By Light HQ

Risk Management Framework / Security Control Assessor (RMF SCA)

Job Locations US-VA-McLean
Posted Date 4 days ago(2/22/2021 4:00 PM)
# of Openings
Tier 3 - Secret/ADP II


Is it time for a new and exciting job opportunity? Phacil, an employee-owned IT consulting company, is seeking a Risk Management Framework / Security Control Assessor for an important customer in McLean, VA. Join an amazing group of dedicated professionals and see the possibilities!

We bring service excellence and professional commitment delivering quality service and ferocious execution to our Federal Government customers. We provide solutions in the areas of Information Assurance, Cyber Security, Artificial Intelligence, Software & Systems Engineering, Cloud & Managed Services, and Network Engineering. Join us by applying at .


This is a hands-on, Risk Management Framework (RMF), Technical Security Assessor / Analyst (SCA) position requiring intermediate knowledge of Tenable SCCV; Tenable Nessus Pro. and Mgr; Windows Server 2012/2016; Red Hat Linux; VMWare; SQL Server; Oracle, and other administrative and security aspects of workstation and enterprise server technology.  Support the technical scanning side of the Security Control Assessments of globally deployed departmental systems through hands-on execution of customer-supplied tools and best-practice techniques, including manual and automated verification scans against defined component baselines, demonstrated knowledge of how to customize component baselines and edit Tenable .Audit files needs to be on your Resume to qualify.

The SCA will assist with determining the security and configuration status of a variety of system components including: System Scanning, Linux and Windows operating systems; SQL Server and Oracle databases; system support components; VMWare implementations. There are also occasional “one-off” components requiring development of baseline security configurations, hence technical curiosity and a desire to learn and innovate are beneficial.

For Assessment & Authorization purposes, validate the components and configurations of departmental systems deployed both globally and domestically. Identify misconfigurations, non-compliances, and anomalies which are relevant to FISMA assessment practices. Coordinate system assessment and findings to the Security Analyst for inclusion in the Security Assessment Report and participate in findings meetings with relevant system stakeholders.

Using the NIST Risk Management Framework and the NIST 800-53 security control catalog, map system and configuration anomalies to specific NIST security controls, along with specific remediation. Write accurate, cogent and defensible descriptions of security configuration status as well as succinct and defensible suggested remediation.

Required Experience/Qualifications

Required Experience:

  • 2+ years of using the NIST 800-53a RMF to conduct A&A Security Assessments.
  • 1+ year of NOC, SOC, operations, data center, configurations management or similar security related experience.
  • 3+ years of enterprise Linux and Windows Server security configuration familiarity. 
  • 3+ Years of experience working with and configuring Tenable SCCV, Tenable Nessus Pro. and Mgr.
  • One (1) of the following certs, is required CISSP, CAP, or Security + (but)

Another DoD IAT level II or better Cert. may be used in place of above cert.

           Note: Or the ability to acquire one of the above certs. within 60 days of hire.

                         Current List can be found at


Preferred Experience/Qualifications

Preferred Skills:

  • Prior Department of State, Consular Affairs, experience, is a plus.
  • Knowledge of cloud assessments or PKI-DAR (Public Key Infrastructure, Data at Rest), or general control configuration or assessment on the Program Security support side, typical of completing RMF type assessments
  • Application security assessment principles and experience, is a plus.
  • Use and/or in-depth knowledge of Microsoft Teams & SharePoint and/or Telos Xacta, is a plus.

Special Requirements/Security Clearance

Security Clearance

  • DoD Secret (Required) 

Physical Demands

Must be able to Mentally envision and review between 800 and 1000 security controls per system, and then compose a report of the nonstandard settings, job aids are available. Must also have the ability to assess two or more systems as time permits and prioritize the work assigned.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed