Security Control Assessor

Job Title: Security Control Assessor

Location: Silver Spring, MD

This position is contingent upon contract award.

Clearance Required: None

Salary Range: $80K – $110K

Final date to receive applications: June 30, 2026

IBSS Corporation is seeking a qualified Security Control Assessor to support Authorization Services for the National Oceanic and Atmospheric Administration (NOAA). In this role, you will perform an independent Federal Information Security Modernization Act (FISMA) assessment to evaluate a Moderate/Moderate/Moderate FISMA system with High Value Asset (HVA) and Privacy overlays. You will be responsible for evaluating security and privacy controls to ensure compliance with Department of Commerce (DOC) and NOAA IT policies, as well as National Institute of Standards and Technology (NIST) requirements.

Ultimately, your assessment findings will directly support and inform an Authority to Operate (ATO) recommendation.

• Conduct full security and privacy control assessments covering 100 percent of the System Security Plan (SSP) identified controls.
• Ensure all assessment activities comply with FISMA, the Privacy Act, FIPS 200, NIST publications (specifically the NIST 800 Series), and DOC/NOAA cybersecurity mandates.
• Develop, review, and evaluate essential security assessment outputs, including a Security Assessment Plan (SAP), Security Requirements Traceability Matrix (SRTM), Penetration Testing Report (PTR), Security Assessment Report (SAR), Risk Assessment Report (RAR), and Assessment Findings Report (AFR).
• Evaluate technical vulnerabilities, vulnerability scan results, and penetration test findings to translate them into actionable business risks. Evaluate Plans of Action and Milestones (POA&M) for completeness and adequacy of closure evidence.
• Conduct Assessment Results Briefings (ARB) to present findings, vulnerability risks, and ATO recommendations to Authorizing Officials (AO), Co-AOs, System Owners, and Information System Security Officers (ISSO).

• Must be a U.S. Citizen.
• Must have 5 years of demonstrated experience actively working with the NIST 800 Series.
• Must have experience working with FIPS 200, FISMA, and the Privacy Act.
• Must possess a working knowledge of risk management principles and the associated artifacts required by FISMA.
• Must hold and maintain in good standing at least one of the following DOC-required professional cybersecurity certifications:
  • EC-C Certified Ethical Hacker (CEH)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Systems and Network Auditors (GSNA)
  • ISC2 Certified in Governance Risk and Compliance (CGRC)
  • ISC2 Certified Information System Security Professional (CISSP)
  • ISACA Certified Information System Auditor (CISA)

• Experience using the Cyber Security Assessment and Management (CSAM) tool for tracking and reporting assessment packages.
• Familiarity with Federal Risk and Authorization Management Program (FedRAMP) documentation and evaluating Cloud Service Providers (CSPs) like AWS or Azure.
• Knowledge of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and analyzing automated vulnerability scanner results.
• Prior experience handling, marking, and safely transmitting Controlled Unclassified Information (CUI).
• Strong technical writing and presentation skills required to deliver clear Assessment Results Briefings (ARB) to high-level agency stakeholders.
• Ability to demonstrate root cause analysis and troubleshooting skills during independent assessments.

IBSS offers a competitive benefits package that includes medical, dental, vision, and prescription drug coverage with a company-paid deductible, paid time off, federal holidays, a matching 401K plan, tuition/professional development reimbursement, and Flex-Spending (FSA)/Dependent Care Account (DCA) options.

IBSS is an affirmative action and equal opportunity employer. All qualified applicants will be considered for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.