This site uses cookies. To find out more, see our Cookies Policy

Cybersecurity Risk Management Framework Validator in Suffolk, VA at Booz Allen Hamilton Inc.

Date Posted: 3/13/2019

Job Snapshot

Job Description

Job Number: R0048048

Cybersecurity Risk Management Framework Validator

Key Role:

Serve as part of a Navy team that provides Information System Security Engineer (ISSE) and Validator support by performing ISSE and validation activities for numerous systems and networks. Work with Risk Management Framework (RMF) using Navy Security Control Assessor (SCA)-approved processes. Provide Cybersecurity support, analysis, documentation, and validation services for Department of Navy (DoN) IT solutions, including applications, networks, systems, architectures, and infrastructure for a Navy Type Commander in accordance with DoD and DoN policy. Leverage knowledge of DoD or DoN network architectures and policy towards the assessment and identification of vulnerabilities as a means of improving the operational security posture. Execute and conduct analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans to validate appropriate implementation of security controls in accordance with National Institute of Standards and Technology (NIST), DoD, and DoN publications. Analyze and execute security assessment plans to ensure proper orchestration of testing procedures in accordance with requirements set forth by DoD and DoN information security authorities. Provide guidance to Navy programs regarding vulnerability remediation and determination of risk posture, and travel as needed.

Basic Qualifications:

-Experience in performing validator activities defined in the Navy’s RMF process guide and applying RMF guidance to Navy or DoD Assessment and Authorization efforts

-Experience with test and evaluation for allocating assigned security controls into assessment objectives and procedures, developing and executing Security Assessment Plans (SAP), and applying sequencing to reduce duplication of effort

-Experience with using the DoD Assured Compliance Assessment Solution (ACAS) suite of tools and the Enterprise Mission Assurance Support Service (eMASS)

-Experience with vulnerability assessment scanning tools and reporting, intrusion detection technologies, intrusion prevention technologies, and host-based security system (HBSS)

-Knowledge of Navy IT sites, systems, and infrastructure, including National Citizen Service (NCS) and Personal Inventory Taking (PIT)

-Secret clearance

-HS diploma or GED

-Certified Information Systems Security Professional (CISSP) Certification

-Navy Qualified Validator (NQV) Level I Certification

Additional Qualifications:

-Experience with contingency planning, firewall policy, and ports and protocols

-Knowledge of applicable Navy systems, networks, and IT infrastructure, including the Navy Marine Corps Internet (NMCI), Outside the Contiguous United States (OCONUS) Navy Enterprise Network (ONE-NET), IT-21 or Afloat networks, Joint systems, and Platform IT, such as Navy Control Systems and weapons platforms

-Knowledge of DoD published Security Technical Information Guidance (STIG) requirements and implementation or compliance process

-Knowledge of virtualization, networking, Windows and Linux, and storage and backup

-Navy Qualified Validator (NQV) Level II Certification

-Completion of all required validator tasks for one or more Security Authorization Packages through the SCA within the past year


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.