Security Control Assessor

Description

Leidos is seeking multiple Security Control Assessors to support our assessment team. These positions can be based out of any of our three locations - Alexandria, VA, Fort Meade, MD, or Chambersburg, PA. These positions are primarily on-site, with some limited hybrid/telework.

Responsibilities:

• Conduct cybersecurity assessments, audits, and inspections for DoD organizations and partners handling DoD information or connecting to the DoDIN.
• Evaluate systems and Defensive Cyberspace Operations using cyber threat emulation and performance-based testing.
• Adhere to policies and processes for each assessment type.
• Support assessment development and execution to ensure security expertise is properly applied.
• Coordinate logistics, test plans, and scope with the SCA Team Lead.
• Perform vulnerability assessments, capture results using STIG Viewer or designated tools, and document findings in eMASS.
• Analyze security gaps and provide mitigation recommendations.
• Validate cybersecurity controls, TTPs, STIGs, RMF controls, and compliance with DoD policies and guidelines.
• Provide risk analysis and assessment results for authorization recommendations.
• Participate in daily assessment reviews, in-briefs, and out-briefs, sharing findings with the SCA-R.
• If senior staff, mentor and guide personnel by providing technical expertise, best practices, and professional development support to enhance team capabilities and knowledge

• Active DoD Top Secret clearance with SCI eligibility required
• Current DoD 8570 IAM II or IAT II certification
• Strong written and verbal communication skills for reporting assessment findings
• Education and experience as required per job level:
  • Level I:
    • Bachelor's degree (IT-related field preferred) and three (3) years of cybersecurity or network security experience. Additional relevant experience may be considered in lieu of degree.
    • Familiarity with STIGs (Security Technical Implementation Guides), Plan of Action and Milestones (POA&Ms) and cybersecurity best practices, and relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS
    • Understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253
  • Level II:
    • Bachelor's degree (IT-related field preferred) and five (5) years of cybersecurity or network security experience. Additional relevant experience may be considered in lieu of degree.
    • Three (3) years of experience in a Certification and Accreditation/A&A role
    • Demonstrated experience with STIGs, SRGs, POA&Ms and cybersecurity best practices, as well as relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS
      Strong understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253, as well as key technologies areas/domain such as: Network, Mobility, Windows, UNIX, Cloud Environments and Cloud Native Tools/Services, Host Based Security System (HBSS)/Endpoint Security Solutions (ESS), Databases, Applications
  • Level III:
    • Bachelor's degree (IT-related field preferred) and eight (8) years of cybersecurity or network security experience. Additional relevant experience may be considered in lieu of degree.
    • Five (5) years of experience in a Certification and Accreditation/A&A role
    • Demonstrated experience with STIGs, SRGs, POA&Ms and cybersecurity best practices, as well as relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS
    • Advanced understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253, as well as key technologies areas/domain such as: Network, Mobility, Windows, UNIX, Cloud Environments and Cloud Native Tools/Services, Host Based Security System (HBSS)/Endpoint Security Solutions (ESS), Databases, Applications