Security Control Assessor Job Listing at SPA in Chantilly, VA (Job ID 22869)

Description

Overview

Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing Results that Matter. Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission. SPA: Objective. Responsive. Trusted.  

The Space and Intelligence Division provides professional services to the US Space Force, Combatant Commands, Intelligence Community, and NASA. Our work includes enterprise architectural assessments, systems engineering and integration, test, planning and execution, cost estimating and analysis, acquisition support, and cybersecurity.  We are trusted partners developing approaches and concepts to meet emerging high priority needs, assessing cutting-edge technologies, and supporting capabilities for our National Defense.  Come join the fastest growing Division at Systems Planning and Analysis, Inc.

The Strategic Technology Analysis Group, part of SPA's Space and Intelligence Division, offers sophisticated capabilities (people, process & tools) to resolve unique problems in space, cyber, and special operations in support to military services, Secretary of Defense offices (OSD) and theater warfighters.  Our portfolio includes the Assistant Secretary of Air Force for Space Acquisition & Integration (SAF/SQ), Joint Warfare Analysis Center (JWAC), Space Security and Defense Program (SSDP), National Space Defense Center (NSDC), Space Warfighting Analysis Center (SWAC), Strategic Capabilities Office (SCO), US Space Command (USSPACECOM) and US Space Force (USSF).  Come be a part of a high-speed low-drag organization providing unique and tailored solutions for our National Defense!

SPA has an immediate need for a Security Control Assessor (SCA).

The successful candidate will provide expert-level cybersecurity analysis, engineering, and assessment services for complex, multi-domain systems. This role acts as a senior technical advisor and Security Control Assessor (SCA), specializing in integrating security throughout the system lifecycle, translating technical risks into mission-impact statements, and guiding the implementation of advanced security architectures.

Key duties associated with this role include but are not limited to the following:

• Provide strategic cybersecurity guidance and participate in technical reviews (e.g., SRR, PDR, CDR) to ensure security is integrated from the initial design phase and throughout the system.
• Execute the Risk Management Framework (RMF) process, providing risk determinations and recommendations to the Authorizing Official (AO).
• Execute the RMF process across Federal, DoD, and IC policies in the capacity of a SCA, providing continuous risk determinations and actionable recommendations directly to the AO.
• Conduct deep technical validation of security controls by reviewing vulnerability scans (e.g., ACAS/Nessus), STIG checklists, and penetration test reports to correlate findings with operational mission risk.
• Evaluate the security performance, integrity, and residual risk of diverse and complex architectures, including Platform Information Technology (PIT), cloud environments, communication networks, and satellite control systems.
• Guides the adoption and implementation of DoD Zero Trust principles and provides specialized expertise in the design and evaluation of Cross Domain Solutions (CDS).
• Function as a technical liaison between engineering teams, program leadership, and external government and industry partners.

Minimum Qualifications:

• Active TS clearance with SCI and SAP eligibility
• Minimum of 12 years of demonstrated experience in IT, Cybersecurity Engineering, and/or Assessment & Authorization (A&A)
• Current certification compliant with DoD 8140.01 for IAT Level III or IAM Level III (CISSP, CISM, GSLC, CASP+CE)
• Must have proven hands-on experience with systems integration, enterprise networks, cloud computing systems, or Platform IT architectures
• Ability to travel 1-2x per year
• Ability to report to designated work location in Chantilly, up to full time, based on the needs of the customer

Desired Qualifications

• Ample experience with Special Access Program (SAP) and Sensitive Compartmentalized Information (SCI) strongly preferred

Minimum Qualifications:

• Active TS clearance with SCI and SAP eligibility
• Minimum of 12 years of demonstrated experience in IT, Cybersecurity Engineering, and/or Assessment & Authorization (A&A)
• Current certification compliant with DoD 8140.01 for IAT Level III or IAM Level III (CISSP, CISM, GSLC, CASP+CE)
• Must have proven hands-on experience with systems integration, enterprise networks, cloud computing systems, or Platform IT architectures
• Ability to travel 1-2x per year
• Ability to report to designated work location in Chantilly, up to full time, based on the needs of the customer

Desired Qualifications

• Ample experience with Special Access Program (SAP) and Sensitive Compartmentalized Information (SCI) strongly preferred

The successful candidate will provide expert-level cybersecurity analysis, engineering, and assessment services for complex, multi-domain systems. This role acts as a senior technical advisor and Security Control Assessor (SCA), specializing in integrating security throughout the system lifecycle, translating technical risks into mission-impact statements, and guiding the implementation of advanced security architectures.

Key duties associated with this role include but are not limited to the following:

• Provide strategic cybersecurity guidance and participate in technical reviews (e.g., SRR, PDR, CDR) to ensure security is integrated from the initial design phase and throughout the system.
• Execute the Risk Management Framework (RMF) process, providing risk determinations and recommendations to the Authorizing Official (AO).
• Execute the RMF process across Federal, DoD, and IC policies in the capacity of a SCA, providing continuous risk determinations and actionable recommendations directly to the AO.
• Conduct deep technical validation of security controls by reviewing vulnerability scans (e.g., ACAS/Nessus), STIG checklists, and penetration test reports to correlate findings with operational mission risk.
• Evaluate the security performance, integrity, and residual risk of diverse and complex architectures, including Platform Information Technology (PIT), cloud environments, communication networks, and satellite control systems.
• Guides the adoption and implementation of DoD Zero Trust principles and provides specialized expertise in the design and evaluation of Cross Domain Solutions (CDS).
• Function as a technical liaison between engineering teams, program leadership, and external government and industry partners.