Your Vision Achieved
Security Controls Assessor
Location
United States
Posted
18 hours ago
Salary
$104K - $119K / year
Seniority
Mid Level
Job Description
Security Controls Assessor
Avint
Role Description Avint is seeking a highly motivated Journeyman Security Controls Assessor (SCA) in support of a critical federal contract. The Journeyman SCA is a mid-level professional responsible for executing standard security control assessments, evaluations, and compliance verifications across organizational information systems. Operating as a core member of the cybersecurity assurance team, this role focuses on testing technical, operational, and management controls to ensure alignment with regulatory requirements and security policies. The mid-level SCA works under the general supervision of and receives technical guidance from senior SCAs, contributing directly to the organization’s Risk Management Framework (RMF) and Security Assessment and Authorization (A&A) lifecycles. Qualifications - Bachelor’s degree (BS/BA) OR equivalent professional experience - Security+ or higher - Minimum of 6-8 years of dedicated experience in cybersecurity, information assurance, or IT auditing - At least six (6) years of dedicated experience performing hands-on security controls assessments of systems of moderate complexity (C2 & C3) with capability of supporting C4 assessments Requirements - Must be a U.S. citizen (no dual citizenship) - Ability to pass a background investigation - Able to obtain and maintain DHS Suitability/Entry on Duty (EOD) Soft Skills - Strong attention to detail and organized documentation habits - Good analytical and troubleshooting abilities - Professional verbal and written communication skills, with an ability to collaborate effectively across technical boundaries Position Responsibilities - Security Assessment and Validation: - Conduct security control assessments of information systems using interview, examination, and testing methods - Verify compliance with established frameworks such as NIST SP 800-37, NIST SP 800-53, NIST SP 800-171, FISMA, and/or FedRAMP, depending on organizational requirements - Analyze system architectures, network diagrams, configuration settings, and policies to identify vulnerabilities and compliance gaps - Review vulnerability scanning results (e.g., Nessus, Qualys) and penetration testing reports to validate the implementation of technical controls - Reporting and Risk Management: - Document detailed testing results and draft sections of the Security Assessment Report (SAR), ensuring clear explanations of non-compliant findings - Present assessment findings and risk postures to Authorizing Officials (AO), system owners, and other stakeholders in clear, actionable terms - Assist system owners in the development of realistic Plans of Action and Milestones (POA&M) to remediate identified deficiencies - Collaborate with the Risk Management team to ensure assessment data accurately informs the organization’s continuous monitoring strategy - Continuous Improvement and Strategy: - Stay current on emerging cyber threats, vulnerabilities, regulatory changes, and assessment techniques - Identify opportunities to automate assessment processes and integrate modern tooling into the assessment lifecycle - Participate in the development and refinement of enterprise information security policies, standards, and guidelines - Technical Areas of Expertise: - Solid working knowledge of security control frameworks (specifically NIST SP 800-53, NIST SP 800-37, and NIST SP 800-171) - Familiarity with cloud security concepts (AWS, Azure, Google Cloud) and cloud compliance frameworks (FedRAMP) - Knowledge of operating system security, network protocols, access control mechanisms, and vulnerability management tools Benefits - Competitive salaries - Full health insurance - Generous time off - Observation of federal holidays - Reimbursement for courses, exams, and tuition for professional development Salary Range $104,000-$119,000
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Senior Cybersecurity Third-Party Risk Analyst
BoeingA leading global aerospace company and top U.S. exporter, Boeing develops, manufactures and services commercial airplanes, defense products and space systems for customers in more than 150 countries. Our U.S. and global workforce and supplier base drive innovation, economic opportunity, sustainability and community impact. Boeing is committed to fostering a culture based on our core values of safety, quality and integrity.
