Security Controls Assessor (SCA) Representative

About the Role

The role involves conducting independent, comprehensive assessments of management, operational, and technical security controls in accordance with NIST SP 800-37, applying RMF/CSF principles to integrated weapon systems, leading assessment and authorization (A&A) events for USSF Special Access Program/Special Access Required (SAP/SAR) authorizations, and developing Security Assessment Reports to support Authorization to Operate decisions. • Conduct independent security control assessments per NIST SP 800-37. • Lead assessment and authorization events for USSF SAP/SAR. • Prepare Security Assessment Reports to enable Authorization to Operate. • Travel 20‑50% of the time to support field activities. • Apply RMF/CSF processes across weapon system life cycles. • Perform cybersecurity gap analyses and develop risk management plans. • Maintain Body of Evidence artifacts such as POA&Ms and cybersecurity plans. • Identify and implement unique mitigations for diverse cyber challenges. • Communicate technical findings to both technical and non‑technical audiences. • Verify security integration within DevSecOps and CI/CD pipelines. • Develop metrics to monitor risk, compliance, and information assurance efforts.

Key Responsibilities

• ▸security assessment
• ▸rmf/csf
• ▸sap/sar
• ▸security report
• ▸devsecops
• ▸risk metrics

What You Bring

Candidates must hold an active TS/SCI clearance with SAP/SAR eligibility (U.S. citizen only), have prior experience as a SAP SCA or Representative, be able to travel 20‑50%, possess at least five years of Linux implementation/administration experience, and demonstrate strong knowledge of RMF/CSF processes, cybersecurity assessment skills, and the ability to produce and manage Body of Evidence artifacts. Technical proficiency in at least two security domains, strong written and oral communication, experience with DevSecOps/CI‑CD pipelines, and a CISSP certification are required. A bachelor's degree in engineering, computer science, or a related technology field is desired, along with prior law enforcement, counter‑intelligence, or cyber‑operations experience. Additional certifications such as CCSP, CEH, or AWS cloud security credentials are highly preferred. • Maintain active TS/SCI clearance with SAP/SAR eligibility. • Provide at least 5 years of Linux implementation and administration experience. • Demonstrate proficiency in two or more security domains (e.g., networks, embedded systems). • Hold CISSP certification; CCSP, CEH, or AWS security certifications are preferred.

Requirements

• ▸ts/sci
• ▸linux
• ▸cissp
• ▸devsecops
• ▸rmf/csf
• ▸bachelor’s

Benefits

This full‑time, on‑site position offers a standard 40‑hour work week, a salary range of $160,000‑$180,000 (Colorado), up to 20‑50% travel, and a comprehensive benefits package that includes 401(k) match, medical/dental/vision coverage, life and AD&D insurance, flexible spending accounts, disability insurance, paid time off, flexible work schedules, and professional development opportunities.

Work Environment

Onsite