• Identify the security baseline based on the mission and security impacts to the system.
• Determine assessment criteria, develop, review, and create a plan to assess the security requirements.
• Assess the security requirements in accordance with the assessment procedures defined in the Security.
• Prepare the Security Assessment Report (SAR).
• Monitor POAM actions based on findings and reassess remediated risk(s) as appropriate.
• Develop the Risk Recommendation and AO Determination Brief.
• Develop a system‑level continuous monitoring strategy.
• Author and present briefs regarding status of authorizations to AO and other senior Government officials.
• Provide security architecture and DoD compliance advisory support.
• Perform other duties as assigned or required.
• Have a strong background in information security systems management (ISSM), risk management, and governance, risk and compliance (GRC).
• Strong clients focus and commitment to continuous improvement, ability to proactively network and establish relationships.
• Manage multiple priorities in a high‑paced and fast‑changing environment.
• Experience supporting and assessing risks within a CI/CD Dev Sec Ops  environment. Key areas of experience would include data mesh, data orchestration, control gates review, and vulnerability management within a pipeline.
• Expansive knowledge with integrating IaaS, PaaS, and SaaS offerings into government cloud environments (i.e. AWS, AZURE & GCP). Experience would include cloud computing, cloud storage, cloud native solutions, cloud data transfer, Cross Domain Solutions, and cloud networking.
• Experience assessing STIGs, Cloud Compliance Guides, Shares responsibility models, and System Mission Owner responsibilities…