Navy Qualified Validator Level III

Work Status: Full-Time

Location: Philadelphia, PA

Clearance: Secret

Requisition: CU-NQVL-01

Job Summary:

The Navy Qualified Validator Level III will support efforts to integrate new technology with IT security standards, technical writing, governance, and policy development/management. The Navy Qualified Validator Level III will also develop and evaluate Information Assurance Assessment and Authorizations (A&A) for servers and systems.

Responsibilities:

• Provide DoD Information Assurance Certification & Accreditation Process (DIACAP) and Risk Management Framework (RMF) services.
• Perform validation of A&A packages and artifacts and implementation of security postures.
• Follow the most current applicable documents including, DON RMF Process Guide, DoD Instruction 8510.01, and the business rules of cognizant review offices for each package.
• Perform A&A Validation including their associated validation test procedures; associated validation artifact; validation plan and procedures; compliance status; validation tests; validation results/report and supporting documentation.
• Create and maintain the package record in the RMF system of record (currently eMASS).
• Validate the confidentiality, integrity and availability of systems, networks, and data in accordance with information systems programs, policies, procedures, and goals.
• Develop procedures to ensure information systems' reliability and accessibility; prevent and defend against unauthorized systems, network, and data.
• Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks protection needs; conduct systems security evaluation, audits, and reviews; determine the residual risk of a package based on content and assessment results and documenting for the Security Controls Assessor's (SCA) and higher-level review.
• Conduct systems security reviews, audits, or evaluations, as appropriate, to ensure accreditation documents are accurate and state the current risk posture of the system.
• Interpret and implement local information security and higher-level policies and procedures to ensure networks and information systems are reliable, accessible, and protected against unauthorized access.

Requirements:

• Seven years of practical experience in a cybersecurity or A&A related field. Experience should include implementing and/or reviewing RMF lifecycle documentation; ensuring/validating the confidentiality, integrity, and availability of systems, networks, and information; and conducting risk and vulnerability reviews and assessments to ensure accreditation procedures were followed, and documentation of non-compliance.
• Security: IAM-III via applicable certification such as CISM, CISSP (or Associate), GSLC, CCISO.

Education:

Master's degree in computer science, information technology, or an equivalent technical degree from an accredited college or university.