Navy Qualified Validator with Security Clearance - Alexandria, VA, United States - KMS Solutions

    KMS Solutions
    KMS Solutions Alexandria, VA, United States

    2 weeks ago

    Default job background
    Technology / Internet
    Description

    Navy Qualified Validator Summary/objective:
    KMS Solutions is seeking a motivated individual to join a team of cyber security professionals and Navy Qualified Validators providing support to Team Submarine Cyber Security Directorate (TSUB Cyber)
    As part of this select team, you will support cybersecurity compliance of US Navy submarine systems, especially the Submarine Warfare Federated Tactical System (SWFTS)
    SWFTS is federated system of systems that integrates submarine offensive and defensive capabilities, combat control, navigation, communications, and sensors, including SONAR, RADAR, and Imaging
    TSUB Cyber ensure cyber authorization of all submarine systems
    It is part of Naval Sea Systems Command (NAVSEA) and Program Executive Office Undersea Warfare Systems (PEO UWS)

    Essential functions:

    Validation:

    Act as an independent third party who assesses and validates that a system has implemented the approved security control baseline.


    • RMF Packages: Create, maintain, and validate accreditation documentation including System Security Plans (SSP), Implementation Plans, Privacy Impact Assessments, Security Assessment Plans (SAP), Risk Assessment Reports (RAR), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M)

    May perform different roles based on the specific RMF package, i.e., occasionally acting as Information System Security Engineer (ISSE) instead of NQV for select packages.


    • PIT

    Risk Assessment:

    Evaluate cybersecurity posture and perform risk assessments on Platform Information Technology (PIT) and PIT control systems (Industrial Control Systems) to identify and mitigate technical and non-technical vulnerabilities.


    • Vulnerability Remediation: Collaborate with engineers to remediate existing vulnerabilities or develop mitigations to minimize risks.
    • Policy Compliance: Implement and apply Department of Defense (DoD), Department of the Navy (DoN), and National Institute of Standards and Technology (NIST) policy, instruction, and requirements.
    • Security Compliance Evaluation: Conduct traditional security compliance evaluation activities on testing sites, developmental sites, and shipboard environments.
    • Network Mapping and

    Vulnerability Scanning:

    Familiarity with network mapping, vulnerability scanning tools (e.g., ACAS, Nessus), and Security Technical Implementation Guides (STIGs) and Security Requirement Guides (SRGs).


    • Ad Hoc Data Calls: Participate in ad hoc cybersecurity data calls to support critical assessments.
    • SCA

    Trusted Agent:

    Act as liaison for the Security Control Assessor (SCA) to assist in all matters of validation, documentation, vulnerability mitigation, and residual risk determination.

    Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions

    Required education and experience:

    • Currently certified as a Navy Qualified Validator (NQV) by NAVWAR.
    • 5+ years of experience independently performing the NQV activities defined in the Navy's Risk Management Framework (RMF) Process Guide (RPG) or DoD Info Assurance Certification & Accreditation Process (DIACAP).
    • 10+ years of experience with cyber security focused on Assessment and Authorization (A&A) including package development, documentation development, and validation.
    • Experience with accreditation documentation including System Security Plans (SSP), Implementation Plans, Privacy Impact Assessments, Security Assessment Plans (SAP), Risk Assessment Reports (RAR), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M).
    • Experience with A&A of Navy PIT system(s).
    • In depth understanding and experience with the NIST RMF process and documentation.
    • Information Assurance certification in compliance with DoD 8570 at IAM Level II or IAT Level II/III requirements, i.e., CISSP, CASP+, CAP, CISM, GSLC, CISA, or CySA+.
    • Bachelor's degree in a related field

    Preferred education and experience:

    • Experience with submarine systems or naval weapons systems.
    • Experience working with or supporting a program office within Team Submarine, NAVSEA, or a naval Program Executive Office.
    • Experience working with Xacta cyber risk management platform and eMASSter automation tool.
    • Experience developing and standardizing cybersecurity A&A processes and practices.
    • Master's degree in a related field

    Competencies:

    • Good verbal and written communication skills, with the ability to collaborate effectively with a team of government and industry professionals.
    • Ability to manage time well to meet assigned milestones.
    • Proficiency working with distributed teams.
    • Proficiency guiding, mentoring, and developing more junior cybersecurity workforce members.
    • Ability to work with system developers to ensure their compliance with RMF policies, instructions, and guidance
    Additional eligibility requirements Work authorization/security clearance requirements: A Top Secret / Sensitive Compartmented Information (TS/SCI) clearance is required

    Other Duties:
    Please note this job posting is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job
    Duties, responsibilities, and activities may change at any time with or without notice

    • No change to these statements

    Supervisory Responsibility:
    None

    Work Environment:
    This job operates in a professional office environment
    This role routinely uses standard office equipment such as computers, phones, and photocopiers

    • No change to these statements

    Physical Demands:
    The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job
    While performing the duties of this job, the employee is regularly required to talk or hear
    Excellent listening skills are essential
    The employee frequently is required to stand, walk, use hands to finger, handle or feel, and reach with hands and arms

    • No change to these statements
    Position Type/Expected Hours of Work: [Edit to fit position.] The typical workday is eight hours in length
    Some flexibility in hours is allowed, with concurrence from the supervisor
    The employee must be available during the "core" work hours of 9:00 a.m

    to 3:00 p.m

    and must account for the hours in a pay period to maintain full-time status

    • No change to this statement Telework: This is position allows for up to 40% telework
    Tasking will require periods of full in-office work for short periods every quarter

    Travel:
    Up to 10% travel may be required to locations including, but not limited to, Newport, RI; Manassas, VA; and Bangor, WA

    AAP/EEO Statement:
    KMS Solutions provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws
    This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training
    #ZR #LI-Hybrid