Job Family:

Travel Required:

Clearance Required:

What You Will Do:

The Security Assessor supports security and privacy control assessments for public‑sector systems by evaluating control effectiveness, validating evidence, and contributing to formal assessment documentation under the direction of a Senior Security Assessor.

This role is primarily focused onassessmentexecution and documentation; however, it also provides exposure to more technical aspects of system architecture and control implementation. Candidates shoulddemonstratecuriosity and interest in expanding their skillset towardsecurity engineering, automation, and emergingAIenabledapproaches to compliance and assessment activities.

This role focuses on assessment execution and documentation, not system engineering or operational security responsibilities.

Key job responsibilities include the following:

• Perform security and privacy control assessments in accordance with established assessment plans
• Review security documentation and technical evidence
• Validate control implementation through:
  • Evidence inspection
  • Architecture and system documentation review
  • Interviews with system owners and technical staff
• Contribute to assessment artifacts, including:
  • SSP updates
  • SARs
  • ISRAs
  • POA&Ms
• Document assessment results and clearly articulate control gaps and risks
• Maintain assessment independence and objectivity
• Identifyopportunities to improve assessment efficiency throughstandardization, tooling, or automation of evidence collection and validation
• Support the use ofdata-driven or AI-assisted techniquesto enhance analysis, traceability, and reporting over time

What You Will Need:

• Minimum of THREE (3) years of experience supporting security control assessments, audits, or authorization activities
• Bachelors Degree is required.
• US Citizenship is required.
• Hands-on experience contributing to formal security assessment documentation (SSPs, SARs, POA&Ms, or equivalents)
• Working knowledge of NIST SP 800-53 security and privacy controls
• Understanding of risk-based assessment concepts
• Ability to analyze assessment evidence and clearly document findings

What Would Be Nice To Have:

• Experience supporting government or other regulated environments
• Exposure to CMS, healthcare, or publicsector security compliance frameworks
• Familiarity with A&A, RMF, or Security Control Assessment processes
• Relevant certifications (CISA, CISSP, CISM, Security+, or similar)
• Prior background in or exposure tosecurity engineering, cloud security, or system implementation
• Familiarity withmodern architectures (cloud platforms, IAM, logging/monitoring, APIs)and how controls are implemented in those environments
• Exposure toautomation tools, scripting, or GRC platformssupporting assessment or compliance activities
• Interest in applyingAI/automation to improve audit readiness, evidence analysis, or continuous monitoring processes

What We Offer:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

• Medical, Rx, Dental & Vision Insurance

• Personal and Family Sick Time & Company Paid Holidays

• Position may be eligible for a discretionary variable incentive bonus

• Parental Leave and Adoption Assistance

• 401(k) Retirement Plan

• Basic Life & Supplemental Life

• Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts

• Short-Term & Long-Term Disability

• Student Loan PayDown

• Tuition Reimbursement, Personal Development & Learning Opportunities

• Skills Development & Certifications

• Employee Referral Program

• Corporate Sponsored Events & Community Outreach

• Emergency Back-Up Childcare Program

• Mobility Stipend