Security Control Assessor (Unclassified)

Job Summary

Implements, maintains, and assesses security controls supporting enterprise and government systems in alignment with approved baselines, organizational requirements, and federal cybersecurity standards. Supports system authorization activities, including the development, maintenance, and delivery of System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and related security documentation required for Authorization to Operate (ATO) approval.Monitors system security posture, identifies risks, vulnerabilities, and compliance gaps, and coordinates remediation activities with system owners, technical teams, cybersecurity operations, and governance stakeholders. Supports continuous monitoring, vulnerability management, configuration management, change management, audit preparation, and security reporting activities. Assesses the security impact of system changes and ensures systems are prepared for security assessments, audits, and Authorizing Official reviews.Serves as a cybersecurity liaison between system teams, cybersecurity operations, and governance bodies to support secure system operations, compliance, and delivery of System Security Plans to the Y-12 Field Office for Approval to Operate. This is a remote position.

Key Skills & Experience

• Five (5+) to ten (10+) years of experience in cybersecurity, information systems security, security control assessment, ISSO support, system authorization, or programs and contracts of similar scope, type, and complexity is required.
• Firm understanding of NIST SP 800-37 and NIST SP 800-53.
• Experience implementing, maintaining, and assessing security controls aligned with approved security baselines and organizational requirements.
• Experience supporting system authorization activities, including preparation and maintenance of System Security Plans (SSPs), POA&Ms, and other ATO-related documentation.
• Experience monitoring system security posture and identifying risks, vulnerabilities, compliance gaps, and remediation requirements.
• Experience tracking and managing POA&Ms and coordinating remediation activities with system owners, technical stakeholders, and cybersecurity teams.
• Experience supporting continuous monitoring activities, vulnerability management, security reporting, and audit readiness.
• Experience assessing the security impact of system changes and supporting configuration and change management processes.
• Experience preparing systems for security assessments, audits, and Authorizing Official reviews.
• Ability to serve as a security liaison between system teams, cybersecurity operations, and governance bodies.
• Experience working in secure government, DOE, or federal cybersecurity environments preferred.

Education, Certifications, & Credentials

• Associate’s, Bachelor’s, or Master’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related technical field preferred.
• Technical field experience may be weighted greater than minimum education requirements.
• No clearance is required for this position.

This is a remote position.

All duties and responsibilities may not captured in this job description. To find out more, please reach out to the recruiter for this role.