Job Description At Boeing, we innovate and collaborate to make the world a better place. We're committed to fostering an environment for every teammate that's welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us. We are seeking a highly experienced Senior Cybersecurity Third-Party Risk Analyst to perform advanced, technical assessments of third-party cyber risk and to design automation and process improvements using configuration, integration, and agentic AI capabilities. This senior individual contributor will focus on developing hands-on assessment processes to evaluate vendor controls, validate technical evidence, and drive remediation recommendations - while also building robust automation and configuration assets (scripts, connectors, playbooks, and AI agents) to scale assessment throughput, improve data quality, and accelerate risk decisions. A strong emphasis on lean process enhancement will ensure the program delivers higher velocity, lower waste, and measurable improvements in assessment quality and cycle time. Though the position is primarily remote, there will be times to go into a Boeing facility. Candidates must live near a Boeing Facility or be willing to relocate at their own expense. This position requires candidates to be a US Person (Green Card holder or US Citizen) Key Responsibilities - Design & Execute end-to-end cybersecurity third-party assessments for strategic and high-risk vendors, including questionnaire reviews, technical evidence validation, architecture reviews, cloud configuration analysis, IAM assessments, encryption and key management reviews, logging/monitoring validation, and vulnerability/penetration test interpretation. - Produce repeatable processes that create clear, prioritized risk findings and remediation guidance tailored to vendor risk and business impact - Design, build, and maintain automated assessment capabilities: evidence collection scripts, API connectors, ETL pipelines, data validation routines, and integration points with TPRM/GRC platforms (Aravo, ServiceNow GRC, RSA Archer, OneTrust, etc.). - Develop and deploy agentic AI components (e.g., automated evidence triage, document ingestion and extraction, risk-scoring assistants, remediation suggestion agents) while ensuring safe, auditable, and privacy-preserving behavior. - Lead lean process improvement initiatives across the assessment lifecycle: map value streams, eliminate waste, reduce handoffs, optimize SLAs, and implement continuous improvement cycles to increase throughput and quality. - Create and maintain technical assessment artifacts: standardized templates, evidence matrices, technical checklists, assessment playbooks, and scoring rubrics that support repeatability and auditability. - Validate and tune automated scoring models and AI outputs; perform periodic calibration and manual reviews to ensure accuracy and reduce false positives/negatives. - Collaborate closely with Procurement, Legal, Security Operations/CIRT, Privacy, and other business stakeholders to ensure technical assessment findings map to contractual requirements and incident response expectations. - Support remediation verification and re-assessment - use automation to track evidence submission, validate fixes, and update risk status. - Maintain strong documentation & processes to support change management of automation logic, AI agent behaviors, data mappings, integration schemas - Stay current on emerging attack techniques, supply chain threats, automation best practices, responsible AI controls, and lean methods; propose and implement improvements. Basic/Required Qualifications - 5+ years of cybersecurity experience with at least 3 years focused on third-party/vendor security assessments or equivalent technical assessment roles. - Deep hands-on expertise reviewing technical artifacts: cloud console evidence (AWS/Azure/GCP), architecture diagrams, IAM configurations, network security, encryption, logging/monitoring, vulnerability scans, and penetration test reports. - Proven ability to translate technical findings into concise executive-level summaries and remediation plans; excellent written and verbal communication skills. - Demonstrated experience applying lean principles or continuous improvement methods to operational processes - ability to run value stream mapping, define and measure waste, and implement sustainable improvements. - Comfortable working independently as a senior individual contributor and coordinating across technical and non-technical stakeholders; experience in agile environments and using agile tooling (ADO, JIRA). Preferred Qualifications - Bachelor's degree in Computer Science, Information Security, Engineering, or related technical field; advanced degree (MS or equivalent) preferred. - Industry recognized security certifications (CISSP, CISM, CRISC) and/or cloud security certifications (AWS/Azure/GCP Security) preferred. - Strong configuration skills for security/TPRM tooling (Aravo, ServiceNow GRC, RSA Archer, OneTrust, or similar) including forms, workflows, scoring, and data model configuration. - Formal training or certification in Lean/Six Sigma, Kaizen, or similar continuous improvement methodologies. - Practical experience designing, training, or integrating agentic AI components (LLM orchestration, retrieval-augmented generation, agent frameworks) into security processes - able to implement guardrails, audit logging, and privacy controls. - Prior experience implementing AI governance for security use cases - Familiarity with software supply chain risk concepts (SBOMs) - Experience with SIEM/SOAR integrations, vulnerability management platforms, and continuous monitoring - Experience working in regulated industries (finance, aviation, healthcare, defense) or with global privacy/regulatory requirements (GDPR, CMMC, etc...). Typical Education/Experience: - Education/experience typically acquired through advanced education (e.g. Associate) and typically 2 or more years' related work experience or an equivalent combination of education and experience (e.g. Bachelor+1 years' related work experience, 5 years' related work experience, etc.). Relocation: Relocation assistance is not a negotiable benefit for this position. Candidates must live in the immediate area of a Boeing facility or relocate at their own expense. Drug Free Workplace: Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria are met as outlined in our policies. Pay & Benefits: At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities. The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and several programs that provide for both paid and unpaid time away from work. The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements. Pay is based upon candidate experience and qualifications, as well as market and business considerations. Pay Range is dependent on geographical location and experience: Senior - $128,700 - $181,500 Applications for this position will be accepted until Jul. 15, 2026 Export Control Requirements: This position must meet U.S. export control compliance requirements. To meet U.S. export control compliance requirements, a "U.S. Person" as defined by 22 C.F.R. §120.62 is required. "U.S. Person" includes U.S. Citizen, U.S. National, lawful permanent resident, refugee, or asylee. Export Control Details: US based job, US Person required Relocation Relocation assistance is not a negotiable benefit for this position. Visa Sponsorship Employer will not sponsor applicants for employment visa status. Shift This position is for 1st shift Equal Opportunity Employer: Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.
