Job Description:
We are seeking a highly skilled and experienced Navy Qualified Validators (NQV) to join our team. The ideal candidate will have a strong background in cybersecurity and information assurance, with expertise in conducting security assessments and validations for Navy systems and networks. As an NQV, you will play a critical role in ensuring that Navy systems meet the rigorous security requirements and standards mandated by the Department of Defense (DoD) and Navy directives.
Responsibilities:
- Implement Navy Risk Management Framework (RMF) Implementation Plan IAW DODI 8510.01
- Develop, coordinate, and review detailed Assessment and Authorization documentation in accordance with DoD Instruction 8510.01 - DoD Information Assurance Assessment and Authorization (A&A) Process (RMF)
- Serve as the primary point of contact for Navy cybersecurity validation efforts, including Risk Management Framework (RMF) assessments, Security Technical Implementation Guide (STIG) compliance checks, and Navy-specific cybersecurity requirements.
- Conduct comprehensive security assessments and validations of Navy systems, networks, and applications to identify security vulnerabilities, assess security controls, and ensure compliance with DoD and Navy cybersecurity policies and guidelines.
- Develop and maintain security documentation, including Security Authorization Packages (SAPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms), to support the accreditation and authorization of Navy systems and networks.
- Collaborate with Navy stakeholders, system owners, and security engineers to address security findings and remediate vulnerabilities identified during security assessments and validations.
- Stay updated on the latest Navy cybersecurity policies, directives, and guidelines, as well as emerging threats and vulnerabilities, and provide guidance and recommendations to ensure the security and resilience of Navy systems and networks.
- Provide technical expertise and guidance to Navy personnel on cybersecurity best practices, security controls implementation, and risk management strategies.
- Participate in cybersecurity working groups, forums, and training sessions to share knowledge and best practices, as well as contribute to the continuous improvement of Navy cybersecurity processes and procedures.
- Bachelor's degree in Computer Science, Information Security, or related field. Advanced degree (Master's or Ph.D.) preferred.
- Navy Qualified Validator (NQV) certification required.
- 5 + years relevant experience as an RMF/IA Analyst
- 3+ years’ experience as an RMF Validator preferred
- Prior experience working with the NAO preferred
- Experience in cybersecurity, information assurance, or related field, with a focus on conducting security assessments and validations for Navy systems and networks.
- Strong understanding of Navy cybersecurity policies, directives, and guidelines, including RMF, STIGs, and Navy-specific cybersecurity requirements.
- Experience with cybersecurity tools and technologies, including vulnerability scanners, compliance assessment tools, and security information and event management (SIEM) systems.
- Excellent analytical skills, attention to detail, and ability to interpret and apply complex cybersecurity requirements and guidelines.
- Strong communication and collaboration abilities, with the ability to work effectively in multidisciplinary teams and communicate technical concepts to non-technical stakeholders.
- Meets DoD 8140/8570 IAM Level II and/or Level III requirements
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Ethical Hacker (CEH)
- CompTIA Security+
- Certified Authorization Professional (CAP)
- Must be a Navy Qualified Validator (NQV)
Key Responsibilities:
- System Validation and Accreditation: Conduct thorough assessments of IT systems, applications, and networks to ensure compliance with Department of Defense (DoD) and Department of the Navy (DoN) security standards and practices. This includes the Risk Management Framework (RMF) and the Navy's specific validation procedures.
- Security Risk Analysis: Identify vulnerabilities, threats, and risks to naval information systems. Develop and recommend mitigation strategies to ensure the confidentiality, integrity, and availability of critical information and systems.
- Documentation and Reporting: Prepare and maintain comprehensive documentation, including System Security Plans (SSP), Risk Assessment Reports (RAR), and Plan of Action and Milestones (POA&M). Ensure all documentation is accurate, up-to-date, and in compliance with DoD and DoN requirements.
- Collaboration and Advisory: Work closely with system owners, IT professionals, and cyber defense teams to implement security controls and measures effectively. Provide expert advice on security best practices, policies, and procedures.
- Continuous Monitoring and Improvement: Implement strategies for continuous monitoring of system security. Recommend enhancements and upgrades to security protocols and solutions to stay ahead of emerging threats.
- Training and Awareness: Develop and deliver training programs on cybersecurity awareness and best practices for naval personnel. Promote a culture of cybersecurity readiness and resilience.
