Security Control Assessor Security Clearance
Job in
Fort Belvoir, Fairfax County, Virginia, 22060, USA
Listed on 2026-07-10
Listing for:
22nd Century Technologies, Inc.
Full Time
position Listed on 2026-07-10
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, Systems Engineer, IT Consultant
Job Description & How to Apply Below
Job Title:
Security Control Assessor
Location:
Fort Belvoir, VA 22060
Duration:
Long-term Certification: IAT Level III Clearance:
Active Top Secret Clearance The Contractor shall provide RMF Assessment and Authorization (A&A) or Assess Only services on multiple security domains and classifications. The Contractor shall provide
• Army A&A or Assess Only services as a Security Control Assessor – Validator (SCA-V) IAW Army cybersecurity policies.
• At a minimum, the Contractor shall have knowledge and experience with Windows Server and Workstation, Architecture and Active Directory, Linux/Unix OS, cloud technologies, network architecture, databases, coding principle, eMASS, vulnerability management tools, virtual environments, containerization technologies/platforms, Dev Sec Ops principles, and code scanning tools.
• The Contractor shall follow the NETCOM SCA TTP and applicable guidance to measure risk, compliance, and assurance, and shall implement an independent cybersecurity auditing process for application software/networks/systems, perform validation steps, compare actual results with expected results, and analyze the differences to identify impact and risks. The Contractor shall:
• Receive and complete a comprehensive assessment of A&A or Assess Only eMASS packages.
• Assist the A&A or Assess Only activity and ensure that a thorough validation occurs on all elements and security controls within eMASS.
• Complete the eMASS with the results from the assessment for each security control. [
NOTE:
The results shall include sufficient detail to identify the compliance or non-compliance of the security control.]
• Complete the Risk Assessment Report (RAR) eMASS module for each non-compliant security control. The Contractor shall have knowledge and experience with:
• A&A and Assess Only processes.
• Risk management processes.
• The current concepts and capabilities of cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.
• Known vulnerabilities from alerts, advisories, and bulletins
• The Contractor shall employ automated tools, including ACAS and software scanning tools, such as Fortify, Sonar Qube, and Twistlock, to evaluate a system’s security status and compliance with DISA STIGs in containerized and virtual environments. The Contractor shall also be able to evaluate systems that do not have these tools for emerging technologies, such as Cloud and Tactical systems.
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×