Back to all jobs

Security Control Assessor

Booz Allen

Jul 15

Security Control Assessor

The Challenge:

Warnings about cyber threats are everywhere and the constantly evolving nature of these threats can make understanding them seem overwhelming to government agencies. In all of this “cyber noise”, how can these organizations understand their risks and how to mitigate them? The answer is you – an information security risk specialist who will break down complex threats into manageable plans of action.

As a Security Control Assessor on our team, you will assess the implementation of NIST SP 800-53 security controls for major applications and general support systems using manual and automated test methods. Assess the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities. Support security assessment and authorization (A&A) within the system development life cycle to maintain system authorizations (ATO) and continuous monitoring of security controls. Identify and track corrective actions for mitigation of security risk and defects in the POA&M. Work on translating security concepts for your client so they can make the best decisions to secure their mission critical systems and networks. This is your opportunity to take an active role in information security while growing your skills in risk assessment of hardware and software vulnerabilities. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.

You Have:

  •  6+ years of experience with conducting Security Control Assessments (SCA) in support of system authorization processes on federal applications and GSSs, including RMF steps 4-6, such as Assess, Authorize, and Monitor in accordance with NIST SP 800-53A and NIST SP 800-37 Rev.1
  • Experience with developing SCA artifacts, including the Security Assessment Plan (SAP), Security Assessment Reports (SAR), and System Security Plan (SSP)
  • Experience with developing Plans of Action and Milestones (POA&Ms), including providing risk mitigation strategies, steps, and milestones
  • Knowledge of computer networking concepts and protocols, network security methodologies, risk management processes, including methods for assessing and mitigating risk, cybersecurity and privacy principles, cyber threats and vulnerabilities, and application vulnerabilities
  • Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
  • BA or BS degree

Nice If You Have:

  • Experience with conducting automated vulnerability scans, recognizing vulnerabilities in security systems and interpreting vulnerability scan results to identify risk


Applicants selected may be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client.


The proposed salary range for this position in Colorado is $115,000 to $125,000. Final salary will be determined based on various factors.

At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

  • Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.
  • Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.
  • Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.
  • Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.
  • Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.