Cybersecurity Validator/Security Control Assessor

Location
Lexington Park, Maryland, United States
Posted
Apr 20, 2019
Closes
Apr 24, 2019
Ref
J3K66M5X29W801J7L8R
Function
IT, Security Engineer
Hours
Full Time
Job Description Job Number: R0008294

Cybersecurity Validator/Security Control Assessor

Key Role:

Provide Cybersecurity testing and security control validation and assessment of technical and non-technical security features implemented on a system or network in support of the DoD Risk Management Framework (RMF) Assessment and Authorization (A&A) process and legacy DoD Information Assurance Certification and Accreditation (DIACAP) for a Department of Navy (DoN) program. Validate security configurations to ensure they are implemented in accordance with DoD Cybersecurity policies, requirements, and directives, including compliance with Security Technical Implementation Guidance (STIG), Security Requirements Guides (SRGs), and checklists. Leverage automated testing tools and manual test methodologies to identify system vulnerabilities and noncompliance.

Basic Qualifications:

-3+ years of experience with Cybersecurity

-3+ years of experience with authoring comprehensive DoD DIACAP packages independently

-3+ years of experience with performing technical security assessments, including vulnerability assessments, security control reviews, and system configuration checks to support DIACAP

-3+ years of experience with planning and executing comprehensive Cybersecurity test events, including identifying applicable security controls, analyzing assessment procedures, and identification and using required tools, including Retina, Nessus, Assured Compliance Assessment Solution (ACAS), or Security Content Automation Protocol (SCAP)

-3+ years of experience in working with federal or DoD government implementation of the NIST RMF for A&A

-Experience with performing manual testing methods and procedures using STIGs, SRGs, and checklists

-Secret clearance required

-AA or AS degree

-Navy Validator Appointment, including NQV, FQNV, or IQNV required

-DoD 8140 IAM or IAT Certification, including Security+ CE, CISM, CISSP, or CASP

Additional Qualifications:

-3+ years of experience with supporting Navy commands in the implementation or assessment of Cybersecurity controls or legacy DIACAP implementation

-3+ years of experience in working with NIST RMF for A&A

-Experience with eMASS

-Experience with performing Cybersecurity risk assessments and mitigation

-Experience with Microsoft Excel

-Experience with testing Navy systems

-Experience with Cloud and virtual environment security

-Experience with Linux Red Hat operating systems

-Fully Qualified Navy Validator (FQNV) Legacy Appointment

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.