Security Control Assessor

Leidos is seeking multiple Security Control Assessors to support our assessment team. These positions can be based out of any of our three locations - Alexandria, VA, Fort Meade, MD, or Chambersburg, PA. These positions are primarily on-site, but partial telework may be available at the discretion of our customer and program management. Significant travel may be required.

Responsibilities:

• Conduct cybersecurity assessments, audits, and inspections for DoD organizations and partners handling DoD information or connecting to the DoDIN. 
• Evaluate systems and Defensive Cyberspace Operations using cyber threat emulation and performance-based testing. 
• Adhere to policies and processes for each assessment type. 
• Support assessment development and execution to ensure security expertise is properly applied. 
• Coordinate logistics, test plans, and scope with the SCA Team Lead. 
• Perform vulnerability assessments, capture results using STIG Viewer or designated tools, and document findings in eMASS. 
• Analyze security gaps and provide mitigation recommendations. 
• Validate cybersecurity controls, TTPs, STIGs, RMF controls, and compliance with DoD policies and guidelines.  
• Provide risk analysis and assessment results for authorization recommendations. 
• Participate in daily assessment reviews, in-briefs, and out-briefs, sharing findings with the SCA-R. 
• If senior staff, mentor and guide personnel by providing technical expertise, best practices, and professional development support to enhance team capabilities and knowledge

Basic Qualifications:

• Active DoD Top Secret clearance with SCI eligibility required
• Current DoD 8570 IAM II or IAT II certification 
• Strong written and verbal communication skills for reporting assessment findings
• Ability and willingness to travel for assessments as required,, up to 80%
• Education and experience as required per job level:
  • Level I:
    • Bachelor's degree (IT-related field preferred) and three (3) years of cybersecurity or network security experience. Additional relevant experience may be considered in lieu of degree.
    • Familiarity with STIGs (Security Technical Implementation Guides), Plan of Action and Milestones (POA&Ms) and cybersecurity best practices, and relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS
    • Understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253
  • Level II:
    • Bachelor's degree (IT-related field preferred) and five (5) years of cybersecurity or network security experience. Additional relevant experience may be considered in lieu of degree.
    • Three (3) years of experience in a Certification and Accreditation/A&A role
    • Demonstrated experience with STIGs, SRGs, POA&Ms and cybersecurity best practices, as well as relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS 
      Strong understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253, as well as key technologies areas/domain such as: Network, Mobility, Windows, UNIX, Cloud Environments and Cloud Native Tools/Services, Host Based Security System (HBSS)/Endpoint Security Solutions (ESS), Databases, Applications 
  • Level III:
    • Bachelor's degree (IT-related field preferred) and eight (8) years of cybersecurity or network security experience. Additional relevant experience may be considered in lieu of degree.
    • Five (5) years of experience in a Certification and Accreditation/A&A role 
    • Demonstrated experience with STIGs, SRGs, POA&Ms and cybersecurity best practices, as well as relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS 
    • Advanced understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253, as well as key technologies areas/domain such as: Network, Mobility, Windows, UNIX, Cloud Environments and Cloud Native Tools/Services, Host Based Security System (HBSS)/Endpoint Security Solutions (ESS), Databases, Applications 

Original Posting:

July 8, 2025

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $67,600.00 - $122,200.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.