Security Control Assessor (SCA)
Job Description
Job DescriptionDescription:
* This position is contingent upon a future opening with Gunnison.
Salary: $125,000 - $135,000/year
Work Location: This position will be primarily remote, with the possibility of on-site work requirements up to and including eventual return-to-office.
The Security Control Assessor (SCA) supports Independent Security Control Assessment (ISCA) activities under RMF Step 4 for federal client systems. This role focuses on executing assessment tasks, collecting evidence, and documenting control effectiveness to ensure systems meet federal cybersecurity requirements.
Duties and responsibilities include:
- Assist in the development of Security Assessment Plans (SAPs) by identifying security controls to be tested and assessment methods.
- Conduct testing of implemented security controls using examination, interview, and technical evaluation techniques in alignment with NIST SP 800-53A Rev. 5 and SP 800-115.
- Collect and validate objective evidence including screenshots, logs, and configurations to support assessment results.
- Document assessment results in test cases, checklists, and supporting artifacts.
- Support preparation of Security Assessment Reports (SARs) by summarizing findings and mapping them to applicable NIST controls.
- Collaborate with ISSOs, system owners, and other stakeholders to clarify scope, address discrepancies, and resolve issues.
- Participate in remediation and retesting activities, validating fixes and updating assessment documentation.
- Contribute to continuous monitoring by performing follow-up assessments and updating risk documentation as directed.
Requirements:
- 3–5 years of experience performing cybersecurity control assessments or related RMF activities.
- Working knowledge of NIST RMF, FISMA, and NIST SP 800-53/53A control assessment procedures.
- Hands-on experience with security testing tools and techniques (e.g., Nessus, database scanners, manual validation).
- Strong attention to detail and ability to maintain thorough documentation.
- Ability to work collaboratively under the guidance of the Lead SCA and coordinate with ISSOs and system stakeholders.
- Industry certification preferred (e.g., Security+, CAP, CISA, CISSP Associate).
Clearance Requirement: Active Secret clearance required.
The salary range for this position depends upon multiple factors including location, the individual's knowledge, skills, competencies, and experience, and contract-specific budget constraints and organizational requirements.
Gunnison Consulting Group's total compensation package also includes bonus and profit-sharing opportunities, depending on company and employee performance. Available employee benefits include:
- 3 weeks of Personal Leave your first year
- 11 paid Holidays each year
- 5 days of Flexible Time Off each year
- 401(k) company match at 50% up to 10% of your salary
- Medical, Dental and Vision Insurance
- Life and Disability Insurance
- Public Transportation Subsidies
- Certifications and Training Allowance - $2,500/year!
Why Join Gunnison?
- Gunnison takes on ambitious projects. We target fun, challenging work that requires creative thinking and innovation.
- Quality is our top priority.
- Gunnison employee benefits meet or exceed what other companies in the Washington, D.C. metropolitan area offer.
- There is a great sense of camaraderie at Gunnison. This is an atmosphere we will maintain as we continue to grow.
- We are growing rapidly and the opportunity for individual professional growth with Gunnison is outstanding.
- We hire for careers at Gunnison, not to fill a position.
Equal Opportunity/Affirmative Action Employer. Must be eligible for employment in the United States. We are unable to sponsor candidates at this time.
In 1994 Gunnison began serving the greater Washington, D.C. metro area, focused on tackling our customers' most ambitious technology projects. By creating a culture dedicated to enabling our customers and employees to achieve more than they ever thought they could, the company has thrived for over 25 years.