This site uses cookies. To find out more, see our Cookies Policy

Cybersecurity Risk Management Framework Validator in Norfolk, VA at Booz Allen Hamilton Inc.

Date Posted: 6/12/2019

Job Snapshot

Job Description

Job Number: R0054071

Cybersecurity Risk Management Framework Validator

Key Role:

Provide Cybersecurity support, analysis, documentation, and validation services for Department of Navy (DoN) IT solutions, including applications, networks, systems, architectures, and infrastructure to Navy organizations in accordance with DoD and DoN policy. Serve independently as a Navy validator, performing validation activities under the Risk Management Framework (RMF) using Navy Security Control Assessor (SCA)-approved processes. Apply knowledge of DoD or DoN network architectures and policy toward assessment and identification of vulnerabilities as a means of improving operational security posture. Execute and conduct analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans to validate appropriate implementation of security controls in accordance with National Institute of Standards and Technology (NIST), DoD, and DoN publications. Analyze and execute security assessment plans to ensure proper orchestration of testing procedures in accordance with requirements set forth by DoD and DoN information security authorities. Provide guidance to Navy programs regarding vulnerability remediation and determination of risk posture.

Basic Qualifications:

-Experience with independently performing validator activities defined in the Navy’s RMF Process Guide and applying RMF guidance to Navy or DoD A&A efforts

-Experience with test and evaluation in allocating assigned security controls into assessment objectives and procedures, developing and executing Security Assessment Plans (SAP), and applying sequencing to reduce duplication of effort

-Experience with using the DoD Assured Compliance Assessment Solution (ACAS) suite of tools and the Enterprise Mission Assurance Support Service (eMASS)

-Experience with vulnerability assessment scanning tools and reporting, along with intrusion detection technologies, intrusion prevention technologies, and host-based security system (HBSS)

-Knowledge of Navy IT sites, systems, and infrastructure, including Navy Control Systems (NCS) and Platform IT (PIT)

-Secret clearance

-HS diploma or GED

-Certified Information Systems Security Professional (CISSP)

-Navy Qualified Validator (NQV) Level I Certification

Additional Qualifications:

-Experience with contingency planning, firewall policy, and ports and protocols

-Knowledge of applicable Navy systems, networks, and IT infrastructure, including the Navy Marine Corps Internet (NMCI), Outside the Contiguous United States (OCONUS) Navy Enterprise Network (ONE-NET), IT-21 or Afloat networks, Joint systems, and PIT, such as NCS and weapons platforms

-Knowledge of DoD published Security Technical Information Guidance (STIG) requirements and implementation or compliance process

-Knowledge of virtualization, networking, Windows and Linux operating systems, and storage and backup

-Navy Qualified Validator (NQV) Level II Certification

-Completion of all required validator tasks for one or more Security Authorization Packages through the SCA within the past year

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.


Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.