Principal Solutions Executive - Security
CDWCDW is a Fortune 500 IT services company providing solutions for more than 250,000 clients across North America and the United Kingdom. Serving small and large
Title: Principal Solutions Executive - Security - Northeast Location: Virtual, NJ, United States Job ID: R26_00000898 Team: Sales Focus Area: Business Development Remote Type: Remote Job Description: Description CDW Security is the business unit within CDW, Inc. built to help customers feel confident as they address security challenges and strive for impactful business outcomes. We maintain industry-leading expertise in the areas of strategy, risk, compliance, identity and access management, data privacy, secure infrastructure, and workforce development, to name a few. The products and services related to this expertise provide CDW clients everything needed to develop and mature effective security programs. As part of the Security Solutions Executive team, you will be responsible for selling security services and products. The Security Solutions Executive is expected to enhance CDW Security’s presence, market share, and revenue growth in the cybersecurity market. Specifically, you will support the sales team with full sales lifecycle management through strategic account planning, research, opportunity management, relationship-building, partnering with services teams and OEM vendors, pursuit, and closure. What you will do: - Develop and execute successful strategies that expand CDW Security’s customer base and achieve bookings, revenue, and gross profit targets. - Establish a detailed, comprehensive understanding of all capabilities, service offerings, value proposition, market positioning, selling strategy and process, as well as key differentiators. - Cultivate productive relationships with key personnel in current and targeted accounts. - Identify, engage, qualify, develop, and earn new clients. - Manage, support, and grow relationships as part of the extended sales team with prospects and clients as a consultative seller. - Network with a broad range of client organizations and leadership in key fields, including: Information Technology, Information Security, Finance, Internal Audit, Data Privacy, Compliance, and Legal, Enterprise Risk Management, Procurement / Supply Chain Management. - Proactively coordinate with other CDW Security resources to drive sales cycles, meet company objectives, and exceed client expectations. These key internal resources include Subject Matter Experts, Practice Leadership, Sales Management and Marketing. - Build strong relationships with the partner community to identify opportunities for CDW and those partners. - Understand industry landscapes and follow trends that impact our clients’ business risk, strategic decision-making, and budget planning and expenditure. - Provide accurate sales pipeline updates and forecasts. - Proactively populate and maintain all information in Salesforce. - Provide onboarding support and mentorship to entry level Security Solutions Executives. - Enhance CDW Security’s and your personal brand through participation at industry events, speaking engagements, blogging and other forms of acceptable public communication. - Proactively work with marketing to develop regional events that attract senior leadership from key accounts and prospects. What we expect of you: - Bachelor's Degree and 10+ years experience identifying opportunities and full lifecycle management for security services and products and/or equivalent experience as a security practitioner OR 14+ years experience identifying opportunities and full lifecycle management for security services and products and/or equivalent experience as a security. - Mastery of at least four of the security focus areas in the security portfolio: Identity and Access Management, Security Program Development Privacy, Risk and Compliance, Third-Party Risk Management, Threat and Vulnerability Management, Cyber Workforce Development, Cloud Security, Secure Infrastructure, Physical Security, Emerging Security Technologies.= - Experience with enterprise sales, with both strategic planning and day-to-day execution. - Proven performance record with demonstrated year-over-year metrics. - Successful record of meeting or exceeding sales goals. - Ability to take personal ownership of professional goals and achieve financial targets. - Strong ambition and sense of urgency. - Energetic networker and relationship-builder. - Ability to work with and effectively coordinate across extended internal teams and partners. - Excellent, professional written and verbal communication and interpersonal skills. - Ability to travel as needed for customer meetings and to develop/maintain partner relationships. Pay range: $100,000 - $140,000, depending on experience and skill