Job Requirements
Washington, DC
Top Secret Polygraph Unspecified
Career Level not specified
$170,000 - $210,000
Job Description
Zachary Piper Solutions is seeking a Security Controls Assessor to support a company focused on accelerating the delivery of modern software into government and defense environments. This position is based out of Washington, DC. The Security Controls Assessor will conduct enterprise and mission-focused security assessments to enable rapid authorization and deployment of software into classified and secure systems. This role is critical to keeping mission-essential technology moving into operational use without slowing innovation at the highest classification levels.
Responsibilities for the Security Controls Assessor include:
Required Qualifications for the Security Controls Assessor include:
Compensation for the Security Controls Assessor include:
#LI-MZ1 #LI-ONSITE
Keywords: Security Controls Assessor, Security Control Assessor, Security Controls Assessment, Security Control Assessment, SCA, SCA cybersecurity, SCA security assessor, cyber SCA, RMF, RMF analyst, RMF engineer, RMF assessor, RMF security controls, Risk Management Framework, NIST RMF, NIST 800-53, NIST 80053, NIST SP 800-53, NIST compliance, NIST cybersecurity roles, ATO, Authority to Operate, ATO specialist, ATO analyst, ATO engineer, ATO package, ATO process, FedRAMP, FedRAMP assessor, FedRAMP security, federal compliance security, DoD cybersecurity, Department of Defense cyber jobs, IL4, IL5, IL6, Impact Level 5, Impact Level 6, IL5 security, IL6 security, classified systems security, TS SCI, TS/SCI, Top Secret SCI, Top Secret clearance jobs, TS clearance cyber, SCI eligible roles, cleared cybersecurity jobs, cleared cyber security, cleared security assessor, government cybersecurity jobs, gov cyber jobs, gov't cyber security, defense contractor cyber jobs, defense cybersecurity roles, federal contractor cybersecurity, Washington DC cyber jobs, DC cybersecurity jobs, onsite cybersecurity jobs DC, security assessor Washington DC, enterprise security assessment, enterprise cyber security, mission systems security, mission focused cybersecurity, mission assurance cyber, mission critical cybersecurity, software security assessor, application security assessor, system security assessor, cloud security, cloud security assessor, AWS security, AWS cybersecurity, Azure security, Azure cybersecurity, GCP security, Google Cloud security, multi cloud security, cloud compliance, cloud RMF, Kubernetes security, kubernetes security engineer, docker security, container security, container security assessor, DevSecOps, DevSecOps engineer, DevSecOps security, DevSecOps pipeline security, CI/CD security, CICD security, pipeline security, platform security engineer, systems security engineer, network security engineer, cybersecurity engineer, cyber security engineer, information security engineer, infosec engineer, information assurance, IA security, IA analyst, cybersecurity analyst, cyber analyst, security analyst cleared, ISSM support, ISSO support, ISSM cybersecurity, ISSO cybersecurity, Authorizing Official support, AO support, ATO extension support, ATO renewal, ATO reciprocity, reciprocity cybersecurity, audit preparation cybersecurity, cyber audit support, security audit readiness, SSP, System Security Plan, SSP development, SSP review, SAP cybersecurity, Security Assessment Plan, SAR cybersecurity, Security Assessment Report, RMF artifacts, RMF documentation, control validation, control assessment, inherited controls, hybrid cloud security, secure cloud architecture, enterprise architecture security, software accreditation, system accreditation, cybersecurity accreditation, authorization packages, security authorization, continuous monitoring, conmon, continuous monitoring RMF, vulnerability assessment, vulnerability scanning, STIG compliance, DISA STIGs, DISA compliance, DoD RMF, DoD 8570, DoD 8140, cyber compliance, regulatory compliance cybersecurity, governance risk compliance, GRC cybersecurity, GRC analyst, GRC engineer, cyber risk analyst, risk assessment cybersecurity, risk management cyber, security risk assessment, cyber risk management, technical security risk, threat assessment, threat modeling, security controls validation, control implementation, control mapping, control testing, system hardening, secure systems engineering, embedded systems security, unmanned systems security, UAV cybersecurity, drone cybersecurity, sensor security, C2 security, command and control cybersecurity, AI security, AI cybersecurity, AI enabled systems security, machine learning security, ML security, advanced cyber defense, modern software security, software delivery security, secure software pipeline, agile security, agile cybersecurity, DevOps security, DevOps cyber, software security compliance, high assurance systems, national security systems, NSS cybersecurity, classified environment cyber, secure environments cyber, high side cybersecurity, low side to high side transition, cross domain security
Responsibilities for the Security Controls Assessor include:
- Conduct security control assessments for enterprise and mission systems transitioning from IL4/IL5 to IL6 environments
- Review, validate, and map RMF artifacts including SSPs, SAPs, SARs, inherited controls, and cloud architectures
