Booz Allen
SecurityControlAssessor,Senior
Neural analysis suggests this role is
optimal for Senior candidates.
“Security Control Assessor, Senior at Booz Allen. Skills: Security Control Assessment, NIST Risk Management Framework (RMF), vulnerability assessment, configuration compliance assessment, POA&Ms, RMF Steps 4-6. Conduct independent assessments of management, operational, and technical security controls for client information systems in accordance with the NIST Risk Management Framework (RMF). Perform technical evaluations of General Support Systems (GSS) and applications using both manual and auto”
Industry & Context.
identify weaknesses; evaluate the severity of vulnerabilities; develop and deliver actionable recommendations for corrective measures
Ability to obtain a Secret clearance, identity verification process that leverages advanced biometrics and artificial intelligence, expected to be on camera during interviews and assessments, may still be occasions when you are required to work in person at a Booz Allen or customer facility
What They're Looking For.
Must Have
5+ years of experience performing security assessments of federal systems to ensure compliance with NIST SP 800‑53 Rev. 5, NIST SP 800‑37 Rev. 1, and agency-specific requirements, Experience conducting vulnerability assessments and analyzing scan results using Tenable Nessus, Web Inspect, and Fortify, Experience performing manual and automated configuration compliance assessments using Tenable Nessus and STIGs, including analysis of compliance findings, Experience working with POA&Ms, including drafting detailed vulnerability descriptions, impact analyses, and risk mitigation strategies, and supporting RMF Steps 4-6 Assess, Authorize, and Monitor for federal applications and GSSs, Experience assessing IT infrastructure such as network appliances, firewalls, IDS/IPS, or end-user devices for vulnerabilities and configuration compliance, Knowledge of cybersecurity principles for managing risks associated with processing, storing, and transmitting information, Ability to develop clear, comprehensive documentation, Ability to obtain a Secret clearance, HS diploma or GED, CISSP, CISA, CAP, or GSNA Certification
Nice to Have
Knowledge of security principles and risk considerations for Industrial Control Systems (ICS), Knowledge of network security architecture, including topologies, protocols, components, and defense‑in‑depth principles, Possession of excellent verbal and written communication skills
What You'll Do.
Conduct independent assessments of management
and technical security controls for client information systems in accordance with the NIST Risk Management Framework (RMF)
Perform technical evaluations of General Support Systems (GSS) and applications using both manual and automated methods to verify proper security control implementation and configuration
Assess the effectiveness of security controls
and evaluate the severity of vulnerabilities across the system and its operating environment
Develop and deliver actionable recommendations for corrective measures
Create and review all Security Control Assessment (SCA) artifacts
including the Security Assessment Plan (SAP)
Security Assessment Report (SAR)
and Security Configuration Report (SCR)
How You'll Work.
Communication Scope
excellent verbal and written communication skills; develop clear, comprehensive documentation
Full Job Description
Security Control Assessor, Senior **The Opportunity:** Conduct independent assessments of management, operational, and technical security controls for client information systems in accordance with the NIST Risk Management Framework (RMF). Perform technical evaluations of General Support Systems (GSS) and applications using both manual and automated methods to verify proper security control implementation and configuration. Assess the effectiveness of security controls, identify weaknesses, and evaluate the severity of vulnerabilities across the system and its operating environment. Develop and deliver actionable recommendations for corrective measures. Create and review all Security Control Assessment (SCA) artifacts, including the Security Assessment Plan (SAP), Security Assessment Report (SAR), and Security Configuration Report (SCR). **You Have:** * 5+ years of experience performing security assessments of federal systems to ensure compliance with NIST SP 800‑53 Rev. 5, NIST SP 800‑37 Rev. 1, and agency-specific requirements * Experience conducting vulnerability assessments and analyzing scan results using Tenable Nessus, Web Inspect, and Fortify * Experience performing manual and automated configuration compliance assessments using Tenable Nessus and STIGs, including analysis of compliance findings * Experience working with POA&Ms, including drafting detailed vulnerability descriptions, impact analyses, and risk mitigation strategies, and supporting RMF Steps 4-6 Assess, Authorize, and Monitor for federal applications and GSSs * Experience assessing IT infrastructure such as network appliances, firewalls, IDS/IPS, or end-user devices for vulnerabilities and configuration compliance * Knowledge of cybersecurity principles for managing risks associated with processing, storing, and transmitting information * Ability to develop clear, comprehensive documentation * Ability to obtain a Secret clearance * HS diploma or GED * CISSP, CISA, CAP, or GSNA Certification **N
Applying for this Security Control Assessor, Senior role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about Booz Allen?
Real rants from real employees. Read before you apply.