set Annual bonus target of $30,000 subject to terms and conditions of plan Additionally, uncapped commission subject to terms and conditions of plan Salary ranges may be subject to geographic differentials CDW is committed to being an AI-fluent organization We’re looking for people who bring curiosity, a learner’s mindset, and a willingness to engage with ever-evolving technology and tools. We value adopting AI as a partner, openness to experimentation, and a shared interest in learning together on AI. Our goal is to create a culture where AI enhances—not replaces—human creativity and decision-making. You don’t need to be an expert today; what matters is your readiness to explore, adapt, and grow with us as we integrate AI responsibly and effectively into our work. Additionally, CDW is committed to fostering an equitable, transparent, and respectful hiring process for all applicants. During our application process, our goal is to understand your experience, strengths, skills, and qualifications. As an AI forward company, we see AI not just as a tool, but as a catalyst for new ways of thinking, creating, and communicating. We encourage candidates to embrace an AI mindset, one that’s curious, adaptive, and ready to explore what’s possible. We welcome thoughtful use of AI to expand your perspective and elevate how you share your story, while ensuring your application remains rooted in your own background, judgment, and voice. About Us CDW is a Fortune 500 technology solutions provider that helps businesses, government, education, and healthcare organizations achieve what’s possible through technology. What makes CDW different isn’t just what we do—it’s how we do it. At CDW we act as one—building trust, speaking candidly, and working together to achieve more. We play to win—focusing on what matters most and delivering for our customers. And we think forward—staying curious, moving fast, and continuously learning. We believe meaningful work happens when people feel supported, heard, and empowered to contribute. That’s why we think of ourselves as coworkers, not just employees—working together to solve complex challenges and deliver real impact for our customers and communities. As a full‑stack, full‑lifecycle technology partner, CDW brings deep expertise, strong relationships, and broad industry knowledge to help turn ideas into outcomes. When you join CDW, you become part of a collaborative environment where your work matters, your growth is supported, and your contributions help shape what’s next. CDW is an equal opportunity employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status or any other basis prohibited by state and local law.
• Conduct risk assessments and ensure compliance with relevant Australian cybersecurity regulations and standards (e.g., Privacy Act, ASD Essential 8, ISO 27001). • Manage third-party security risks and support internal governance processes. • Monitor security events, lead incident response efforts, and investigate potential threats to minimize impact on client operations and ensure timely resolution. • Develop and enforce cybersecurity policies, deliver security training to staff and clients, and promote a culture of awareness and shared responsibility for information security. • Identify vulnerabilities, manage patching processes, and advise on the design of secure infrastructure solutions aligned with Australian best practices. • Develop and maintain business continuity and disaster recovery plans. Collaborate with internal teams and prepare clear, actionable security reports for clients and stakeholders.
• Develop and implement security policies and procedures for project environments, ensuring alignment with industry standards and government guidelines (PSPF, ISM). • Monitor, assess, and manage vulnerabilities in systems and applications, and configure security tools like firewalls, IDS, and anti-malware software in collaboration with IT. • Create and maintain documentation for security protocols, incident response plans, and guidelines to ensure consistency and compliance across projects. • Stay current with cybersecurity trends and deliver security awareness training to foster a proactive security culture among stakeholders and partners. • Lead incident response efforts, including containment, eradication, recovery, and communication of risks and solutions to improve security practices. • Conduct comprehensive cyber risk assessments of systems and technologies to ensure compliance with government policies and enhance overall security posture. • Continuously improve cybersecurity services by implementing new strategies, tools, and best practices to stay ahead of emerging threats. • Manage and maintain agreed service levels, ensuring that cyber security operations align with organisational goals.



