Security Control Assessor Security Clearance

Position: Security Control Assessor with Security Clearance
Job Title:

Security Control Assessor - Intermediate (Information Assurance Support Services)

Location:

San Antonio, TX

Education:

BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science or military Training or CGRC/CAP or CASP+ or Cloud+ or Pen Test+ or Security+ or GSEC, CISSP Certification:
Microsoft Certified:
Azure Administrator Associate or Microsoft Certified:
Windows Server Hybrid Administrator Associate Position

Description:

The Information Assurance (IA) Security Administrator – Control Assessor provides enterprise-level cybersecurity compliance and assurance support for the DHA Domain and Directory Services Branch (DDSB). This role ensures that enterprise systems meet DoD Risk Management Framework (RMF) and DHA security requirements through continuous monitoring, control validation, and vulnerability assessment. By performing proactive security assessments, validating controls, and ensuring compliance with RMF and DoD security requirements, this role reduces risk exposure and strengthens the protection of mission-critical healthcare IT systems across the Military Health System.

Conduct vulnerability scans and security control assessments to validate compliance with DoD and DHA cybersecurity policies, STIGs, and IAVM directives. Maintain and validate asset inventories within ACAS and eMASS, ensuring all enterprise assets are credentialed, scanned, and reported accurately. Develop and maintain Plan of Action and Milestones (POA&Ms) for identified vulnerabilities, providing remediation strategies and tracking progress through closure. Support the IS accreditation process by preparing risk assessment packages, security documentation, boundary diagrams, and accreditation artifacts.

Evaluate the impact of system modifications and changes, documenting security implications and ensuring updates align with DHA Change Management procedures. Provide timely reporting of security incidents and violations, escalating findings through DHA’s established IA reporting chain. Collaborate with engineering, administration, and operations teams to integrate IA requirements into system lifecycle activities. Develops:
Weekly and ad-hoc vulnerability scan reports; POA&Ms for unremediated vulnerabilities;
Risk Assessment packages and security accreditation documentation; eMASS entries, updates, and compliance validation records;
Incident reports and corrective action documentation The IA Security Administrator – Control Assessor is critical to DHA’s cybersecurity readiness and accreditation posture.