Senior Security Control Assessor
Company: SkyePoint Decisions
Location: Washington
Posted on: February 17, 2026
|
|
|
Job Description:
Job Description Job Description SkyePoint Decisions is a leading
Cybersecurity Architecture and Engineering, Critical Infrastructure
and Operations, and Applications Development and Maintenance IT
service provider headquartered in Dulles, Virginia with operations
across the U.S. We provide innovative enterprise-wide solutions as
well as targeted services addressing the complex challenges faced
by our federal government clients. Our focus is on enabling our
clients to deliver their mission most efficiently and effectively –
anytime, anywhere, securely. We combine technical expertise,
mission awareness, and an empowered workforce to produce meaningful
results. This is a contingent position based upon customer
approval. SkyePoint Decisions is seeking a Senior Security Control
Assessor to join our team supporting a government contract. This is
a remote position. Responsibilities: Perform security reviews to
identify architectural gaps and provide recommendations for risk
mitigation. Conduct risk analyses (e.g., threats, vulnerabilities,
probability of occurrence) during significant system/application
changes. Plan and execute security authorization reviews, assurance
case development, and audits for system installations and networks.
Provide input to the Risk Management Framework (RMF) and related
documentation, including lifecycle support plans, CONOPS, and
operational procedures. Review authorization packages and assurance
documents to confirm risk levels are acceptable for systems,
applications, and networks. Verify that system, network, and
application security postures are implemented as designed,
documenting deviations and recommending corrective actions. Perform
security reviews to identify architectural gaps and provide
recommendations for risk mitigation. Assess the effectiveness of
implemented security controls across management, operational, and
technical areas. Support compliance activities by ensuring security
configuration guidelines and standards are followed. Evaluate
configuration management and release processes for security
impacts. Define/document how new systems or interfaces affect the
organization's current security posture. Develop security
compliance processes and perform audits of external services (e.g.,
CSPs, data centers). Ensure Plans of Action & Milestones
(POA&Ms) and remediation plans are established for
vulnerabilities. Participate in Risk Governance processes by
presenting risks, mitigations, and technical assessments. Support
acquisition and procurement efforts to ensure information security
requirements are integrated. Produce reports, briefings, and
technical documentation reflecting assessment results and
recommendations. Required Qualifications: Must be able to obtain a
High Risk/Public Trust Security Clearance 7 years of relevant
IT/cybersecurity experience. Certification in one of the following:
A, Net, or Security Degree in a technical/cyber-related field (or
equivalent experience/certifications). Proficiency in assessing
security controls against standards (e.g., NIST SP 800-53, CIS CSC,
Cybersecurity Framework). Strong skills in vulnerability scanning,
penetration testing principles, and interpreting results. Ability
to conduct risk, impact, and compliance assessments. Skill in
technical documentation, briefings, and audit reporting.
Proficiency in security architecture review and system design
evaluation. Knowledge of secure coding principles and application
security (e.g., OWASP Top 10). Experience applying confidentiality,
integrity, availability, authenticity, and non-repudiation
principles to systems and networks. Familiarity with compliance
frameworks and security assessment tools. Strong analytical,
technical writing, and communication skills are essential.
Knowledge of Risk Management Framework (RMF) and Security
Assessment & Authorization (SA&A) processes. Knowledge of
security architecture concepts, enterprise reference models, and
assessment methodologies. Knowledge of network security protocols,
models, and configurations (including defense-in-depth). Working
knowledge of government compliance standards and assessment
processes. Knowledge of cyber threats, vulnerabilities, and
operational impacts of lapses. Knowledge of information security
principles and methods (e.g., encryption, access control, PKI).
Knowledge of applicable laws, directives, and compliance
requirements (e.g., NIST SP 800-161, FISMA, FedRAMP). Knowledge of
system and application security threats (e.g., injection flaws,
cross-site scripting, buffer overflow). Knowledge of IT supply
chain security and risk management practices. Knowledge of cyber
defense and vulnerability assessment tools. Working knowledge of
IRS Safeguards Must be a U.S. citizen. Preferred Qualifications:
Active Secret or Top Secret security clearance. CISSP or CISM
Ability to evaluate and synthesize risk assessment data into
actionable findings. Ability to clearly communicate technical and
risk information to technical and non-technical audiences. Ability
to assess vulnerabilities and recommend corrective actions. Ability
to apply judgment in ambiguous or evolving situations. Ability to
interpret and apply relevant cybersecurity laws, regulations, and
policies. Ability to collaborate across teams and work effectively
with external service providers. Ability to design, conduct, and
evaluate test plans, assessments, and compliance audits. Ability to
lead complex assessments, provide strategic recommendations, and
advise leadership on enterprise-wide security control
effectiveness. Compensation: Salary Range: TBD The SkyePoint
Decisions salary range for this position is a general guideline
only. It represents an estimated range for this position and is
just one piece of our total compensation package. Salary at
SkyePoint is determined by various factors, including but not
limited to location, work schedule, the candidate's combination of
education, knowledge, skills, competencies, and experience, as well
as contract-specific affordability, market data and business
considerations. In addition to a competitive salary, SkyePoint
offers benefits including a certification incentive program, PTO,
floating federal holiday options, several insurance options
including HMO and High Deductible plans with Health Savings
Accounts [HSAs], Flex Spending Accounts [FSAs], Full Dental Plans,
Vision, ST/LT Disability, Life Insurance, and 401k matched. What We
Can Offer You: At SkyePoint, we go B.I.G. (beginning in GRATITUDE)
by recognizing all we have and giving back to our employees,
families, and communities. It instills a positive mindset that
permeates all we do. By beginning in gratitude, SkyePoint can
continue to spread living in gratitude each day. Great Benefits:
Several insurance options including HMO and High Deductible plans
with Health Savings Accounts [HSAs], Flex Spending Accounts [FSAs],
Full Dental Plans, ST/LT Disability, Life Insurance, floating
federal holiday options, and 401k matched Certificate Incentive
Program: To promote professional development, we recognize and
reward employees who obtain new certifications aligned with
business needs. Flexible Work Environment SkyePoint Decisions is an
established ISO 9001:2015 and ISO/IEC 27001:2013 certified small
business and appraised at CMMI Level 3 for Services and
Development. We possess a common vision of excellence and foster a
collaborative team culture built upon individual performance and
accountability. We invest in our people and systems to create value
for our clients. It is the SkyePoint Way. We are grateful for the
opportunity to work with exceptional people and give back to the
communities we serve. Our employees value the flexibility at
SkyePoint that allows them to balance quality work and their
personal lives. SkyePoint Decisions is a participating E-Verify
Employer. U.S. Citizenship is required for most positions. Equal
Opportunity Employer/Veterans/Disabled. CCPA Disclosure Notice
Here
Keywords: SkyePoint Decisions, Wheaton-Glenmont , Senior Security Control Assessor, IT / Software / Systems , Washington, Maryland
