Security Controls Assessor

The Security Controls Assessor (SCA) is responsible for conducting independent comprehensive assessments of management operational and technical security controls implemented within information technology (IT) systems. The SCA evaluates the effectiveness of security controls and control enhancements in accordance with the Risk Management Framework (RMF) and applicable NIST guidance including NIST SP 800-37 and NIST SP 800-53.

This role supports system authorization decisions by identifying risks validating security posture and ensuring compliance with federal cybersecurity requirements across the system lifecycle. The position is 100% onsite in Oak Ridge Tennessee supporting a secure environment.

Key Responsibilities (All Levels)

• Conduct independent security control assessments of management operational and technical controls including inherited controls to determine overall system security effectiveness.
  

• Evaluate control implementation and effectiveness in alignment with NIST SP 800-37 and NIST SP 800-53.
  

• Develop Baseline and Risk Assessments (BARA) for new applications systems or capabilities deployed into the environment.
  

• Support all applicable phases of the Risk Management Framework (RMF) including:
  

  • Prepare
    

  • Categorize
    

  • Select
    

  • Implement
    

• Support system authorization activities including preparation for security assessments audits and Authorizing Official (AO) reviews.
  

• Contribute to the development review and maintenance of System Security Plans (SSPs) Plans of Action and Milestones (POA&Ms) and other RMF artifacts.
  

• Monitor system security posture and identify risks vulnerabilities and compliance gaps.
  

• Track manage and coordinate POA&Ms including remediation activities with system owners and technical stakeholders.
  

• Assess the security impact of system changes and support configuration and change management processes.
  

• Support continuous monitoring activities including vulnerability management and security reporting.
  

• Serve as a security liaison between system teams cybersecurity operations and governance bodies.
  

• Maintain awareness of evolving federal cybersecurity standards policies and best practices
  

• Must be a US Citizen
  
• Must possess either an active Q clearance or clearance that can reciprocate as Q
  
• Must be local to the Oak Ridge TN area or willing to relocate
  
• Must be comfortable working in an on-site setting
  

Knowledge

• Firm understanding of the Risk Management Framework (RMF) and its application across system lifecycles.
  

• Strong working knowledge of NIST SP 800-37 and NIST SP 800-53 including control families and assessment methodologies.
  

• Knowledge of federal system authorization and compliance processes.
  

Skills

• Ability to implement and maintain security controls aligned with approved baselines and organizational requirements.
  

• Skilled in developing reviewing and maintaining RMF documentation including SSPs and POA&Ms.
  

• Proficient in identifying documenting and communicating risks vulnerabilities and compliance gaps.
  

• Capable of assessing the security implications of system changes and supporting change management workflows.
  

• Strong analytical and technical writing skills for security assessments and reporting.
  

Abilities

• Ability to independently perform security control assessments and evaluate control effectiveness.
  

• Ability to coordinate remediation efforts across technical operational and management stakeholders.
  

• Ability to support audits assessments and AO decision-making processes.
  

• Ability to function as a trusted liaison between system teams cybersecurity operations and governance bodies.
  

• Ability to operate effectively in high-security regulated environments.
  

Requirements

Education & Experience

• Bachelors degree in a technical field with limited experience OR
  

• Associates degree in a technical field with 25 years of related experience
  

Knowledge & Skills

• General knowledge and understanding in area of expertise and associated equipment processes or systems.
  

Education & Experience

• Masters degree in a technical field with limited experience OR
  

• Bachelors degree in a technical field with 25 years of related experience OR
  

• Associates degree in a technical field with 510 years of related experience
  

Knowledge & Skills

• Advanced understanding of security controls and RMF processes.
  

• Advanced knowledge and understanding in area of expertise and associated equipment processes or systems.
  

• Ability to execute assessments with oversight on complex systems.
  

Education & Experience

• PhD in a technical field with limited experience OR
  

• Masters degree in a technical field with 25 years of related experience OR
  

• Bachelors degree in a technical field with 510 years of related experience OR
  

• Associates degree in a technical field with 1015 years of related experience
  

Knowledge & Skills

• Demonstrated in-depth knowledge and skills in a technical speciality.
  

• Leads complex assessments and mentors junior assessors.
  

Education & Experience

• PhD in a technical field with 25 years of related experience OR
  

• Masters degree in a technical field with 510 years of related experience OR
  

• Bachelors degree in a technical field with 1015 years of related experience OR
  

• Associates degree in a technical field with 1520 years of related experience
  

Knowledge & Skills

• Demonstrated in-depth knowledge and skills in a technical specialty

• Recognized subject matter expert.
  

• Provides technical leadership and strategic risk guidance.
  

• Technical field experience is weighted greater than minimum education requirements.
  

• Equivalent combinations of education and experience will be considered in accordance with contract requirements.
  

Clearance Requirement

• Active DOE Q Clearance required OR
  

• Active clearance eligible for reciprocity to a Q Clearance
  

• Ability to maintain clearance eligibility throughout employment is required.
  

Additional Preferred Experience

• Operational Technology (OT) / Industrial Control Systems (ICS) experience is a strong plus.
  

• Experience supporting high-impact or mission-critical systems in regulated environments.
  

Specific Requirements (all levels)

• Demonstrated correlation between experience and stated KSAs.
  

• Firm understanding and applied experience with NIST SP 800-37 and NIST SP 800-53.
  

Benefits

Health and Wellness

• UnitedHealthcare PPO with 100% preventive care
  
• 24/7 telemedicine & behavioral health access
  
• Dental PPO ($1500 max) & Vision plan ($10 exams $150 frame allowance)
  
• Exercise reimbursement up to $360 per year
  

Financial Security

• Employer HSA match up to $1200 (individual) or $2400 (family) annually
  
• 401(k) plan with immediate eligibility and 100% vesting
  
• Employer 401(k) match up to 4% after 1 year
  
• Company-paid Life & AD&D (up to $100000)
  
• Short-Term Disability: 60% pay / $1000 weekly
  
• Long-Term Disability: up to $8000 monthly
  
• Tuition reimbursement: up to $5000/year
  
• Technology reimbursement: $500 after 1st year and every 3 years thereafter
  

Work-Life Balance

• 11 paid federal holidays (may vary by program)
  
• PTO accrual from day one
  
• Remote flexibility for eligible positions
  

Employee & Family Support

• Day-one eligibility for all benefits
  
• Dependent coverage up to age 26
  
• Employee Assistance Program (EAP) confidential counseling legal and financial support
  
• Travel Assistance Program emergency medical evacuation and global support
  
• Referral commendation and milestone service bonuses
  

*Employee plan details may vary annually please reach out to for any questions regarding benefits and eligibility. Some restrictions may apply.