Senior Security Control Assessor (TS/SCI #26-067)
Strategic Analysis, Inc.
Arlington County, Arlington, VA, USA
5/1/2026
Full Time
Strategic Analysis, Inc. is seeking an experienced Senior Security Control Assessor (SCA) to support Risk Management Framework (RMF) activities, including assessment, authorization, and continuous monitoring of information systems. This role focuses on evaluating security controls, identifying risks, and supporting authorization decisions within DoD and/or IC environments.
Responsibilities
·Assess the effectiveness of security controls in accordance with RMF
·Perform security reviews to identify gaps in system architecture and design
·Conduct risk analysis and develop mitigation recommendations
·Execute security authorization reviews and support ATO decisions
·Validate security posture of systems, networks, and applications
·Monitor and evaluate compliance across information systems
·Develop Statements of Risk (SORs) and document security findings
·Provide authorization recommendations to the Authorizing Official (AO)
Qualifications & Requirements
·7+ years of cybersecurity experience supporting RMF/A&A activities
·Previous experience in SCA, ISSM, ISSO, or ISSE roles
·Strong working knowledge of Secure Systems & Cloud/AI/ML Environments and NIST RMF frameworks in advanced R&D portfolios
·Experience with GRC/RMF tools such as XACTA, eMASS, or ServiceNow (SNOW)
·IAM Level III certification (CISM, CISSP, or GSLC)
·Ability to assess vulnerabilities, analyze risk, and document findings clearly
Preferred
·Experience supporting DoD, IC, or SAP environments
·Knowledge of FedRAMP and cloud security requirements
·Familiarity with STIGs, SRGs, and continuous monitoring practices
Travel: Up to 50% travel required during the first year.
Clearance
· Active TS w/ CI Poly
Responsibilities
·Assess the effectiveness of security controls in accordance with RMF
·Perform security reviews to identify gaps in system architecture and design
·Conduct risk analysis and develop mitigation recommendations
·Execute security authorization reviews and support ATO decisions
·Validate security posture of systems, networks, and applications
·Monitor and evaluate compliance across information systems
·Develop Statements of Risk (SORs) and document security findings
·Provide authorization recommendations to the Authorizing Official (AO)
Qualifications & Requirements
·7+ years of cybersecurity experience supporting RMF/A&A activities
·Previous experience in SCA, ISSM, ISSO, or ISSE roles
·Strong working knowledge of Secure Systems & Cloud/AI/ML Environments and NIST RMF frameworks in advanced R&D portfolios
·Experience with GRC/RMF tools such as XACTA, eMASS, or ServiceNow (SNOW)
·IAM Level III certification (CISM, CISSP, or GSLC)
·Ability to assess vulnerabilities, analyze risk, and document findings clearly
Preferred
·Experience supporting DoD, IC, or SAP environments
·Knowledge of FedRAMP and cloud security requirements
·Familiarity with STIGs, SRGs, and continuous monitoring practices
Travel: Up to 50% travel required during the first year.
Clearance
· Active TS w/ CI Poly
PI284235537