SCA-R Validator

Company	Leidos
Location	Chambersburg, PA, USA, Alexandria, VA, USA, Odenton, MD, USA
Salary	$85150 – $153925
Type	Full-Time
Degrees	Bachelor’s
Experience Level	Senior, Expert or higher

Bachelor’s degree (IT-related field preferred) and eight (8) years of cybersecurity or network security experience. Additional relevant experience may be considered in lieu of degree.
Active DoD Top Secret clearance with SCI eligibility required
Current DoD 8570 IAM II or IAT II certification
Five (5) years of experience in a Certification and Accreditation/A&A role
Demonstrated experience with STIGs (Security Technical Implementation Guides), Security Requirement Guides (SRGs), Plan of Action and Milestones (POA&Ms) and cybersecurity best practices
Advanced understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253
Demonstratable experience in risk analysis, control validation, and as a Security Control Assessor Representative (SCA-R)
Demonstrated experience with relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS
Advanced understanding of key technologies areas/domain such as: Network, Mobility, Windows, UNIX, Cloud Environments and Cloud Native Tools/Services, Host Based Security System (HBSS)/Endpoint Security Solutions (ESS), Databases, Applications
Customer service skills
Ability and willingness to travel for assessments as required

Use government-assigned tools to perform weekly updates, maintain records, and complete tasks.
Coordinate with ISSMs and PMOs to understand mission and business functions, security architecture, deployment locations, and planned and projected architectural and functional changes of assigned systems.
Conduct cybersecurity assessments, risk analyses (operational and technical) and authorization tasks across all RMF steps using approved RE5 tools and processes.
Verify authorization boundaries and categorize systems (FIPS199).
Identify data classifications and conduct system-level risk assessments.
Track system changes, assess impacts, and report updates to the AO.
Evaluate authorization and change requests, web filtering, firewall exceptions, ports/protocols, cybersecurity risks, STIG/SRG compliance, and on-site security.
Lead assessment visits, conduct briefings, and ensure proper documentation and reporting.
Attend required government training and meetings to stay updated on process changes.
Maintain access and proficiency in required government databases and cybersecurity tools.
Assess threats, vulnerabilities and cybersecurity risk for systems and compile findings into timely authorization packages to determine countermeasures and residual risk.
Support assigned systems throughout their lifecycle in alignment with FISMA requirements.
Submit weekly activity reports summarizing tasks, tracking IDs, and key updates.