Senior Security Control Assessor

Title: Senior Security Control Assessor

Location: Washington United States

Job Description:

Apply

Job Type

Full-time

Description

MBL Technologies, Inc. offers a diverse set of management and technology consulting services to Federal government and commercial markets. Our solutions are tailored to support each client's mission, accounting for their unique needs and operating environments to ensure success. We bring the right people, capabilities, and expertise together to assist our clients with enabling their mission. Together our individual differences drive successful business results.

If you are transitioning from military to civilian life, have prior service, are a retired veteran, or a member of the National Guard or Reserves, or spouse of an active military service member, we encourage you to apply. Please visit our webpage for information on our policies and benefits for the military and veteran community.

Why Work with Us?

• We trust, empower, and believe in our employees to soar to their fullest potential!
• We offer a robust benefits package (medical, dental, vision, STD, Accident, Life, Hospital Insurance, FSA, HSA, 401K match, professional development stipend, etc.).
• We love to have fun and give back to the community. Community Service and Employee Engagement events are atop our calendar events!
• We genuinely like each other and champion everyone to achieve their own greatness!

MBL Technologies is seeking a highly skilled Senior Security Control Assessor (SCA) to support a federal contract. This role is mostly remote; however, it will require occasional onsite meetings in the Arlington area. With no travel reimbursements allocated. This role is contingent based on contract award.

The Senior Security Control Assessor (SCA) conducts independent, comprehensive assessments of the management, operational, and technical security/privacy controls employed within or inherited by an information technology (IT) system to evaluate overall control effectiveness, as defined in NIST SP 800-37. The SCA ensures IT systems meet organizational, regulatory, and compliance standards while balancing mission goals with security requirements.

Key Responsibilities:

• Perform security reviews to identify architectural gaps and provide recommendations for risk mitigation.
• Conduct risk analyses (e.g., threats, vulnerabilities, probability of occurrence) during significant system/application changes.
• Plan and execute security authorization reviews, assurance case development, and audits for system installations and networks.
• Provide input to the Risk Management Framework (RMF) and related documentation, including lifecycle support plans, CONOPS, and operational procedures.
• Review authorization packages and assurance documents to confirm risk levels are acceptable for systems, applications, and networks.
• Verify that system, network, and application security postures are implemented as designed, documenting deviations and recommending corrective actions.
• Perform security reviews to identify architectural gaps and provide recommendations for risk mitigation.
• Assess the effectiveness of implemented security controls across management, operational, and technical areas.
• Support compliance activities by ensuring security configuration guidelines and standards are followed.
• Evaluate configuration management and release processes for security impacts.
• Define/document how new systems or interfaces affect the organization's current security posture.
• Develop security compliance processes and perform audits of external services (e.g., CSPs, data centers).
• Ensure Plans of Action & Milestones (POA&Ms) and remediation plans are established for vulnerabilities.
• Participate in Risk Governance processes by presenting risks, mitigations, and technical assessments.
• Support acquisition and procurement efforts to ensure information security requirements are integrated.
• Produce reports, briefings, and technical documentation reflecting assessment results and recommendations.

Required Experience & Skills:

• 7+ years of relevant IT/cybersecurity experience.
• Advanced degree in a technical/cyber-related field (or equivalent experience/certifications).
• Proficiency in assessing security controls against standards (e.g., NIST SP 800-53, CIS CSC, Cybersecurity Framework).
• Strong skills in vulnerability scanning, penetration testing principles, and interpreting results.
• Ability to conduct risk, impact, and compliance assessments.
• Skill in technical documentation, briefings, and audit reporting.
• Proficiency in security architecture review and system design evaluation.
• Knowledge of secure coding principles and application security (e.g., OWASP Top 10).
• Experience applying confidentiality, integrity, and availability principles to systems and networks.
• Familiarity with compliance frameworks and security assessment tools.
• Strong analytical, technical writing, and communication skills are essential.

Required Abilities:

• Ability to evaluate and synthesize risk assessment data into actionable findings.
• Ability to clearly communicate technical and risk information to technical and non-technical audiences.
• Ability to assess vulnerabilities and recommend corrective actions.
• Ability to apply judgment in ambiguous or evolving situations.
• Ability to interpret and apply relevant cybersecurity laws, regulations, and policies.
• Ability to collaborate across teams and work effectively with external service providers.
• Ability to design, conduct, and evaluate test plans, assessments, and compliance audits.
• Ability to lead complex assessments, provide strategic recommendations, and advise leadership on enterprise-wide security control effectiveness.

Required Knowledge:

• Risk Management Framework (RMF) and Security Assessment & Authorization (SA&A) processes.
• Security architecture concepts, enterprise reference models, and assessment methodologies.
• Network security protocols, models, and configurations (including defense-in-depth).
• Working knowledge of government compliance standards and assessment processes.
• Cyber threats, vulnerabilities, and operational impacts of lapses.
• Information security principles and methods (e.g., encryption, access control, PKI).
• Applicable laws, directives, and compliance requirements (e.g., NIST SP 800-161, FISMA, FedRAMP).
• System and application security threats (e.g., injection flaws, cross-site scripting, buffer overflow).
• IT supply chain security and risk management practices.
• Cyber defense and vulnerability assessment tools.

MILITARY OCCUPATIONAL SPECIALTY CODES (MOS codes):

170A, 170D, 17A, 17B, 17C, 17D, 24B, 25B, 47D, 94F, IT, 17 5309, 6203, 9735, 9740, 9890, 9891

CORPORATE CITIZEN:

MBL Technologies' vision is to make a positive difference - for our people, our customers, and our communities. As such, a commitment to service and excellence has been woven into the very fabric of our culture. MBL employees demonstrate a willingness to consistently go above and beyond and strive for excellence in all we do - championing, protecting, and celebrating the core business through the mission, vision, and values. All are expected to be good corporate citizens, supporting one another and internal corporate initiatives to build a stable business platform and ensure lasting company success.

Benefits:

MBL Technologies offers a competitive salary adjusted for candidate qualifications partnered with an industry-leading benefits package. This package includes incentive plans with corporate and individual-based performance bonuses, 401K, PTO, remote work, health and wellness programs, employee discounts, and learning and development reimbursement.

EEO STATEMENT:

MBL Technologies is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or protected veteran status.