Cloud Security Control Assessor

Job#: 3024872

Job Description:
Cloud Security Control Assessor

Location: Alexandria, Virginia (On-site)

Employment Type: Contract to Perm

Role Overview

We are seeking a skilled Security Control Assessor to join our team. The successful candidate will be responsible for evaluating, testing, and validating the effectiveness of security controls for information systems, with a strong emphasis on the Risk Management Framework (RMF). The ideal candidate will have experience in cloud environments and possess the professional presence to engage directly with government stakeholders.

Key Responsibilities

• Serve as a primary assessor and validator for RMF activities, briefing findings directly to government clients.
• Apply technical expertise in the Risk Management Framework to plan, execute, and document end-to-end security control assessments across RMF Steps 0-7.
• Validate the implementation and effectiveness of security controls, ensuring they meet NIST, DoD, and DHS requirements.
• Develop comprehensive test plans and conduct hands-on control validation, including evidence collection and results documentation.
• Build complete, audit-ready Authorization to Operate (ATO) packages, including SSPs, SARs, and POA&Ms.
• Review, validate, and track POA&M items to ensure remediation actions are properly implemented.
• Use eMASS or similar compliance and IA tools to manage assessment data and maintain system authorization documentation.
• Analyze vulnerability scan results and STIG implementations to identify risks and produce actionable assessment reports.
• Assess and validate security controls in cloud environments such as AWS and/or Azure.
• Leverage prior federal cybersecurity experience to ensure alignment with federal cybersecurity policies and governance frameworks.

Required Qualifications

Education: A Bachelor's Degree or equivalent years of relevant experience.

Experience: 6 years of relevant experience. A Secret security clearance or higher is required. U.S. Citizenship is required.

Technical Skills:

• Must hold at least one of the following DoD 8570 IAT II certifications: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, or SSCP.
• Hands-on experience with eMASS or similar Information Assurance tools.
• Experience analyzing vulnerability scans and STIG implementations.
• Knowledge of AWS and/or Azure cloud environments.
• Familiarity with DoD 8500, DoD 8510, DHS 4300 A/B, and NIST SP 800 series (including 800-53, 800-53A, 800-137).

Preferred Qualifications

• Understanding of the Systems Development Lifecycle (SDLC), particularly the DHS Systems Engineering Lifecycle (SELC) process.
• Experience with researching, writing, and submitting complete documentation packages for new system authorizations within a federal environment.
• Strong communication skills for presenting assessment findings to government stakeholders.

Work Environment

This is a full-time, onsite position in Alexandria, VA. Core work hours are from 9:00 AM to 4:00 PM, with flexible scheduling options available.

Compensation & Benefits

Compensation for this role falls between $140,000 and $155,000 annually. A comprehensive benefits package is available to eligible employees.

We are an equal opportunity employer and welcome applications from all qualified candidates regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Apex uses a virtual recruiter as part of the application process. Click for more details.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Benefits Department at or .

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click for more details.

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.