- Support Authorizing Officials (AOs) and ISSMs with ATO extensions, reciprocity decisions, and audit preparation
- Assess operational mission technologies including unmanned systems, sensors, C2 platforms, and AI-enabled systems
- Serve as a trusted advisor translating technical security risk into decision-ready guidance for leadership and acquisition teams
Required Qualifications for the Security Controls Assessor include:
- 5-10+ years of experience supporting ATO, RMF, and security assessments in IL5 and/or IL6 environments
- Experience with AWS, Azure, or GCP cloud environments; Kubernetes, Docker, and DevSecOps pipelines
- Strong technical skills in systems administration, networking, and/or software development with enterprise architectures
- Active Top Secret clearance with SCI eligibility
- Preferred: CISSP, CCSP, AWS/Azure Certs
Compensation for the Security Controls Assessor include:
- Salary Range: $170,000 - $210,000 depending on experience
- Full Benefits Package: PTO, Paid Holidays, Medical, Dental, Vision, 401K, Tuition Reimbursement, Sick leave as required by law
#LI-MZ1 #LI-ONSITE
Keywords: Security Controls Assessor, Security Control Assessor, Security Controls Assessment, Security Control Assessment, SCA, SCA cybersecurity, SCA security assessor, cyber SCA, RMF, RMF analyst, RMF engineer, RMF assessor, RMF security controls, Risk Management Framework, NIST RMF, NIST 800-53, NIST 80053, NIST SP 800-53, NIST compliance, NIST cybersecurity roles, ATO, Authority to Operate, ATO specialist, ATO analyst, ATO engineer, ATO package, ATO process, FedRAMP, FedRAMP assessor, FedRAMP security, federal compliance security, DoD cybersecurity, Department of Defense cyber jobs, IL4, IL5, IL6, Impact Level 5, Impact Level 6, IL5 security, IL6 security, classified systems security, TS SCI, TS/SCI, Top Secret SCI, Top Secret clearance jobs, TS clearance cyber, SCI eligible roles, cleared cybersecurity jobs, cleared cyber security, cleared security assessor, government cybersecurity jobs, gov cyber jobs, gov't cyber security, defense contractor cyber jobs, defense cybersecurity roles, federal contractor cybersecurity, Washington DC cyber jobs, DC cybersecurity jobs, onsite cybersecurity jobs DC, security assessor Washington DC, enterprise security assessment, enterprise cyber security, mission systems security, mission focused cybersecurity, mission assurance cyber, mission critical cybersecurity, software security assessor, application security assessor, system security assessor, cloud security, cloud security assessor, AWS security, AWS cybersecurity, Azure security, Azure cybersecurity, GCP security, Google Cloud security, multi cloud security, cloud compliance, cloud RMF, Kubernetes security, kubernetes security engineer, docker security, container security, container security assessor, DevSecOps, DevSecOps engineer, DevSecOps security, DevSecOps pipeline security, CI/CD security, CICD security, pipeline security, platform security engineer, systems security engineer, network security engineer, cybersecurity engineer, cyber security engineer, information security engineer, infosec engineer, information assurance, IA security, IA analyst, cybersecurity analyst, cyber analyst, security analyst cleared, ISSM support, ISSO support, ISSM cybersecurity, ISSO cybersecurity, Authorizing Official support, AO support, ATO extension support, ATO renewal, ATO reciprocity, reciprocity cybersecurity, audit preparation cybersecurity, cyber audit support, security audit readiness, SSP, System Security Plan, SSP development, SSP review, SAP cybersecurity, Security Assessment Plan, SAR cybersecurity, Security Assessment Report, RMF artifacts, RMF documentation, control validation, control assessment, inherited controls, hybrid cloud security, secure cloud architecture, enterprise architecture security, software accreditation, system accreditation, cybersecurity accreditation, authorization packages, security authorization, continuous monitoring, conmon, continuous monitoring RMF, vulnerability assessment, vulnerability scanning, STIG compliance, DISA STIGs, DISA compliance, DoD RMF, DoD 8570, DoD 8140, cyber compliance, regulatory compliance cybersecurity, governance risk compliance, GRC cybersecurity, GRC analyst, GRC engineer, cyber risk analyst, risk assessment cybersecurity, risk management cyber, security risk assessment, cyber risk management, technical security risk, threat assessment, threat modeling, security controls validation, control implementation, control mapping, control testing, system hardening, secure systems engineering, embedded systems security, unmanned systems security, UAV cybersecurity, drone cybersecurity, sensor security, C2 security, command and control cybersecurity, AI security, AI cybersecurity, AI enabled systems security, machine learning security, ML security, advanced cyber defense, modern software security, software delivery security, secure software pipeline, agile security, agile cybersecurity, DevOps security, DevOps cyber, software security compliance, high assurance systems, national security systems, NSS cybersecurity, classified environment cyber, secure environments cyber, high side cybersecurity, low side to high side transition, cross domain security
group id: 10430981
