Tantus Technologies, Inc. - recognized by the Washington Post as a Top Workplace - is seeking a Mid-Level Security Control Assessor to conduct independent security assessments and support Assessment and Authorization (A&A) processes for a Federal Client's information systems and cloud environments. You will play a critical role in ensuring compliance with federal security standards by developing and maintaining A&A documentation and collaborating effectively with stakeholders.

Clearance: This position supports a federal contract and requires the ability to pass a background check.

• Conduct system security control assessments for federal information systems, applications, and cloud environments (IaaS, PaaS, SaaS).
• Develop and maintain A&A documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms).
• Perform risk assessments and recommend actionable mitigation strategies to stakeholders.
• Support the Authorization to Operate (ATO) process by validating security controls and ensuring compliance with federal standards.
• Create and update security documentation, including policies, procedures, and test plans.
• Collaborate with system owners, ISSOs, and IT teams to implement and document security requirements.
• Communicate findings, risks, and mitigation efforts to technical and non-technical stakeholders.
• Prepare for and support security audits, ensuring alignment with compliance goals

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• 3-5+ years of experience in security compliance, risk management, or related fields, with strong knowledge of FISMA, NIST (SP 800-53, SP 800-137), and federal security standards.
• Familiarity with tools such as CSAM, eMASS, or Xacta is a plus.
• Preferred certifications: CISSP, CISA, CGRC (formerly CAP), or CISM.
• Ability to manage multiple tasks effectively while working independently and collaboratively.

• Ability to conduct independent security control assessments for federal systems and cloud environments.
• Proficient in developing and maintaining comprehensive security documentation, including SSPs, SARs, and POA&Ms.
• Skilled in performing detailed risk assessments and providing actionable mitigation strategies.
• Strong written and verbal communication skills, capable of collaborating effectively with stakeholders, including system owners, ISSOs, and IT teams.
• Demonstrated ability to manage multiple tasks effectively, both independently and in a team environment.
• Strong problem-solving and analytical abilities to address complex security challenges.

The following industry standard certifications are preferred but not required:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Governance, Risk and Compliance (CGRC, formerly CAP)
• Certified Cloud Security Professional (CCSP)

• Salary range is $90,000-110,000/year. The salary range for this position reflects a variety of factors that influence compensation decisions, including skills, experience, training, certifications, and organizational needs.