Security Control Assessor, Senior

Security Control Assessor, Senior

Conduct independent assessments of management, operational, and technical security controls for client information systems in accordance with the NIST Risk Management Framework (RMF). Evaluate General Support Systems (GSS) and applications using manual and automated methods to verify proper security control implementation and configuration. Assess the effectiveness of security controls, identify weaknesses, evaluate vulnerability severity, and deliver actionable recommendations. Create and review Security Control Assessment (SCA) artifacts, including the Security Assessment Plan (SAP), Security Assessment Report (SAR), and Security Configuration Report (SCR).

• Conduct independent assessments of management, operational, and technical security controls for client information systems in accordance with the NIST Risk Management Framework (RMF).
• Perform technical evaluations of General Support Systems (GSS) and applications using both manual and automated methods.
• Assess effectiveness of security controls, identify weaknesses, and evaluate the severity of vulnerabilities across the system and its operating environment.
• Develop and deliver actionable recommendations for corrective measures.
• Create and review all Security Control Assessment (SCA) artifacts, including the Security Assessment Plan (SAP), Security Assessment Report (SAR), and Security Configuration Report (SCR).

• 5+ years performing security assessments of federal systems to ensure compliance with NIST SP 800‑53 Rev. 5, NIST SP 800‑37 Rev. 1, and agency-specific requirements.
• Experience conducting vulnerability assessments and analyzing scan results using Tenable Nessus, Web Inspect, and Fortify.
• Experience performing manual and automated configuration compliance assessments using Tenable Nessus and STIGs, including analysis of compliance findings.
• Experience working with POA & Ms, including drafting detailed vulnerability descriptions, impact analyses, and risk mitigation strategies, and supporting RMF Steps 4‑6 (Assess, Authorize, and Monitor) for federal applications and GSSs.
• Experience assessing IT infrastructure such as network appliances, firewalls, IDS/IPS, or end‑user devices for vulnerabilities and configuration compliance.
• Knowledge of cybersecurity principles for managing risks associated with processing, storing, and transmitting information.
• Ability to develop clear, comprehensive documentation.
• Ability to obtain or currently hold a Secret clearance.
• Bachelor’s degree in Computer Science, Information Technology, or Engineering.
• Certifications:
  
  CISSP, CISA, CAP, or GSNA.

• Knowledge of security principles and risk considerations for Industrial Control Systems (ICS).
• Knowledge of network security architecture, including topologies, protocols, components, and defense‑in‑depth principles.
• Excellent communication skills.

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work‑life programs, and dependent care. A recognition awards program acknowledges employees for exceptional performance.

The projected compensation range for this position is $99,000.00 to $ (annualized USD). The salary range represents one component of Booz Allen’s total compensation package.

• Remote – The position may require in‑person work at a Booz Allen or customer facility.
• Hybrid – Expect frequent work from a Booz Allen facility, with visits to customer sites as needed.
• Onsite – Work primarily performed at a Booz Allen office or customer facility.

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran, or any other status protected by applicable federal, state, local, or international law.