Booz Allen Hamilton Inc. Job - 31132508 | CareerArc
  Search for More Jobs
Get alerts for jobs like this Get jobs like this tweeted to you
Company: Booz Allen Hamilton Inc.
Location: Suffolk, VA
Career Level: Entry Level
Industries: professional services


Job Number: R0074214

Risk Management Framework Validator

Key Role:

Support a Naval client in providing Navy Risk Management Framework (RMF) Cybersecurity support for the Domain, including transitioning systems and networks from the DoD Information Assurance Certification and Accreditation Process (DIACAP) to RMF. Analyze, document, and validate services for Department of Navy (DON) IT solutions, including applications, networks, systems, architectures, and infrastructure for Navy organizations. Provide Information System Security Engineer (ISSE) support to organizations, while serving independently as a Navy validator and perform validation activities under RMF using Navy Security Control Assessor (SCA)-approved processes. Apply knowledge of DoD or DoN network architectures and policy towards the assessment and identification of vulnerabilities as a means of improving the operational security posture. Execute and conduct analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans to validate appropriate implementation of security controls in accordance with (IAW) National Institute of Standards and Technology (NIST), DoD, and DON publications. Analyze and execute security assessment plans to ensure proper orchestration of testing procedures IAW requirements set forth by DoD and DON information security authorities. Provide guidance to Navy programs regarding vulnerability remediation and determination of risk posture. This position will require travel around the US and to areas outside the Continental US (OCONUS), including Yokosuka, Japan or Naples, Italy.

Basic Qualifications:

-Experience with performing validator activities defined in the Navy's RMF process guide independently and applying RMF guidance to Navy or DoD A&A efforts

-Experience with test and evaluation for allocating assigned security controls into assessment objectives and procedures, developing and executing Security Assessment Plans (SAP), and applying sequencing to reduce duplication of effort

-Experience with Enterprise Mission Assurance Support Service (eMASS)

-Experience with DoD Assured Compliance Assessment Solution (ACAS) suite of tools

-Experience with vulnerability assessment scanning tools and reporting, intrusion detection technologies, intrusion prevention technologies, and a host-based security system (HBSS)

-Knowledge of DoD published Security Technical Information Guidance (STIG) requirements and implementation or compliance processes

-Secret clearance

-HS diploma or GED

-CompTIA Advanced Security Practitioner (CASP), Certified Information System Security Professional (CISSP), or Certified Information Security Manager (CISM) Certification

-Navy Qualified Validator (NQV) Level I Certification

Additional Qualifications:

-Knowledge of Navy IT sites, systems, and infrastructure, including NCS and PIT

-Knowledge of applicable Navy systems, networks, and IT infrastructure, including the Navy Marine Corps Internet (NMCI), OCONUS Navy Enterprise Network (ONE-NET), IT-21 or Afloat networks, Joint systems, and Platform IT, such as Navy Control Systems and weapons platforms

-Navy Qualified Validator (NQV) Level II Certification

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

#LI-AH1, CJ1

 Apply on company website