Cybersecurity Risk Management Framework Validator

Key Role:

Support a Naval client by providing Navy Risk Management Framework (RMF) cybersecurity support for the Domain. Analyze, document, and validate services for Department of Navy (DoN) IT solutions, including applications, networks, systems, architectures, and infrastructure to Navy organizations. Provide Information Assurance support to organizations, while serving independently as a Navy Qualified Validator, performing validation activities under RMF using Navy Security Control Assessor (SCA)-approved processes. Apply knowledge of DoD or DoN network architectures and policy towards the assessment and identification of vulnerabilities as a means of improving the operational security posture. Execute and conduct analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans, Security Content Automation Protocol (SCAP) scans, and Security Technical Implementation Guide (STIG) checklists to validate the appropriate implementation of security controls in accordance with National Institute of Standards and Technology (NIST), DoD, and DON publications. Analyze and execute security assessment plans to ensure proper orchestration of testing procedures in accordance with requirements set forth by DoD and DoN information security authorities. Provide guidance to Navy programs regarding vulnerability remediation and determination of risk posture. This position will require the ability to travel CONUS and OCONUS, including Yokosuka, Japan or Naples, Italy.

Basic Qualifications:

  • Experience with independently performing validator activities defined in the Navy’s RMF Process Guide and SCA Risk Assessment Guide and applying RMF guidance to Navy or DoD A&A efforts

  • Experience with test and evaluation for allocating assigned security controls into assessment objectives and procedures, developing and executing Security Assessment Plans (SAP), and applying sequencing to reduce the duplication of effort

  • Experience with Enterprise Mission Assurance Support Service (eMASS) and the DoD Assured Compliance Assessment Solution (ACAS) suite of tools

  • Experience with vulnerability assessment scanning tools and reporting, intrusion detection technologies, intrusion prevention technologies, and a Host-Based Security System (HBSS)

  • Knowledge of the NIST Special Publication 800-53 Rev. 4 cataloging Security and Privacy Controls for Federal Information Systems and Organizations

  • Knowledge of DoD published STIG requirements and implementation or compliance process

  • Secret clearance

  • Associate's degree

  • Cybersecurity Workforce (CSWF) and Cyber IT certified under 8570.1-M IAM I or II Certification

  • Navy Qualified Validator (NQV) Level II Designation Certification

Additional Qualifications:

  • Knowledge of Navy IT sites, systems, and infrastructure, including NCS and PIT

  • Knowledge of applicable Navy systems, networks, and IT infrastructure, including the Navy-Marine Corps Internet (NMCI), OCONUS Navy Enterprise Network (ONE-NET), IT-21 or Afloat networks, Joint systems, and Platform IT, such as Navy Control Systems and weapons platforms

  • Knowledge of Physical and Environmental Security requirements of DoD Environments

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.