neteffects
Security Control Assessor (Cyber Operations IV)
neteffects, Washington, District of Columbia, us, 20022
Security Control Assessor (Cyber Operations IV)
Location:
Washington, DC (5 days/week on-site) Clearance:
Public Trust (DOJ preferred) Employment Type:
Contingent / Contract (Potential Leidos FTE) Duration:
6 months with possible extension Hours:
40 hours/week Travel:
Occasional, up to 25%
Role Summary The Security Control Assessor will support the Department of Justice (DOJ) ATR program by performing comprehensive security control assessments using the NIST Risk Management Framework (RMF). This role is responsible for evaluating the security posture of federal information systems, identifying risks, and providing actionable recommendations to ensure compliance with federal cybersecurity standards. The position requires strong technical expertise, independent execution, and close collaboration with Information System Security Officers (ISSOs) and other stakeholders. This is a fully on-site role based in Washington, DC.
Key Responsibilities
Perform security control assessments using the
NIST Risk Management Framework (RMF)
for DOJ ATR systems.
Utilize the
Joint Cybersecurity Authorization Management (JCAM)
system (formerly
CSAM ) to conduct assessments, manage security controls, and document recommendations.
Collaborate with
Information System Security Officers (ISSOs)
and cross-functional teams to gather required system information.
Develop, maintain, and manage
Plans of Actions and Milestones (POAMs) , including mitigation recommendations.
Review and assess system security documentation, including
System Security Plans (SSPs) , security assessment reports, and continuous monitoring artifacts.
Conduct
vulnerability management
activities, including validation of remediation efforts and control effectiveness.
Provide security recommendations across domains such as:
Account management
Configuration management
Incident response
Cloud computing environments
Contingency planning
Maintain up-to-date knowledge of
federal security requirements
and
industry cybersecurity standards .
Work independently while remaining adaptable to shifting priorities and tasking.
Provide technical input that supports operational planning, training, exercises, and integrated cyber operations.
Serve as a technical leader on complex cybersecurity initiatives and mentor other technical staff as required.
Required Technical Skills
NIST Risk Management Framework (RMF)
expertise, including:
NIST SP 800-53 Rev. 5 – Security and Privacy Controls
NIST SP 800-53A Rev. 5 – Assessing Security and Privacy Controls
NIST SP 800-37 Rev. 2 – RMF for Information Systems and Organizations
NIST SP 800-137 – Information Security Continuous Monitoring (ISCM)
NIST SP 800-18 Rev. 1 – Developing Security Plans
FIPS 199 – Security Categorization of Federal Information
FIPS 200 – Minimum Security Requirements
Hands‑on experience with
Joint Cybersecurity Authorization Management (JCAM / CSAM)
for federal systems.
In‑depth knowledge of the following security domains:
Account Management
Configuration Management
Vulnerability Management
Identity, Credential, and Access Management (ICAM)
Contingency Planning
Audit and Accountability
Incident Response
Media Protection
Cloud Computing Environments
POAM creation and management
Preferred / Nice‑to‑Have Skills
Experience supporting
Federal Law Enforcement Agency (FLEA)
organizations (preferred but not required).
Existing
DOJ Public Trust clearance
(preferred).
Qualifications & Experience
Bachelor’s degree
with 8+ years of relevant experience
(additional experience may be considered in lieu of a degree).
Minimum of 3–5 years
performing security control assessments using
NIST RMF .
Ability to communicate complex security concepts to technical and non-technical stakeholders, including senior leadership.
Strong analytical, investigative, and problem‑solving capabilities.
U.S. citizenship required.
Active Public Trust clearance or ability to obtain one
(clearance processing may take up to 16 weeks).
Willingness to undergo background screening, including personal disclosure and soft credit check.
Ability to travel
up to 25%
for site assessments and meetings.
About the Team / Company This role supports
Leidos’ Digital Modernization group , delivering cybersecurity and risk management services for the
Department of Justice (DOJ) . The team focuses on safeguarding mission‑critical federal systems through advanced cyber operations, compliance, and continuous monitoring, while enabling secure and resilient government IT environments.
