Posted : Thursday, September 14, 2023 04:05 PM
Job Code: 16381669
Job Location: Norfolk, Virginia (On Site)
Imagine One is seeking an experienced Navy Qualified Validator (NQV) to join a team of validators.
The NQV team supports assessment efforts for multiple information technology (IT) systems across a large NAVY maintenance environment located in Norfolk, Virginia.
Current NQV certification is required.
DUTIES AND QUALIFICATIONS, IDENTIFYING BOTH ESSENTIAL AND MARGINAL DUTIES: Support Navy Risk Management Framework (RMF) efforts throughout all steps within the Risk Management Framework.
The NQV is responsible for conducting assessments of IT systems to confirm or establish by testing, evaluating, and/or evaluating objective quality evidence (OQE) that the selected security controls are implemented correctly and are effective in their application to reduce risks for the NMMES IT systems.
Act as a trusted agent for the program tasked to perform independent assessments of IT systems and evaluate risks in alignment with risk appetite and compliance requirements Independently develops and executes Security Assessment Plans (SAP) in accordance with established Department of Navy’s Risk Assessment Guide Audit security controls and evaluate supporting evidence to determine compliance Analyze ACAS scan results and STIG checklists and evaluate compliance Perform control level risk assessments and provide Risk Recommendation Independently author Security Assessment Report Executive Summaries (SAR) in accordance with established Department of Navy’s Risk Assessment Guide Provide support to system owners and Information Systems Security Engineers (ISSE) in order to resolve cybersecurity and Assessment and Authorization (A&A) hurdles Consult on the program’s creation of technical mitigation statements to reduce risks of vulnerabilities The successful candidate must be capable of independent assessment work and consultation with regular progress reviews by the government Technical Point of Contact.
Experience Requirements: Demonstrated oral and written communication skills across multiple levels of technical, administrative, and management personnel, including government and FLAG level customers Well versed with the role of a validator for multiple Risk Management Framework (RMF) accreditation types including baseline changes (Use Cases), ASR, ATO, CAR, DATO, Platform IT, HRR/HRE, Assess Only, and IATT Familiarity with assessment of Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) In-depth knowledge of the NIST Special Publications with focus on 800-53 and 800-37 Ability to read, interpret, and conduct traceability across architecture / topology diagrams, Ports Protocols and Services, hardware/software lists, and other artifacts Expert knowledge using with Enterprise Mission Assurance Support Service (eMASS) software Experience with DITPR DON/DADMS Excellent time management and presentation skills Familiarity with FAO business rules, policies, and procedures Hands-on experience conducting vulnerability assessment and analysis utilizing standard technologies such as SCAPs, ACAS/NESSUS scans, and DISA STIGs/SRGs Knowledge of IT security principles and methods, such as firewalls, demilitarized zones, encryption standards Educational Requirements: Bachelor’s degree in Information Technology, Cybersecurity, or related field or equivalent experience IT Certification(s) in accordance with DoDI 8140 requirements and NQV Qualification Standards.
Certified Information Systems Security Professional (CISSP) preferred.
Three to five years of experience assessing IT security controls, documentation, and supporting evidence NQV credential in good standing Security Requirements: US citizenship Active Secret clearance MANDATORY Nice to Haves: Advanced degree in Cybersecurity Experience assessing cloud environments Advanced Cybersecurity certification(s) (CISM, CISA, CASP+, GSLC) Familiarity with specialized software (eMASSter, STIG Manager, Evaluate-STIG) Experience reviewing test results from Fortify and WebInspect scanning tools Imagine One offers a full package of benefits and competitive salary, excellent group medical, vision and dental programs.
401K savings plan; $4K annual tuition reimbursement ($5K if pursuing Master’s degree); employee training, development and education programs; profit sharing; advancement opportunities; and much more! Imagine One is an Employee-Owned Company! EEO/AA Employer.
Protected Veterans and individuals with disabilities encouraged to apply.
Get job alerts by email.
