Job Description
Job Requirements Arlington, VA Top Secret Polygraph Unspecified Career Level not specified $150,000 - $186,000 Job Description Zachary Piper Solution s is seeking a Senior Security Control Assessor Representative to support a high-visibility National Security contract in Arlington, VA (100% onsite) . The Senior SCAR will bring advanced cybersecurity assessment experience, deep knowledge of DoD RMF and NIST frameworks, and the ability to deliver independent risk determinations supporting cutting-edge AI/ML and data-driven mission systems. The Senior SCAR will play a critical role in evaluating system security posture, advising Authorizing Officials, and ensuring compliance while articulating real-world risk across complex enterprise environments. Responsibilities of the Senior Security Control Assessor Representative include:
Lead Risk Assessments:
Provide independent, authoritative risk determinations and recommendations to the Authorizing Official for Authority to Operate decisions Advise Senior Leadership:
Deliver strategic cybersecurity advisory support to AOs, Program Managers, & senior DoD leadership on authorization outcomes and risk posture Conduct Security Assessments:
Develop Security Assessment Plans, execute control assessments, and produce Security Assessment Reports Drive RMF Execution:
Apply DoD RMF methodologies to identify baselines, evaluate controls, and assess system security posture Monitor & Mitigate Risk:
Track POA&M activities, validate remediation efforts, and reassess residual risk Develop Authorization Artifacts:
Prepare Risk Recommendation Briefs, AO Determination packages, and continuous monitoring strategies Support Agile & OVL Processes:
Provide guidance on agile authorization pathways and Ongoing Authorization/OVL frameworks Evaluate System Architectures:
Analyze system and network diagrams to assess security impacts across enterprise environments Assess Modern Environments:
Evaluate security integration within DevSecOps pipelines, CI/CD workflows, and cloud-hosted systems Provide Compliance Advisory:
Ensure alignment with NIST, DoD, ISO, and cybersecurity best practices Brief Stakeholders:
Present authorization status, risk posture, and recommendations to senior military and government officials Qualifications of the Senior Security Control Assessor Representative include: 10+ years of cybersecurity experience, including senior-level risk management, assessment, or GRC roles Expert knowledge of RMF and regulatory frameworks Proven experience performing end-to-end A&A activities (SAP, SAR, POA&M, ATO packages) Strong understanding of networking fundamentals, system architecture, and security engineering principles Experience assessing cloud environments (AWS, Azure, GCP) including IaaS, PaaS, SaaS, and shared responsibility models Familiarity with DevSecOps, CI/CD pipelines, and automated security controls Hands-on experience with GRC tools such as eMASS, Xacta, or similar platforms Experience evaluating STIGs, Cloud Compliance Guides, and FedRAMP requirements Ability to author policies, procedures, and technical documentation Excellent communication skills with the ability to brief Senior Executive Service (SES) and military leadership Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (Master's preferred or equivalent experience) Active TS clearance (SCI eligible required) Active IAT/IAM II
Certification Compensation for the Senior Security Control Assessor Representative includes: Salary Range:
$150,000-186,000 •depending on experience•Benefits:
Medical, Dental, Vision, 401k Plan, Holidays, PTO, sick leave as required by law Keywords:
SCA, SCAR, Security Control Assessor, National Security, NatSec, federal, government, Arlington, VA, Virginia, DOD, DOW, Department of Defense, Department of War, TS, top secret, topsecret, top secret clearance, tssci, ts/sci, ts sci, Ts with sci, ts w/ sci, ts w sci, tswithsci, top secret with sci, CASP, CASP+, CASP +, CISSP, CASP+ CE, CASP+ce, certified information systems security professional, certified informations systems security professional, certified information system security professional, certified advanced security practitioner, comptia casp, comptia CASP+, Iat III, iat level iii, iat3, iat 3, iat level three, iat three, iatthree, iat3, GCED, GCIH, certified information systems auditor, certified information system auditor, GIAC Certified enterprise defender, GIAC certified incident handler, iam iii, iamiii, Iam level iii, iam level 3, iam level three, iam three, iam3, iam 3, cissp, gslc, cciso, certified information security manager, certified information systems security professional, certified information system security professional, giac security leadership, giac security leadership certification, chief information security officer, chief informations security officer, NIST, RMF, risk management framework, national institute of standards and technology, national institute of standards & technology, AI, AI/ML, system security posture, AO, Authorizing Official, risk, risk assessment, risk determination, Authority to Operate, ATO, cybersecurity, cyber, PM, program manager, SAR, Security Assessment Report, Security Assessment Plan, SAP, control assessment, controls, posture, monitor, mitigate, POA&M, remediation, Authorization Artifacts, artifact, Risk Recommendation Briefs, AO Determination packages, and continuous monitoring strategies, brief, package, ConMon, continuous Monitoring, ISO, CI/CD, continuous integration continuous delivery, continuous integration/continuous delivery information, continuous integration, governance risk and compliance, governance risk & compliance, continuous delivery security officer, automate, automated, automation, GRC, eMASS, Xacta, STIGs, Cloud Compliance, Cloud, FedRAMP, authorization status, risk posture, security technical implementation guide, security checklist, configuration handbook, regulatory framework, regulation, regulate, regulation, A&A, assessment & authorization, assessment and authorization, SAP, SAR, POA&M, ATO packages, networking fundamentals, system architecture, and security engineering principles, network, networking, architecture, system, security, engineer, engineering, AWS, Azure, GCP, amazon web services, google cloud platform, IaaS, PaaS, SaaS, shared responsibility model, DevSecOps, DevOps, technical documentation, brie, briefing, briefed, Senior Executive Service, SES, military leadership, military, government, Cybersecurity, Information Technology, Computer Science, IT, CS, #LI-SW1 #LI-ONSITE
group id: 10430981 Apply now
