We’re hiring Senior NIST 800-53A Security Control Assessors for multiple federal assessment projects kicking off between
️ This is NOT a general GRC or compliance role.
We are specifically looking for professionals who have hands-on experience executing full NIST 800-53A assessments, not just mapping controls or supporting audits.
What you’ll actually be doing:
• Developing Security Assessment Plans (SAP) with defined testing procedures (Inspect / Interview / Test)
• Conducting control assessments across all control families (technical + administrative)
• Interviewing control owners and validating implementation statements in SSPs
• Performing evidence-based testing (logs, configurations, artifacts)
• Writing Security Assessment Reports (SAR) with formal findings and risk ratings
• Building POA&M entries tied to identified control deficiencies
Not a fit if your experience is limited to SOC 2, ISO 27001, or third-party risk management without hands-on 800-53A assessment execution.
Requirements
What we’re looking for:
• 5+ years of direct experience performing NIST 800-53A assessments
• Proven ownership of SAP and SAR deliverables
• Strong experience designing and executing control testing procedures
• Background in RMF, FedRAMP, FISMA, or CMS ARS frameworks
• Ability to independently validate controls beyond documentation review
Nice to have:
• Experience with CMS ARS / ARC-AMPE baseline
• Strong Excel-based evidence mapping and tracking
Benefits
As a lean, growing firm, we prioritize results over red tape, offering you a direct seat at the table and a clear path for career progression as we scale. You won’t be just a number here; you’ll have the autonomy to make a visible impact on the business from day one.