Security Control Assessor

Description

We are seeking a highly skilled and self-motivated Security Control Assessor to join our team in support of the Antitrust Division (ATR) of the U.S. Department of Justice (DOJ). This role will involve performing security control assessments, utilizing the NIST Risk Management Framework (RMF), and supporting the overall cybersecurity efforts to safeguard DOJ systems and information. The ideal candidate will have a strong background in security control assessments, specifically utilizing the NIST RMF and related publications.

This is an on-site position based in the D.C. area with occasional travel.

Responsibilities:

• Perform security control assessments using the NIST Risk Management Framework (RMF) for DOJ ATR systems.
• Leverage the Joint Cybersecurity Authorization Management (JCAM) system (formerly CSAM) to conduct assessments, manage security controls, and provide recommendations.
• Collaborate with Information System Security Officers (ISSOs) and other teams to obtain required information and support system security assessments.
• Develop and maintain Plans of Actions and Milestones (POAMs) and provide recommendations for mitigating security risks.
• Review and assess system security documentation, including System Security Plans (SSPs), security assessments, and continuous monitoring activities.
• Conduct vulnerability management activities, including assessing remediation efforts and verifying controls.
• Provide recommendations on account management, configuration management, incident response, cloud computing environments, and contingency planning.
• Maintain and update knowledge of federal security requirements and industry standards.
• Work independently and manage tasks effectively while maintaining flexibility to adapt to changes in tasking.
  

Personal Skills:

• Analytical: Ability to assess complex security issues and propose solutions.
• Independent: Able to work autonomously with little to no supervision.
• Team-Oriented: Collaborates effectively with ISSOs and other stakeholders.
• Flexible: Adaptable to changes in priorities or tasking.
• Inquisitive: Strong ability to ask the right questions to gather information and clarify requirements.
• Outgoing: Comfortable interacting with multiple teams to gather necessary information and support security efforts.
  

Job Requirements:

• Education & Experience:
  • Bachelor's degree with 8 years of relevant experience. Additional experience may be considered in lieu of a degree.
  • Minimum of 3 to 5 years performing security control assessments using the NIST Risk Management Framework (RMF).
  • Experience with DOJ ATR or similar organizations is preferred but not required.
    
• 
  Knowledge of NIST Risk Management Framework (RMF):
  • SP 800-53A Rev. 5: Assessing Security and Privacy Controls in Information Systems and Organizations
  • SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations
  • SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations
  • SP 800-137: Information Security Continuous Monitoring (ISCM)
  • SP 800-18 Rev. 1: Guide for Developing Security Plans for Federal Information Systems
  • FIPS 200: Minimum Security Requirements for Federal Information and Information Systems
  • FIPS 199: Standards for Security Categorization of Federal Information and Information Systems
    
• 
  Experience with Joint Cybersecurity Authorization Management (JCAM) system (formerly CSAM):
  • Use of JCAM for assessment and management of security controls for DOJ ATR systems.
    
• 
  In-depth Knowledge in the following principles:
  • Account Management
  • Configuration Management
  • Vulnerability Management
  • Identity Credentials and Authorization Management
  • Contingency Plans/Planning
  • Audit and Accountability
  • Incident Response
  • Media Protection
  • Cloud Computing Environments
  • POAM Creation and Management
    

Additional Qualifications:

• Active Public Trust clearance or ability to obtain one.
• Ability to travel up to 25% for site assessments, meetings, and other required duties.
  

Original Posting: April 1, 2025
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range: Pay Range $104,650.00 - $189,175.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.