Security Control Assessor Representative (SCAR) – Cyber Ops V

• Serve as an independent assessor responsible for evaluating the effectiveness of implemented security controls across USAFA information systems in accordance with NIST SP 800-53A Rev. 5 and DoD RMF standards.
• Develop and maintain Security Assessment Plans (SAPs) for each assigned system, including assessment scope, testing schedule, security tools, control evaluation methods, and designated assessor personnel.
• Draft and coordinate Rules of Engagement (ROE) documents for penetration testing and vulnerability scanning activities to ensure alignment with mission requirements and operational constraints.
• Conduct or oversee security control assessments for management, operational, and technical controls, leveraging interviews, evidence review, technical validation, and security testing.
• Document assessment results and risk impacts in the Security Assessment Report (SAR), providing a clear summary of control effectiveness, risk posture, and any residual vulnerabilities.
• Support SAR preparation activities including:

• Vulnerability assessments and validation
• Security categorization reviews
• System Security Plan (SSP) analysis
• Risk issue resolution and remediation status reporting
• Preparation of SAR briefings, findings presentations, and meeting support materials
• Provide independent contributions to the Authorization to Operate (ATO) process by delivering the SAR, risk determinations, and supporting documentation for inclusion in the final ATO package.
• Generate draft Plan of Action and Milestones (POA&M) entries based on control deficiencies and observations documented during assessments, excluding any actions already remediated by the implementation team.
• Prepare a Residual Risk Statement with a recommendation for risk acceptance or mitigation, which feeds into the Authorizing Official's risk decision process and the Risk Acceptance Recommendation Report.
• Determine and document the risk impact of unmitigated vulnerabilities on organizational operations, mission capabilities, and other dependent systems or stakeholders.
• Contribute to the assembly of the overall security authorization package, ensuring completeness and readiness for AO review.
• Participate in and support continuous monitoring efforts, including annual control re-assessment activities, targeted testing of inherited or system-specific controls, and the documentation of monitoring results in accordance with NIST SP 800-137.
• Maintain strict independence from the ISSM, ISSO, and ISSE functions to preserve objectivity, while collaborating professionally with system owners and stakeholders to clarify findings and recommended remediation paths.

• This is an onsite position that requires work to be performed onsite in Colorado Springs, CO.
• Indoor office working conditions.

• Must be able to sit or stand for prolonged periods.
• Must be able to perform repetitive keyboard tasks and associated motions for prolonged periods.
• Must be able to carry up to 10 pounds.

• $130,000 -- $150,000 (annual) depending on qualifications

• CERTIFICATION: CISM or CISSO or CPTE or CySA+ or FITSP-A or GCSA or CISA or CISSP or CISSP-ISSEP or GSLC or GSNA.
• REQUIED EDUCATION: Bachelor of Science degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an Accreditation Board for Engineering and Technology (ABET) accredited or Certified Association Executive (CAE) designated institution.
• EXPERIENCE: At least ten years of relevant experience acting as a Security Control Assessor Representative preferably in the United States Air Force or DoD space. Must have knowledge of NIST SP 800-53A Rev. 5, SP 800-37, SP 800-137, FIPS 199, FIPS 200, risk analysis and documentation, ATO package structure.
• SECURITY CLEARANCE: Must hold an active Secret security clearance

• Health insurance
• Dental/Vision insurance
• Paid Time Off
• Short- and Long-Term Disability
• Life insurance
• 401k and match

Aleut Federal