Position Description

Valiant Solutions is seeking a Security Controls Assessorto join our rapidly growing and innovative cybersecurity team!

The Security Controls Assessor will lead hands-on technical security control assessments and provide FISMA and FedRAMP subject matter expertise for our government client's information systems. The role guides assessment teams through Security Assessment and Authorization (SA&A), Annual Security Controls Assessment (ASCA), and Event-Driven assessments against NIST SP 800-53, producing audit-defensible packages and mentoring junior analysts.

Location: The Security Controls Assessorcan expect 100% telework. Remote work requires a high level of trust in our employees, and we strictly adhere to the details outlined in our Remote Work Policy below.

Eligibility Requirements: U.S. Citizenship is required due to federal contract obligations, along with the ability to successfully pass a federal background investigation

Required Experience:

• Five (5) or more years of progressively responsible experience in information security, security control assessment, or cyber risk management.
• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, Engineering, or a related field, or an additional three (3) to five (5) years of relevant experience in lieu of a degree.
• Demonstrated hands-on experience assessing NIST SP 800-53 controls and producing A&A artifacts (System Security Plan, Security Assessment Plan, Security Assessment Report, Security Controls Traceability Matrix, and Plan of Action and Milestones).
• Knowledge of FISMA, the NIST Risk Management Framework (NIST SP 800-37), FedRAMP, ISCM, and CDM.
• Demonstrated experience with technology risk assessments, security engineering, and security architecture principles.
• Experience with cloud systems, cloud service providers, and FedRAMP requirements.
• Experience with GRC platforms (e.g., Qmulos Q-Compliance, ServiceNow GRC), SharePoint, scanning tools, and SIEM (e.g., Splunk).
• Familiarity with FIPS 199 security categorization and privacy control assessment.
• Strong written and verbal communication and stakeholder engagement skills.

Preferred Certifications

• CISSP, CISM, CISA, or CAP certification preferred.

Responsibilities

• Lead hands-on technical NIST SP 800-53 security control assessments, including applicable overlays (e.g., high-value assets, artificial intelligence, critical software, and FedRAMP).
• Serve as a FISMA and FedRAMP technical subject matter expert across SA&A, ASCA, and Event-Driven Security Controls Assessment efforts.
• Guide the Discovery, Assessment, Risk Validation, and Finalization stages, including Security Assessment Plan development, evidence collection, control assessment meetings, and Security Assessment Report finalization.
• Coordinate and conduct stakeholder meetings and findings reviews, and brief stakeholders on draft Security Assessment Report findings and risk decisions.
• Maintain and update assessment package templates (Security Assessment Plan, System Security Plan, Security Controls Traceability Matrix, Security Assessment Report, and Action Item List) for consistency and compliance.
• Assess the impact of new laws, regulations, policies, and guidance on the client's assessment requirements and recommend process changes.
• Provide day-to-day technical direction and mentorship to other security analysts.
• Incorporate threat modeling and threat hunting into the assessment process to proactively identify and mitigate risks.
• Recommend automation approaches, including robotic process automation, workflow orchestration, and data transformation, to improve assessment efficiency and accuracy.
• Support FedRAMP package reviews for cloud efforts and responses to data calls and audits from the agency inspector general, GAO, and OMB.
• Provide knowledge transfer and upskilling to federal staff so they can perform assessments and serve as backup to contractor assessors.

Benefits Snapshot (includes, but not limited to)
Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees
Valiant contributes 25% towards Health Coverage for Family and Dependents
100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees
100% Paid Certifications
401K Matching up to 4%
Paid Time Off
Paid Federal Holidays
Wellness & Fitness Program
Valiant University - Online Education and Training Portal
FSA programs for: Medical Costs, Dependent Care, Transit, and Parking
Referral Bonuses

The salary range for this position is a general guideline and not a guarantee of compensation or salary. It has been benchmarked in relation to the scope of the role, market rate, and internal equity. Where a candidate falls within the band can be determined based on one or more of the following: skillset, experience level, achievements, education, geographic location, security clearance, involvement in corporate tasks, and other non-discriminatory factors. In addition to the base salary, this role will include benefits as described above. Valiant reserves the right to adjust the salary range, experience requirements, and position responsibilities at any time without prior notice.

Remote Work Policy

Remote work necessitates a high level of trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention and availability to their job duties during working hours, and maintain a schedule during core business hours that align with those of their coworkers and Valiant's clients. In alignment with Valiant's inclusive and engaging environment, cameras are encouraged and can be required to be on during virtual video conferences. Additionally, in alignment with the Office of the Inspector General's effort to eliminate conflicting employment, all Valiant employees are required to disclose any current or future outside employment engagements. During onboarding and throughout employment, employees must disclose any current activities or intent to engage in outside employment or other professional activities and obtain written approval. Employees may not solicit or conduct any outside business during core business hours for Valiant Solutions and our clients.

Physical Demands

Sitting or standing at a desk for prolonged periods of time and consistent operation of a computer. Frequent communication and exchanging of accurate information via electronic communication, phones, and in person. Occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.