Cybersecurity Security Controls Assessor - SCO

Cybersecurity Security Controls Assessor (SCA)

Chantilly, VA (On-site)

Who We Are

Aurex is a mission-focused aerospace and defense company building the next frontier of deterrence. From hypersonics and missile defense to hardened networks and orbital systems, we design, test, and deliver platforms that turn unproven ideas into battlefield-ready capability.

Born in Huntsville and built for speed, Aurex brings together aerospace veterans, combat-tested operators, and forward-leaning technologists to solve problems that matter—fast. We move from whiteboard to warfighter with precision, clarity, and zero tolerance for fluff.

Position Overview

Aurex is seeking a Cybersecurity Subject Matter Expert (SME) to serve as a senior technical authority supporting the security assessment, authorization, and protection of advanced defense, aerospace, and national security systems.

This role will provide expert-level cybersecurity engineering, risk assessment, and Security Control Assessor (SCA) support across complex multi-domain environments. The ideal candidate possesses deep expertise in the Risk Management Framework (RMF), DoW cybersecurity requirements, secure system architectures, and the ability to translate technical risks into mission-relevant impacts for senior leadership and government stakeholders.

The Cybersecurity SME will partner closely with engineering teams, program leadership, government customers, and external partners to ensure security is integrated throughout the system lifecycle while supporting mission-critical programs operating within highly sensitive environments.

What You'll Do

Cybersecurity Leadership \& Architecture

• Provide strategic cybersecurity guidance throughout system development and sustainment efforts
• Participate in technical reviews including SRR, PDR, CDR, and other engineering milestones to ensure security requirements are incorporated early in the design process
• Advise engineering teams on secure architecture design, cybersecurity best practices, and risk mitigation strategies
• Support implementation of advanced cybersecurity architectures across enterprise, cloud, network, Platform IT (PIT), and mission systems

Risk Management Framework (RMF) \& Assessment

• Execute RMF activities across Federal, DoW, and Intelligence Community environments
• Serve as a Security Control Assessor (SCA) by conducting security assessments and providing risk determinations to Authorizing Officials (AOs)
• Develop actionable recommendations that balance mission requirements with cybersecurity risk
• Support continuous monitoring activities and ongoing authorization efforts

Security Assessment \& Validation

• Conduct deep technical reviews of security controls and cybersecurity implementations
• Analyze ACAS/Nessus vulnerability scan results, STIG compliance assessments, and penetration testing findings
• Correlate technical vulnerabilities to operational and mission impacts
• Assess residual risk and provide mitigation recommendations to program leadership

Advanced Security Initiatives

• Evaluate the security posture of complex environments including:

+ Platform Information Technology (PIT)

+ Cloud-based architectures

+ Communications networks

+ Satellite control systems

+ Mission-critical defense systems

• Support implementation and assessment of DoW Zero Trust architectures
• Provide expertise in the design, implementation, and evaluation of Cross Domain Solutions (CDS)

Stakeholder Engagement

• Serve as a technical liaison between engineering teams, government customers, program leadership, and industry partners
• Present cybersecurity findings, recommendations, and risk assessments to senior decision-makers
• Support customer engagements, security reviews, and compliance activities

Basic Qualifications

• Active Top Secret security clearance with eligibility for SCI and SAP access
• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related technical discipline
• Minimum 12 years of experience in cybersecurity engineering, Assessment \& Authorization (A\&A), information assurance, or related IT disciplines
• Current DoD 8140-compliant certification at IAT Level III or IAM Level III (CISSP, CISM, GSLC, CASP\+ CE, or equivalent)
• Demonstrated experience with RMF implementation, security assessments, and authorization processes
• Hands-on experience supporting enterprise networks, cloud environments, systems integration, or Platform IT architecture.
• Strong understanding of NIST, DoD, and Intelligence Community cybersecurity requirements

Preferred Qualifications

• Experience supporting Special Access Programs (SAP) and Sensitive Compartmented Information (SCI) environments
• Experience serving as a Security Control Assessor (SCA)
• Expertise with DoD Zero Trust implementation strategies
• Familiarity with Cross Domain Solutions (CDS)
• Master's degree in Cybersecurity, Information Assurance, Engineering, or related field

How You Will Be Rewarded

The salary range for this role is $195,000 - $225,000 annually. We offer a comprehensive total rewards approach to compensation, providing incentives and benefits that extend far beyond the base salary. Compensation is determined by the candidate's work experience, education, training, and relevant skills. We offer a competitive benefits package designed to support our employees' health, well-being, and professional growth.

Job Location: Chantilly, VA

Aurex is an Equal Opportunity Employer. It prohibits discrimination, retaliation, or any type of harassment on the basis of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, citizenship, immigration status, or any other legally protected status in employment, including in hiring, firing, and recruiting decisions. All applicants must be authorized to work lawfully in the United States for positions at Aurex. There may be limited circumstances in which a law, regulation, executive order, or government contract would require certain citizenship; only in those limited circumstances would Aurex require certain citizenship status to comply with the relevant law, regulation, executive order, or government contract applicable to that position. For all other positions, Aurex does not consider an applicant’s citizenship but only requires that the applicant be authorized to work lawfully in the United States. If a position is one that falls under export control laws and regulations requiring authorization from the U.S. government to access export-controlled items, any hiring is contingent on the applicant passing the export compliance assessment, which is separate from the I-9 process, for that specific position. A background check will be required prior to any hire.