Security Controls Assessor (SCA) - Journeyman
Position Overview
Avint is seeking a highly motivated Journeyman Security Controls Assessor (SCA) in support of a critical federal contract. The Journeyman SCA is a mid-level professional responsible for executing standard security control assessments, evaluations, and compliance verifications across organizational information systems.
Requirements
- Education: Bachelor's degree (BS/BA) OR equivalent professional experience
- Security+: or higher
- Experience: Minimum of 6-8 years of dedicated experience in cybersecurity, information assurance, or IT auditing. At least six (6) years of dedicated experience performing hands-on security controls assessments of systems of moderate complexity (C2 & C3) with capability of supporting C4 assessments.
- Clearance Requirements: Must be a U.S. citizen (no dual citizenship) Ability to pass a background investigation Able to obtain and maintain DHS Suitability/Entry on Duty (EOD)
Responsibilities
- Security Assessment and Validation
- Verify compliance with established frameworks such as NIST SP 800-37, NIST SP 800-53, NIST SP 800-171, FISMA, and/or FedRAMP, depending on organizational requirements.
- Analyze system architectures, network diagrams, configuration settings, and policies to identify vulnerabilities and compliance gaps.
- Review vulnerability scanning results (e.g., Nessus, Qualys) and penetration testing reports to validate the implementation of technical controls.
- Document detailed testing results and draft sections of the Security Assessment Report (SAR), ensuring clear explanations of non-compliant findings.
- Present assessment findings and risk postures to Authorizing Officials (AO), system owners, and other stakeholders in clear, actionable terms.
- Assist system owners in the development of realistic Plans of Action and Milestones (POA&M) to remediate identified deficiencies.
- Collaborate with the Risk Management team to ensure assessment data accurately informs the organization's continuous monitoring strategy.
- Continuous Improvement and Strategy
- Stay current on emerging cyber threats, vulnerabilities, regulatory changes, and assessment techniques.
- Identify opportunities to automate assessment processes and integrate modern tooling into the assessment lifecycle.
- Participate in the development and refinement of enterprise information security policies, standards, and guidelines.
Technical Areas of Expertise
- Solid working knowledge of security control frameworks (specifically NIST SP 800-53, NIST SP 800-37, and NIST SP 800-171).
- Familiarity with cloud security concepts (AWS, Azure, Google Cloud) and cloud compliance frameworks (FedRAMP).
- Knowledge of operating system security, network protocols, access control mechanisms, and vulnerability management tools.
Benefits
Joining Avint is a win-win proposition! You will feel the personal touch of a small business and receive BIG business benefits, from competitive salaries, full health insurance, generous time off, and observation of federal holidays. Additionally, we encourage every Avint employee to further their professional development. To assist you in achieving your goals, we offer reimbursement for courses, exams, and tuition. Interested in a class, conference, program, or degree? Avint will invest in YOU and your professional development!
Salary Range
$104,000-$119,000