✦ Luna Orbit — Cybersecurity

Security Control Assessor (REMOTE)

at Koniag Government Services

📍 Remote, US Remote Posted April 14, 2026
Apply Now → ← Browse All Jobs

Position Details

Type Full-Time
Experience mid
Exp. Years 5+ years (3+ years direct)
Education Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
Category Cybersecurity

About this role

Security Control Assessor role supporting federal clients by performing security control assessments and helping drive remediation through ATO-aligned documentation. The position is remote and requires the ability to obtain a Public Trust.

Key Responsibilities

  • Conduct comprehensive security control assessments following NIST guidelines
  • Perform security testing and evaluate systems and applications
  • Document findings and prepare detailed assessment reports and evidence
  • Support Authorization to Operate (ATO) processes and assist with Plans of Action and Milestones (POA&Ms)
  • Conduct vulnerability assessments and penetration testing using tools such as Nessus and Qualys

Technical Overview

You will execute security testing and evaluations, assess NIST SP 800-53 security controls under the Risk Management Framework (RMF), and support Authorization to Operate (ATO) processes. The role includes vulnerability assessments using Nessus and Qualys, producing detailed reports and evidence, and assisting with Plans of Action and Milestones (POA&Ms), with assessments performed manually (no customer GRC tool).

Ideal Candidate

The ideal candidate is a mid-level cybersecurity professional with 5+ years of cybersecurity experience and 3+ years specifically conducting security control assessments. They have deep knowledge of NIST SP 800-53, strong RMF experience, and can support Authorization to Operate (ATO) processes while producing detailed assessment evidence, reports, and POA&Ms. Familiarity with vulnerability scanning tools like Nessus and Qualys is expected, along with the ability to obtain a Public Trust.

Must-Have Skills

Conducting comprehensive security control assessments following NIST guidelinesDeep understanding of NIST SP 800-53 security controlsExperience with Risk Management Framework (RMF)Proficiency in security assessment and authorization processesExperience with vulnerability scanning tools (NessusQualysetc.)Knowledge of Federal Information Security Management Act (FISMA) requirementsSupporting Authorization to Operate (ATO) processesExperience with securi (truncated but implies security documentation review/assessment)

Nice-to-Have Skills

experience with penetration testingknowledge of cloud security concepts

Tools & Platforms

NessusQualysMicrosoft Office suite

Required Skills

security control assessmentsNIST guidelinesNIST SP 800-53Risk Management Framework (RMF)Federal Information Security Management Act (FISMA)security testingauthorization to operate (ATO) processesvulnerability assessmentspenetration testingPlans of Action and Milestones (POA&Ms)continuous monitoringevidence and documentationNessusQualyscloud security conceptsMicrosoft Office suitesecurity documentation review

Hard Skills

security control assessmentsNIST guidelinesNIST SP 800-53security testingevaluation of systems and applicationsdocumenting assessment findingstechnical writingsecurity planssecurity documentation reviewevaluating security controlsAuthorization to Operate (ATO) processesvulnerability assessmentspenetration testingPlans of Action and Milestones (POA&Ms)security working groupscontinuous monitoringmaintaining assessment documentation and evidencevulnerability scanning toolsNessusQualyscloud security conceptsMicrosoft Office suitefederal information security requirementsFederal Information Security Management Act (FISMA)Risk Management Framework (RMF)security documentation review

Soft Skills

strong analytical and problem-solving skillsexcellent documentation and technical writing abilitiesstrong communication and interpersonal skillsability to work independently and as part of a teamcollaborating with system owners and stakeholdersparticipating in security working groups and technical meetings

Industry & Role

Industry Government/Public Sector
Job Function Assess security controls and support RMF-based ATO authorization for federal systems.
Role Subtype GRC Analyst
Tech Domains Cybersecurity

Keywords for Your Resume

Security Control AssessorSecurity Control Assessor (REMOTE)Mid-Level Cybersecurity Analystcybersecurity analystsecurity control assessmentsNIST guidelinesNIST SP 800-53Risk Management Framework (RMF)RMFFederal Information Security Management Act (FISMA)FISMAAuthorization to Operate (ATO)ATO processesPlans of Action and Milestones (POA&Ms)POA&Mssecurity testingvulnerability assessmentspenetration testingcontinuous monitoringmaintaining assessment documentation and evidencesecurity working groupsvulnerability scanning toolsNessusQualyscloud security conceptsMicrosoft Office suitePublic Trustpublic trust

Deal Breakers

Must have 5+ years of experience in cybersecurity, Must have 3+ years of direct experience conducting security control assessments, Must have deep understanding of NIST SP 800-53 security controls, Must be able to obtain a Public Trust, Experience with Risk Management Framework (RMF) is required

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile