• Fully Qualified Validator - TS/SCI Clearance |

    Cambridge International Systems Inc (Norfolk, VA)


    Fully Qualified Validator – TS/SCI Clearance | Norfolk, VA

     

    Cambridge International Systems, Inc.

     

    Join a dynamic global team united by shared values: commitment, integrity, and perseverance. At Cambridge, you’ll work alongside top talent worldwide, tackling some of today’s most complex and critical challenges in defense and security.

     

    We are currently seeking a Fully Qualified Validator to support operations in Norfolk, VA. This is a full-time position requiring an active DoD TS/SCI clearance.

     

    This position is contingent upon contract award with an expected award date of November 2025.

    What You’ll Do

    + Responsible for conducting Validation and Risk Assessment (RA) activities in support of the customer (Validation Security Assessment Testing, System Risk Documentation, System Audits, Security Hardware and Software Testing).

    + Responsible for creating and providing all RMF appropriate artifacts and documentation necessary to plan and execute a thorough test of systems, document the system risks and report on the identified risks as necessary

    + Develop and maintain System Security Plans (SSP), Contingency Plans, Privacy Impact Assessments, Certification Reports, Accreditation Reports, POA&Ms, and other A&A documentation.

    + Initiate and prepare A&A RMF packages; ensures existing A&A packages are maintained in a compliant status; verifies and validates A&A package requirements and configuration modifications are performed and tested.

    + Actively work with the designated Information Systems Security Manager (ISSM) to provide final security assessment support and guidance.

    + Required to conduct periodic auditing of RMF artifacts to ensure proper adherence to DoD instruction, Navy requirements, and the NIST Special Publication 800 series standards and industry best practices.

    + Responsible for enhancing the overall quality of RMF packages for the purpose of receiving an ATO from the Navy Authorizing Official (NAO) or Authorizing Official Designated Representative (AODR).

    + Required to engage with the system Information Systems Security Engineer (ISSE) and ISSE support staff throughout the RMF process.

    + Responsible for validation events for all the cyber OT&E infrastructure and toolset.

    + Maintain thorough and current knowledge of RMF and A&A process and standards.

    + Work closely with system owners, technical leads, cybersecurity staff, and other stakeholders to manage cybersecurity requirements.

    + Integration and implementation of computer system security solutions.

    + Execute and conduct analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans (or other DoD approved tools) to validate appropriate implementation of security controls in accordance with NIST, DoD and DoN publications.

    + Coordinate technical meetings, prioritize topics, and identify objectives in support of package development.

    + Exercise strong customer service and excellent communication skills in a fast-paced environment.

    + Adhere to guidance outlined in RMF Process Guide

     

    What You’ll Bring

    Required Qualifications:

    + Education & Experience:

    + Minimum 8 years’ experience as an NQV.

    + Technical Expertise:

    + Proficiency in Enterprise Mission Assurance Support Service (eMASS) and DoD Application and Database Management System (DADMS), along with a thorough understanding of National Institute of Standards and Technology (NIST) controls

    + Certifications:

    + Eligible to obtain and keep active, a DoD TS/SCI security clearance.

    + Proficient with modern IT tools and infrastructure technologies

    Preferred (Nice to Have):

    + Knowledge of cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.

    + Knowledge of organization’s evaluation and validation requirements.

    + Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.

    + Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

    + Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption).

    + Knowledge of current industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts.

    + Knowledge of risk management processes and methods for assessing and mitigating risk.

    + Skill in determining how a security system should work, including its resilience and dependability capabilities.

    + Skill in discerning protection needs (i.e., security controls) of information systems and networks.

    + Draft statements of preliminary or residual security risks for system operation.

    + Maintain information systems assurance and accreditation materials.

    + Monitor and evaluate a system’s compliance with IT security, resilience, and dependability requirements.

    + Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., defense-in-depth).

    + Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks.

    + Knowledge of cryptography and cryptographic key management concepts.

    + Knowledge of embedded systems.

    + Knowledge of security risk assessments and authorization per RMF processes.

    + Knowledge of new and emerging IT and cybersecurity technologies.

    + Knowledge of structured analysis principles and methods.

    + Knowledge of systems diagnostic tools and fault identification techniques.

    + Knowledge of the organization’s enterprise IT goals and objectives.

    + Skill in applying confidentiality, integrity, and availability principles.

    + Skill in identifying measures or indicators of system performance and actions needed to improve performance.

    + Conduct Privacy Impact Assessments for security controls protecting PII.

    + Perform validation steps, comparing actual results with expected results to identify impact and risks.

    + Plan and conduct security authorization reviews and assurance case development for system and network installations.

    + Provide technical evaluations of software applications, systems, or networks, documenting security posture, capabilities, and vulnerabilities.

    + Recommend new or revised security, resilience, and dependability measures based on review results.

    + Review security and privacy assessment plans.

    + Review authorization and assurance documents to ensure risk is within acceptable limits.

    + Verify implementation of security postures as stated, document deviations, and recommend corrective actions.

    + Verify currency of software application/network/system accreditation and assurance documentation.

    + Develop security compliance processes and/or audits for external services (e.g., cloud service providers).

    + Knowledge of core business/mission processes.

    + Knowledge of PII data security standards.

    + Knowledge of applicable laws and regulations relevant to security and privacy.

    + Knowledge of local specialized system requirements for critical infrastructure/control systems.

    + Knowledge of an organization’s information classification program and procedures for information compromise.

    Travel & Passport

    + Some overnight stays possible.

    Work Environment

    + Compliance with vaccination and medical requirements for TDY/OCONUS roles as per Vaccine Recommendations by AOR | Health.mil.

    Office setting:

    + Primarily an office-based role in Norfolk, VA

    + Standard desk/computer work with flexibility for walking and movement on site

    + Must be able to work in an office environment, sitting at a desk, looking at a computer for most of the workday.

    + Work is physically comfortable; the employee has discretion about sitting, walking, standing, etc.

    + May be required to travel short distances to offices/conference rooms and buildings on site.

    Background & Security

    + Employment is contingent upon successful background investigation

    + Drug screening may be required for federal contract compliance

     

    Benefits & Perks

    We believe in investing in our team—both professionally and personally:

    + Medical, dental, vision, life, accident, and critical illness insurance

    + 401(k) immediate vesting and match

    + Paid time off and company holidays

    + Generous tuition & training support

    + Relocation assistance

    + Sign-on and performance-based bonuses

    + Employee referral program

    + Access to Tickets at Work, EAP, wellness initiatives, and more

     

    Join Us

     

    If you're driven by mission, technology, and teamwork—we want to hear from you. Cambridge is growing, and this position is just one of many opportunities on our global team. Know someone perfect for the role? Referrals are welcome—both employees and non-employees may qualify for a bonus.

     

    Apply today and help shape the future of secure cloud computing for national security.

     

    About Cambridge International Systems

     

    At Cambridge, innovation grows through diversity. We are proud to be an equal opportunity employer, committed to creating an inclusive and supportive work environment for all. Learn more at www.cbridgeinc.com.

     

    Powered by JazzHR