Security Controls Assessor Representative (SCAR), Journeyman

About The Position

Requirements

• Citizenship: Must be a US citizen
• Clearance: Top Secret
• Education: Bachelor’s degree or master’s degree in a related field and at least three years of experience in the respective technical / professional discipline being performed, three of which must be in the DoD.
• OR, seven years of directly related experience with proper certifications as described in the PWS labor category performance requirements, five of which must be in the DoD.
• Proficiency with Risk Management Frameworks (RMF) and NIST 800‑37 security control assessment methodologies.
• Hands-on experience with Digital Engineering tools, including SysML modeling and Cameo/MagicDraw environments.
• Ability to evaluate, document, and verify cybersecurity posture across applications, systems, and networks, including vulnerability identification and control validation.
• Technical expertise in developing and assessing cybersecurity risk, compliance, and assurance requirements across software, system, and network architectures.
• Strong communication skills with the ability to clearly convey technical findings to both technical and non‑technical stakeholders.
• Collaborative mindset with experience working across cross‑functional engineering, cybersecurity, and program teams.
• Skilled at building trust and maintaining professional relationships with government counterparts and contractor teams.
• Able to navigate complex discussions, provide constructive feedback, and support consensus‑building during risk and compliance reviews.

Nice To Haves

• Highly recommended certification: CISSP (Certified Information Systems Security Professional).

Responsibilities

• Demonstrated experience in acquisition platforms, cybersecurity, Risk Management Frameworks (RMF), cybersecurity strategy, cyber‑resilient System‑of‑Systems development, systems engineering, network engineering, and technical interface design.
• Must meet all education, training, and certification requirements in DoDM 8140.03 for Intermediate Proficiency Security Control Assessor.
• Required certification: CAP/CGRC (Certified Authorization Professional / Certified in Governance, Risk & Compliance).
• Highly recommended certification: CISSP (Certified Information Systems Security Professional).
• Support Digital Engineering and Digital Materiel Management efforts, including SysML and Cameo.
• Conduct independent, comprehensive assessments of management, operational, and technical security controls in accordance with NIST 800‑37.
• Develop methods to monitor and measure risk, compliance, and assurance.
• Develop specifications ensuring risk, compliance, and assurance efforts meet security, resilience, and dependability requirements across software, systems, and networks.
• Draft and assess statements of preliminary and residual security risk.
• Maintain information systems assurance and accreditation materials.
• Monitor and evaluate system compliance with IT security, resilience, and dependability requirements.
• Conduct Privacy Impact Assessments (PIAs) to ensure protection of PII.
• Plan and conduct security authorization reviews and assurance case development for initial system and network installations.
• Provide accurate technical evaluations of applications, systems, and networks, documenting security posture, capabilities, and vulnerabilities.
• Recommend new or revised security, resilience, and dependability measures based on assessment results.
• Verify that security postures are properly implemented, document deviations, and recommend corrective actions.
• Ensure accreditation and assurance documentation for applications, networks, and systems is current.
• Advise the government on security and privacy risks associated with operating systems or using external systems, services, or applications.