Novul Solutions
Job Description
We are seeking a mission-driven
Security Control Assessor (SCA)
to join our cybersecurity team in Rosslyn, VA. As an SCA, you will evaluate, implement, and communicate IT security assessment strategies, while playing a critical role in supporting the Risk Management Framework (RMF) process across classified systems.
This is a 100% onsite position requiring an active TS/SCI clearance.
Primary Responsibilities:
Evaluate and implement cybersecurity assessments using standards-based practices. Analyze how security controls support system resilience, reliability, and operational change. Advise system owners on government-approved mitigation and remediation aligned with RMF processes. Apply cybersecurity triad principles (Confidentiality, Integrity, Availability) and categorize impact levels (High, Moderate, Low). Validate inherited controls from hosted or connected systems. Ensure proper compliance with Ports, Protocols, and Services (PP&S) and log file handling procedures. Promote eMASS usage for documenting Body of Evidence (BOE), POA&Ms, and cyber risk factors. Review and verify claims of "Non-Applicable" controls and Organizational Defined Values (ODVs). Validate completeness of asset inventories and alignment with compliance requirements. Requirements
Qualifications:
Bachelor's degree in Cybersecurity or related field; or any degree with an active CISSP or equivalent certification (required). 5-10 years of experience in cybersecurity with direct involvement in
RMF and Security Control Assessment
activities. Strong working knowledge of
NIST SP 800-53 controls
and their implementation in classified environments. Hands-on experience with
eMASS
for documenting compliance, POA&Ms, and security artifacts. Ability to assess risk posture, validate control effectiveness, and support audit readiness. Excellent analytical, documentation, and communication skills. Active TS/SCI clearance
and ability to work 100% onsite. Benefits Core Benefits:
Paid Time Off PTO):TEN (10) Paid days off & FIVE (5) Floating days off. Holidays: 11 Paid Holidays. Flex time can be utilized instead of holiday time usage. Payroll: Paid Bi-Monthly. 401(k): Partnered with the SECOND LARGEST Retirement plan provider in the U.S. Guaranteed 3% match. Eligibility - 21 years of age or older, after 3 months of employment Individual or company-wide performance and recognition awards (Quarterly Health Benefits:
UNITED HEALTHCARE PPO, extensive national coverage. INCLUDES: Medical/Dental/Vision/HSA. Eligible on the first of the month, immediately after the start date. Submit the enrollment form within 30 days of your start date otherwise, you will have to wait until October for the new year enrollment. Quality of Life Benefits:
Training & Career Development Reimbursement of Tuition and training needed to support career development. $150 monthly reimbursement contribution paid monthly towards parking expenses. Receipts must be submitted by the close of business on the 25th of each month. Reimbursements will be paid on the first payroll AFTER reimbursements are submitted each month. Special Benefits:
Performance bonus - Project-based Yearly bonus - Company based
Security Control Assessor (SCA)
to join our cybersecurity team in Rosslyn, VA. As an SCA, you will evaluate, implement, and communicate IT security assessment strategies, while playing a critical role in supporting the Risk Management Framework (RMF) process across classified systems.
This is a 100% onsite position requiring an active TS/SCI clearance.
Primary Responsibilities:
Evaluate and implement cybersecurity assessments using standards-based practices. Analyze how security controls support system resilience, reliability, and operational change. Advise system owners on government-approved mitigation and remediation aligned with RMF processes. Apply cybersecurity triad principles (Confidentiality, Integrity, Availability) and categorize impact levels (High, Moderate, Low). Validate inherited controls from hosted or connected systems. Ensure proper compliance with Ports, Protocols, and Services (PP&S) and log file handling procedures. Promote eMASS usage for documenting Body of Evidence (BOE), POA&Ms, and cyber risk factors. Review and verify claims of "Non-Applicable" controls and Organizational Defined Values (ODVs). Validate completeness of asset inventories and alignment with compliance requirements. Requirements
Qualifications:
Bachelor's degree in Cybersecurity or related field; or any degree with an active CISSP or equivalent certification (required). 5-10 years of experience in cybersecurity with direct involvement in
RMF and Security Control Assessment
activities. Strong working knowledge of
NIST SP 800-53 controls
and their implementation in classified environments. Hands-on experience with
eMASS
for documenting compliance, POA&Ms, and security artifacts. Ability to assess risk posture, validate control effectiveness, and support audit readiness. Excellent analytical, documentation, and communication skills. Active TS/SCI clearance
and ability to work 100% onsite. Benefits Core Benefits:
Paid Time Off PTO):TEN (10) Paid days off & FIVE (5) Floating days off. Holidays: 11 Paid Holidays. Flex time can be utilized instead of holiday time usage. Payroll: Paid Bi-Monthly. 401(k): Partnered with the SECOND LARGEST Retirement plan provider in the U.S. Guaranteed 3% match. Eligibility - 21 years of age or older, after 3 months of employment Individual or company-wide performance and recognition awards (Quarterly Health Benefits:
UNITED HEALTHCARE PPO, extensive national coverage. INCLUDES: Medical/Dental/Vision/HSA. Eligible on the first of the month, immediately after the start date. Submit the enrollment form within 30 days of your start date otherwise, you will have to wait until October for the new year enrollment. Quality of Life Benefits:
Training & Career Development Reimbursement of Tuition and training needed to support career development. $150 monthly reimbursement contribution paid monthly towards parking expenses. Receipts must be submitted by the close of business on the 25th of each month. Reimbursements will be paid on the first payroll AFTER reimbursements are submitted each month. Special Benefits:
Performance bonus - Project-based Yearly bonus - Company based