Position Description:
Valiant Solutions is seeking multiple Senior Security Controls Assessors to join our team to support a high-visibility federal program. These roles will play a vital part in strengthening the client’s cybersecurity and privacy posture by executing risk-based assessments, facilitating continuous monitoring, and contributing to the broader risk management strategy across enterprise systems.
The scope of these positions includes supporting cybersecurity and privacy risk management efforts by conducting detailed security and privacy control assessments, implementing continuous monitoring strategies, and contributing to the development and maturation of the Security and Privacy Control Assessment (SCA) program. The Analysts will provide advisory services to system owners and other stakeholders to address findings, track remediation efforts through POA&Ms, and validate the closure of identified risks.
The ideal candidates will be proactive, detail-oriented professionals with deep expertise in NIST RMF processes, privacy and security controls, and enterprise-level risk assessment. This is a high-impact opportunity to contribute to a mission-critical federal program that safeguards sensitive systems and data
Named one of the Best Places to Work in the Washington DC area for 11 consecutive years, Valiant is proud of our employee-centric culture and commitment to excellence. If you are interested in learning more about Valiant and this opportunity, we invite you to apply now!
This position allows for 100% remote work. Remote work necessitates a high-level trust in our employees and we strictly adhere to the details found below in our Remote Work Policy.

REQUIRED EXPERIENCE:

• Seven (7) + years of relevant cyber-security experience
• Degree in a cyber-related field or additional years of relevant experience
• Experience conducting security and privacy control assessments for federal information systems, including cloud-based and hybrid environments.
• Deep understanding of NIST RMF (SP 800-37), SP 800-53A, and SP 800-30, with hands-on application across full assessment lifecycles.
• Experience supporting assessments at all layers of the technology stack, including but not limited to operating systems, network equipment, appliances, cloud service providers, applications, tools (AV/AM, endpoint security, etc), and CI/CD pipelines.
• Proven ability to develop, manage, and validate Plan of Action and Milestones (POA&Ms) and track risk remediation efforts to closure.
• Skilled in assessing residual risk and providing actionable recommendations to stakeholders, system owners, and executives.
• Hands-on experience with continuous monitoring programs, tools, and reporting to inform real-time risk awareness and decision-making.
• Proficient in testing and validating controls, both manually and through automated methods, to verify effectiveness and identify weaknesses.
• Ability to leverage insights from previous audits, red team exercises, penetration tests, and threat simulations to inform assessment findings.
• Familiarity with integrating security and privacy requirements into the System Development Life Cycle (SDLC), enterprise architecture, and acquisition processes.
• Experience developing or applying risk scoring methodologies, including both quantitative and qualitative models for evaluating threats and control effectiveness.
• Awareness of emerging technologies and risks such as AI, citizen development, and supply chain vulnerabilities as they relate to cybersecurity and privacy controls.
• Strong communication and collaboration skills, with the ability to produce clear, executive-level reports and work effectively with cross-functional federal teams and contractors.
• A writing sample may be submitted.

• Performing security and privacy control assessments in accordance with the client’s program methodology for systems such as general support systems, applications, and cloud-based environments.
• Using NIST frameworks, particularly NIST SP 800-37, SP 800-53A, and SP 800-30, to implement repeatable risk management processes aligned with federal standards.
• Establishing and maintaining effective continuous monitoring strategies that provide situational awareness of cybersecurity and privacy risks to stakeholders and executives.
• Assessing residual risks across various systems, supporting informed decision-making for risk acceptance.
• Supporting the integration of security and privacy controls into the client’s SDLC, enterprise architecture, and acquisition processes.
• Supporting the implementation and evolution of automation techniques and metrics to enhance real-time risk awareness and response.
• Conducting independent, hands-on testing and validation of controls, using evidence from prior assessments, audits, threat simulations, and emerging technologies.
• Developing and adjusting risk scoring methodologies to reflect supply chain risks, AI-related threats, and control weaknesses.