Job Number: R0054071
Cybersecurity Risk Management Framework Validator
Provide Cybersecurity support, analysis, documentation, and validation services for Department of Navy (DoN) IT solutions, including applications, networks, systems, architectures, and infrastructure to Navy organizations in accordance with DoD and DoN policy. Serve independently as a Navy validator, performing validation activities under the Risk Management Framework (RMF) using Navy Security Control Assessor (SCA)-approved processes. Apply knowledge of DoD or DoN network architectures and policy toward assessment and identification of vulnerabilities as a means of improving operational security posture. Execute and conduct analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans to validate appropriate implementation of security controls in accordance with National Institute of Standards and Technology (NIST), DoD, and DoN publications. Analyze and execute security assessment plans to ensure proper orchestration of testing procedures in accordance with requirements set forth by DoD and DoN information security authorities. Provide guidance to Navy programs regarding vulnerability remediation and determination of risk posture.
-Experience with independently performing validator activities defined in the Navy's RMF Process Guide and applying RMF guidance to Navy or DoD A&A efforts
-Experience with test and evaluation in allocating assigned security controls into assessment objectives and procedures, developing and executing Security Assessment Plans (SAP), and applying sequencing to reduce duplication of effort
-Experience with using the DoD Assured Compliance Assessment Solution (ACAS) suite of tools and the Enterprise Mission Assurance Support Service (eMASS)
-Experience with vulnerability assessment scanning tools and reporting, along with intrusion detection technologies, intrusion prevention technologies, and host-based security system (HBSS)
-Knowledge of Navy IT sites, systems, and infrastructure, including Navy Control Systems (NCS) and Platform IT (PIT)
-HS diploma or GED
-Certified Information Systems Security Professional (CISSP)
-Navy Qualified Validator (NQV) Level I Certification
-Experience with contingency planning, firewall policy, and ports and protocols
-Knowledge of applicable Navy systems, networks, and IT infrastructure, including the Navy Marine Corps Internet (NMCI), Outside the Contiguous United States (OCONUS) Navy Enterprise Network (ONE-NET), IT-21 or Afloat networks, Joint systems, and PIT, such as NCS and weapons platforms
-Knowledge of DoD published Security Technical Information Guidance (STIG) requirements and implementation or compliance process
-Knowledge of virtualization, networking, Windows and Linux operating systems, and storage and backup
-Navy Qualified Validator (NQV) Level II Certification
-Completion of all required validator tasks for one or more Security Authorization Packages through the SCA within the past year
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.
We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.
Apply on company website