Security Control Assessor

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work™

ASRC Federal is seeking a Security Control Assessor to support our federal customer in the Washington, DC metro area. This role provides leadership in implementing and overseeing federal cybersecurity programs for multiple sites across the nation. The successful candidate will conduct security control reviews aligned with federal standards, particularly NIST SP 800-53 and the Risk Management Framework (RMF). The assessor will collaborate closely with penetration testing teams to evaluate program-level risk and assist sites in developing effective remediation strategies.
Responsibilities

• Develop and execute assessment plans in alignment with NIST SP 800-53 security controls.
• Review and interpret outputs from cybersecurity tools (e.g., Tenable, CrowdStrike).
• Conduct security control reviews and assessments for federal systems under RMF.
• Collaborate with penetration testing teams to evaluate risk and inform remediation strategies.
• Provide mentorship to junior team members; contribute to the evolution of assessment methodologies and tools.
• Assist in the development of Authorization Packages, including:
  
  • System Security Plans (SSPs)
  • Security Assessment Reports (SARs)
  • Plan of Action and Milestones (POA&Ms)
• Support Purple Team engagement initiatives with sites.
• Interpret and apply FedRAMP security requirements and inherited cloud controls.
• Engage in discussions around architectural design and remediation strategies for common IT systems.
• Monitor emerging technologies and industry trends (e.g., AI) for potential impact on federal cybersecurity policies.

Requirements

• Education: Bachelor's degree in a related field.
• Experience: 10+ years of cybersecurity experience, with extensive knowledge of federal security controls and RMF.
• Experience in vulnerability analysis and remediation, including articulating the impact of unmet controls and threat actor behavior.
• Proficiency in developing comprehensive Authorization Packages (SSP, SAR, POA&M).
• Excellent written and oral communication skills with the ability to present technical findings to executive stakeholders.
• Clearance: Active DOE Q-Clearance or Top Secret (TS) equivalent.

Desired Skills

• Familiarity with FedRAMP, cloud security authorization, and inherited controls.
• Experience using Power BI for reporting and analytics.
• Proficiency in MS Office Suite (especially Excel and Word).
• Working knowledge of GRC platforms such as Archer and CSA GRC Tools.

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

EEO Statement

ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.