Cybersecurity Risk Management Framework Validator in Virginia Beach, VA at Booz Allen Hamilton Inc.

Date Posted: 5/23/2018

Job Snapshot

Job Description

Job Number: R0028826

Cybersecurity Risk Management Framework Validator

Key Role:

Provide Cybersecurity support, analysis, documentation, and validation services for Department of Navy (DoN) IT solutions, including applications, networks, systems, architectures, and infrastructure to Navy organizations in accordance with DoD and DoN policy. Serve independently as a Navy validator, including performing validation activities under the Risk Management Framework (RMF) using Navy Security Control Assessor (SCA)-approved processes. Apply knowledge of DoD or DoN network architectures and policy toward assessment and identification of vulnerabilities as a means of improving operational security posture. Execute and conduct analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans to validate appropriate implementation of security controls in accordance with National Institute of Standards and Technology (NIST), DoD, and DoN publications. Analyze and execute security assessment plans to ensure proper orchestration of testing procedures in accordance with requirements set forth by DoD and DoN information security authorities. Provide guidance to Navy programs regarding vulnerability remediation and determination of risk posture.


Basic Qualifications:

-Experience with performing validator activities defined in the Navy’s RMF Process Guide indpendently and applying RMF guidance to Navy or DoD A&A efforts

-Experience with test and evaluation (T&E), including allocating assigned security controls into assessment objectives and procedures, analyzing the development and execution of security assessment plans (SAPs), and applying sequencing to reduce duplication of effort

-Experience with using the DoD Assured Compliance Assessment Solution (ACAS) suite of tools and the Enterprise Mission Assurance Support Service (eMASS)

-Experience with vulnerability assessment scanning tools and reporting along with intrusion detection technologies, intrusion prevention technologies, and host-based security system (HBSS)

-Knowledge of Navy IT sites, systems and infrastructure, including NCS and PIT

-Secret clearance

-HS diploma or GED

-Certified Information Systems Security Professional (CISSP) Certification

-Navy Qualified Validator (NQV) Level I Certification


Additional Qualifications:

-Experience with contingency planning, firewall policies, and ports and protocols

-Knowledge of DoD published Security Technical Information Guidance (STIG) requirements and the implementation or compliance process

-Knowledge of applicable Navy systems, networks, and IT infrastructures

-Knowledge of virtualization, networking, Windows and Linux operating systems, and storage and backup

-Ability to show completion of all required validator tasks for one or more Security Authorization Packages through the SCA or equivalent direct DoD RMF

-Navy Qualified Validator (NQV) Level II Certification


Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.

#LI-AH1, CJ1, DH1

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.


Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.