#J-18808-Ljbffr
Washington, DC (5 days/week on-site) Clearance:
Public Trust (DOJ preferred) Employment Type:
Contingent / Contract (Potential Leidos FTE) Duration:
6 months with possible extension Hours:
40 hours/week Travel:
Occasional, up to 25%
Role Summary The Security Control Assessor will support the Department of Justice (DOJ) ATR program by performing comprehensive security control assessments using the NIST Risk Management Framework (RMF). This role is responsible for evaluating the security posture of federal information systems, identifying risks, and providing actionable recommendations to ensure compliance with federal cybersecurity standards. The position requires strong technical expertise, independent execution, and close collaboration with Information System Security Officers (ISSOs) and other stakeholders. This is a fully on-site role based in Washington, DC.
Key Responsibilities
Perform security control assessments using the
NIST Risk Management Framework (RMF)
for DOJ ATR systems.
Utilize the
Joint Cybersecurity Authorization Management (JCAM)
system (formerly
CSAM ) to conduct assessments, manage security controls, and document recommendations.
Collaborate with
Information System Security Officers (ISSOs)
and cross-functional teams to gather required system information.
Develop, maintain, and manage
Plans of Actions and Milestones (POAMs) , including mitigation recommendations.
Review and assess system security documentation, including
System Security Plans (SSPs) , security assessment reports, and continuous monitoring artifacts.
Conduct
vulnerability management
activities, including validation of remediation efforts and control effectiveness.
Provide security recommendations across domains such as:
Account management
Configuration management
Incident response
Cloud computing environments
Contingency planning
Maintain up-to-date knowledge of
federal security requirements
and
industry cybersecurity standards .
Work independently while remaining adaptable to shifting priorities and tasking.
Provide technical input that supports operational planning, training, exercises, and integrated cyber operations.
Serve as a technical leader on complex cybersecurity initiatives and mentor other technical staff as required.
Required Technical Skills
NIST Risk Management Framework (RMF)
expertise, including:
NIST SP 800-53 Rev. 5 – Security and Privacy Controls
NIST SP 800-53A Rev. 5 – Assessing Security and Privacy Controls
NIST SP 800-37 Rev. 2 – RMF for Information Systems and Organizations
NIST SP 800-137 – Information Security Continuous Monitoring (ISCM)
NIST SP 800-18 Rev. 1 – Developing Security Plans
FIPS 199 – Security Categorization of Federal Information
FIPS 200 – Minimum Security Requirements
Hands‑on experience with
Joint Cybersecurity Authorization Management (JCAM / CSAM)
for federal systems.
In‑depth knowledge of the following security domains:
Account Management
Configuration Management
Vulnerability Management
Identity, Credential, and Access Management (ICAM)
Contingency Planning
Audit and Accountability
Incident Response
Media Protection
Cloud Computing Environments
POAM creation and management
Preferred / Nice‑to‑Have Skills
Experience supporting
Federal Law Enforcement Agency (FLEA)
organizations (preferred but not required).
Existing
DOJ Public Trust clearance
(preferred).
Qualifications & Experience
Bachelor’s degree
with 8+ years of relevant experience
(additional experience may be considered in lieu of a degree).
Minimum of 3–5 years
performing security control assessments using
NIST RMF .
Ability to communicate complex security concepts to technical and non-technical stakeholders, including senior leadership.
Strong analytical, investigative, and problem‑solving capabilities.
U.S. citizenship required.
Active Public Trust clearance or ability to obtain one
(clearance processing may take up to 16 weeks).
Willingness to undergo background screening, including personal disclosure and soft credit check.
Ability to travel
up to 25%
for site assessments and meetings.
About the Team / Company This role supports
Leidos’ Digital Modernization group , delivering cybersecurity and risk management services for the
Department of Justice (DOJ) . The team focuses on safeguarding mission‑critical federal systems through advanced cyber operations, compliance, and continuous monitoring, while enabling secure and resilient government IT environments.
#J-18808-Ljbffr