Navy Validator
Location: Norfolk, VA (Hybrid)
Employment Type: Contract to Hire
Employment Length: 6 Month (possible conversion based on performance)
Pay: $50 -$68 /hr
Job Description:
- Act as a trusted agent for the program tasked to perform independent assessments of IT systems and evaluate risks in alignment with risk appetite and compliance requirements
- Independently develops and executes Security Assessment Plans (SAP) in accordance with established Department of Navy’s Risk Assessment Guide
- Audit security controls and evaluate supporting evidence to determine compliance
- Analyze ACAS scan results and STIG checklists and evaluate compliance
- Perform control level risk assessments and provide Risk Recommendation
- Independently author Security Assessment Report Executive Summaries (SAR) in accordance with established Department of Navy’s Risk Assessment Guide
- Provide support to system owners and Information Systems Security Engineers (ISSE) in order to resolve cybersecurity and Assessment and Authorization (A&A) hurdles
- Consult on the program’s creation of technical mitigation statements to reduce risks of vulnerabilities
Requirements:
- Demonstrated oral and written communication skills across multiple levels of technical, administrative, and management personnel, including government and FLAG level customers
- Well versed with the role of a validator for multiple Risk Management Framework (RMF)?accreditation types including baseline changes (Use Cases), ASR, ATO, CAR, DATO, Platform IT, HRR/HRE, Assess Only, and IATT
- Familiarity with assessment of Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
- In-depth knowledge of the NIST Special Publications with focus on 800-53 and 800-37
- Ability to read, interpret, and conduct traceability across architecture / topology diagrams, Ports Protocols and Services, hardware/software lists, and other artifacts
- Expert knowledge using eMASS
- Experience with DITPR DON/DADMS
- Familiarity with FAO business rules, policies, and procedures
- Hands-on experience conducting vulnerability assessment and analysis utilizing standard technologies such as SCAPs, ACAS/NESSUS scans, and DISA STIGs/SRGs
- Knowledge of IT security principles and methods, such as firewalls, demilitarized zones, encryption standards
- Secret Clearance
- CISSP (preferred)
- NQV creds in good standing
- Bachelor's degree in IT or related field
- 3-5 YOE assessing IT security controls, documentation, and supporting evidence
- T Certification(s) in accordance with DoDI 8140 requirements and NQV Qualification Standards