Sign up now! Join Our Talent Network! Job Snapshot Employee Type Full-Time Location Norfolk, VA (Onsite) Job Type Other Experience Not Specified Date Posted 01/26/2024 Job ID 16381669
The NQV team supports assessment efforts for multiple information technology (IT) systems across a large NAVY maintenance environment located in Norfolk, Virginia.
Current NQV certification is required.
DUTIES AND QUALIFICATIONS, IDENTIFYING BOTH ESSENTIAL AND MARGINAL DUTIES: Support Navy Risk Management Framework (RMF) efforts throughout all steps within the Risk Management Framework.
The NQV is responsible for conducting assessments of IT systems to confirm or establish by testing, evaluating, and/or evaluating objective quality evidence (OQE) that the selected security controls are implemented correctly and are effective in their application to reduce risks for the NMMES IT systems.
Act as a trusted agent for the program tasked to perform independent assessments of IT systems and evaluate risks in alignment with risk appetite and compliance requirements Independently develops and executes Security Assessment Plans (SAP) in accordance with established Department of Navy’s Risk Assessment Guide Audit security controls and evaluate supporting evidence to determine compliance Analyze ACAS scan results and STIG checklists and evaluate compliance Perform control level risk assessments and provide Risk Recommendation Independently author Security Assessment Report Executive Summaries (SAR) in accordance with established Department of Navy’s Risk Assessment Guide Provide support to system owners and Information Systems Security Engineers (ISSE) in order to resolve cybersecurity and Assessment and Authorization (A&A) hurdles Consult on the program’s creation of technical mitigation statements to reduce risks of vulnerabilities The successful candidate must be capable of independent assessment work and consultation with regular progress reviews by the government Technical Point of Contact.
Experience Requirements: Demonstrated oral and written communication skills across multiple levels of technical, administrative, and management personnel, including government and FLAG level customers Well versed with the role of a validator for multiple Risk Management Framework (RMF) accreditation types including baseline changes (Use Cases), ASR, ATO, CAR, DATO, Platform IT, HRR/HRE, Assess Only, and IATT Familiarity with assessment of Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) In-depth knowledge of the NIST Special Publications with focus on 800-53 and 800-37 Ability to read, interpret, and conduct traceability across architecture / topology diagrams, Ports Protocols and Services, hardware/software lists, and other artifacts Expert knowledge using with Enterprise Mission Assurance Support Service (eMASS) software Experience with DITPR DON/DADMS Excellent time management and presentation skills Familiarity with FAO business rules, policies, and procedures Hands-on experience conducting vulnerability assessment and analysis utilizing standard technologies such as SCAPs, ACAS/NESSUS scans, and DISA STIGs/SRGs Knowledge of IT security principles and methods, such as firewalls, demilitarized zones, encryption standards Educational Requirements: Bachelor’s degree in Information Technology, Cybersecurity, or related field or equivalent experience IT Certification(s) in accordance with DoDI 8140 requirements and NQV Qualification Standards.
Certified Information Systems Security Professional (CISSP) preferred.
Three to five years of experience assessing IT security controls, documentation, and supporting evidence NQV credential in good standing Security Requirements: US citizenship Active Secret clearance MANDATORY Nice to Haves: Advanced degree in Cybersecurity Experience assessing cloud environments Advanced Cybersecurity certification(s) (CISM, CISA, CASP+, GSLC) Familiarity with specialized software (eMASSter, STIG Manager, Evaluate-STIG) Experience reviewing test results from Fortify and WebInspect scanning tools Imagine One offers a full package of benefits and competitive salary, excellent group medical, vision and dental programs.
401K savings plan; $4K annual tuition reimbursement ($5K if pursuing Master’s degree); employee training, development and education programs; profit sharing; advancement opportunities; and much more! Imagine One is an Employee-Owned Company! EEO/AA Employer.
Protected Veterans and individuals with disabilities encouraged to apply.
Get job alerts by email.
Sign up now! Join Our Talent Network! Job Snapshot Employee Type Full-Time Location Norfolk, VA (Onsite) Job Type Other Experience Not Specified Date Posted 01/26/2024 Job ID 16381669
• Phone : NA
• Location : Norfolk, VA
• Post ID: 9099187729