The job below is no longer available.

You might also like

in Arlington, VA

Use left and right arrow keys to navigate
Estimated Pay $21 per hour
Hours Full-time, Part-time
Location Arlington, Virginia

Compare Pay

Estimated Pay
We estimate that this job pays $21.09 per hour based on our data.




About this job

Job Description

Job Description

Position: Security Control Assessor II

Clearance: Top Secret (TS) Security Clearance current within the last five years

Work Location: Arlington, VA 

Work Schedule: Monday through Friday onsite (Regular Full-time)

Work authorization: United States (Required) 


Position Summary

The Security Control Assessor (SCA) is responsible for providing Cybersecurity Services throughout the cybersecurity lifecycle process for Information Systems (IS), Platform Information Technology (PIT), Information Technology (IT) Services, and IT products that are or will be assessed or assessed and authorized by Authorizing Officials (AOs). You will perform all six steps RMF/JSIG processes, with a focus on Steps 4 and 5, Assessing Security Controls and Authorizing the System. The SCA will perform research of known threats and threat vectors on a variety of classified systems. You will review documentation and provide guidance for cleaning and sanitizing to include but not limited to; magnetic memory connected storage devices, system memory, data backup devices, mother/system boards, optical media, servers, backup media, Read Access Memory/Read Only Memory/Erasable Programmable Read-Only Memory/Electrically Erasable Programmable Read Only Memory/Field Programmable Gate Array and Redundant Array of Independent Disks/Small Computer System Interface (RAM/ROM/EPROM/EEPROM/FPGA and RAID/SCSI). With the approval of the AO, the SCA will be responsible for writing sanitization and/or destruction procedures that enable field activities to perform sanitization of media and Low Replaceable Units. The Security Control Assessor must have a minimum of five years of experience and a current Top Secret Clearance and be willing to submit to a Counterintelligence polygraph.  You must be able to work onsite in Arlington, VA. 

Duties shall include, but are not limited to the following:

  • Perform oversight of the development, implementation, and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures
  • Perform analysis of network security, based upon the Risk Management Framework (RMF), Joint Special Access Program Implementation Guide (JSIG), DCID 6/3, DITSCAP, and/or DIACAP certification and accreditation/authorization and assessment processes (C advise the customer on Information Technology (IT) C&A/A&A issues
  • Advise the Authorizing Official (AO), Delegated Authorizing Official (DAO), Office of Chief Information Officer (OCIO), and/or Program Security Officer (PSO) on assessment methodologies and processes
  • Evaluate certification documentation and provide written recommendations for accreditation to government Program Managers (PMs)
  • Periodically review system security to accommodate changes to policy or technology
  • Develop, implement, provide guidance, and enforce Automated IS (AIS) security policies and procedures
  • Ensure that all Information System Security Officers (ISSOs), network administrators, and other AIS personnel receive the necessary technical and security training to carry out their duties
  • Conduct certification tests that include verification that the features and assurances required for each protection level are functional
  • Develop policies and procedures for responding to security incidents, and for investigating and reporting security violations and incidents
  • Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system
  • Ensure that data ownership and responsibilities are established for each AIS, to include accountability, access rights, and special handling requirements
  • Ensure development and implementation of an information security education, training, and awareness program, including attending, monitoring, and presenting local AIS security training.
  • At the conclusion of each security assessment activity, prepare the final Security Assessment Report (SAR) containing the results and findings from the assessment
  • Evaluate and monitor Plan of Action and Milestone (POA&M) activities to ensure proper and timely remediation actions are taken with respect to identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR

Position Qualifications

  • Bachelors degree in a related discipline with a minimum of 5 years experience
  • 7-9 years related experience (9 years minimum, if no degree)
  • Extensive experience with Information Assurance (IA) vulnerability scanning software tools, implementing Security Technical Implementation Guides (STIGS), and applying IA Vulnerability Assessment (IAVA) patches.
  • Extensive experience creating and maintaining various security documents such as the Security Control Plan/Vulnerability Security Review (SCP/VSR), System Backup and Recovery Plans (SBRPs) and POA&M tables.
  • Available to work before/after typical office hours as work may demand
  • Must be able to lift 50 lbs
  • Excellent briefing and technical writing skills.
  • Impeccable customer service skills.
  • Read, speak, and understand the English language fluently.
  • Expert experience using Microsoft Office Suite and Adobe tools and systems to include Excel, Project, Teams, SharePoint, Word, and PowerPoint.
  • Complete a security screening interview. 
  • The employee must maintain clearance, eligibility throughout employment. 
  • Must meet client suitability. 

Additional Information

  • This job description is not designed to cover or contain all job duties required of the employee. There may be additional activities, duties, and/or responsibilities that are required for this position that is not listed in this job description.
  • In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

Pendleton Solutions, LLC is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.  


Please note that PenSol does not accept unsolicited resumes from recruiters or employment agencies. In the absence of a signed Recruitment Fee Agreement, PenSol will not consider or agree to payment of any referral compensation or recruiter fee. Suppose a recruiter or agency submits a resume or candidate without a previously signed agreement. In that case, PenSol explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of PenSol.