-
Navy Qualified Validator
- Trace Systems Inc (Portsmouth, VA)
-
Job Overview
Job Title: Navy Qualified Validator
Job Responsibilities
Trace Systems is seeking a Navy Qualified Validator (NVQ) to support the Norfolk Naval Shipyard CIO department (Code 109), and the associated network capabilities are currently supporting activities that directly contribute to Navy Fleet readiness. Some of the functions supported by the network include automated tools that enhance the warfighter’s ability to execute their mission; support to mission areas such as: Fleet logistics, maintenance, ship industrial and maintenance production activities, engineering, supply, legal, readiness, plans and policy, program planning and management, and personnel; hurricane disaster preparedness and response; world-wide support of bases, the war-fighter, and stations; readiness reporting and support; and securing the Homeland. NNSY CIO is responsible for the installation, administration, development, management, and/or maintenance of all networks and systems installed at NNSY and telecommunication services. The CIO provides IT approval for IT purchases made for and by NNSY. This department ensures that all systems and networks operate in a secure manner by implementing and managing an Information Assurance program that meets all Navy and DoD requirements.
Duties and responsibilities include but are not limited to:
+ Support the revision of the entire end-to-end Assessment and Authorization (A&A) process.
+ Support for Inspection and Audit conducted at NNSY.
+ Review A&A package submissions to ensure system/network architectures and technical/non- technical operating features adequately protect and defend against unauthorized access, ensure systems availability, and meet DoD/Navy Cyber Security (CS) implementation policy requirements and data protection safeguards.
+ Conduct CS compliance and A&A documentation validation assessments for legacy applications, systems and networks.
+ Develop, or expand existing A&A and CS documentation to ensure complete documentation exists in accordance with DoD A&A and IA/CS policy.
+ Perform Cyber Compliance (CC) risk assessments to evaluate system risks and provide written risk assessment reports including overall risk analysis reviews and recommendations to the Navy Authorizing Official (NAO) and Functional Authorizing Official (FAO).
+ Respond to feedback from the NAO and FAO in the form of comments and instructions to ensure coordination of efforts and to correct errors, information omissions and shortfalls in A&A documentation packages.
+ Communicate feedback to customers, coordinate corrections collect responses and validate prior to forward for processing.
+ Develop procedures to support A&A workflow processes, criteria needed to facilitate authorization processes and NAO/FAO authorization decision milestones.
+ Streamline A&A package efforts based on RMF status and complexity, unless operational requirements necessitate a waiver from the NNSY Package Submission Office (PSO).
+ Support Cyber Security readiness reporting and assess the cyber security posture and identify trends and processes potentially dangerous to network security.
+ Verify Information Assurance (IA) and CS data for units reported via various databases such as Enterprise Mission Assurance Support Service (eMASS), Vulnerability Remediation Asset Manager (VRAM), Navy Continuous Monitoring and Risk Scoring (CMRS-N) and Department of the Navy (DON) Applications and Database Management System (DADMS).
+ Compile and analyze data and develop a weekly/monthly CS Dashboard for NNSY leadership review.
+ Communicate feedback to NNSY CIO identified with CS vulnerabilities to the DODIN and coordinate corrections, collect responses and validate reporting.
+ Provide support in drafting NNSY CIO strategies, plans, policy, and procedures.
+ Assist with Assured Compliance Assessment System (ACAS) scans
+ Ensure audit artifacts are accurate, complete, and accessible, including evidence of continuous monitoring, patch management, user account management, and vulnerability remediation efforts.
+ Coordinate with ISSMs, Information System Security Officers (ISSOs), and system owners to validate that all systems are in compliance with the Risk Management Framework (RMF) requirements and audit readiness standards.
+ Track and report the status of audit findings and ensure all findings are assigned to responsible stakeholders, properly documented in the Plan of Action and Milestones (POA&Ms) and resolved within designated timelines.
Minimum Qualifications
+ Active, in-scope US Government issued Top Secret clearance.
+ Due to the nature of the work and contract requirements, US Citizenship is required.
+ Registered Navy Qualified Validator
+ Level II Certification (Security + or better), fully qualified in accordance with DoD 8570.01M
+ Minimum of seven (7) years of experience in CS/A&A analysis support in IA controls analysis, conducting risk assessments, risk mitigation analysis, or developing plans. Examples of relevant experience may include the following:
+ Cyber Security (CS) / Risk Management Framework (RMF) concepts and requirements (DoDI 8510.01)
+ Accreditation & Authorization (A&A) process and standards.
+ System / network vulnerability analysis.
+ Risk assessment and risk mitigation analysis.
+ Security Test and Evaluation (ST&E) processing.
+ Security Technical Implementation Guide (STIG) Processing
+ Use of automated STIG processing tools [e.g., Security Content Automation Protocol (SCAP), Evaluate STIG, STIGMAN, EMASSter...]
+ Use of Enterprise Mission Assurance Support Services (eMASS) and similar RMF repositories.
+ Setup and execution of A&A Business Rules, Standard Operating Procedures (SOP)s, Concept of Operations (CONOP)s, and Plans.
+ Contingency planning, training and testing.
+ Establish/interrupt Firewall Policy.
+ Interrupt, register Ports & Protocols.
+ Hardware / Software, network boundaries, flow diagrams and technical drawings.
+ Interrupting information in the system baseline configuration in VRAM by uploading vulnerability scan of a representative baseline system.
+ Expert and Mastery levels with institutional knowledge on the mission critical procedures, systems, and processes, as they pertain to Information Technology and Cyber Security requirements.
+ Advise on the proper method to mitigate vulnerabilities.
+ Experience in certifying and accrediting DON information systems and networks, as well as Platform IT.
+ Expert knowledge of and experience with CS/RMF requirements as defined by Public Laws, National, DoD, and DON [e.g., Federal Information Security Management Act (FISMA), DoDD 8100.02, DODI 8500.01, DoDI 8520, DoDI 8530, DoDI 8531, SECNAV 5239 Series and OPNAV 5239 Series, NIST Special Publications Series 800, etc.]
+ Expert knowledge and experience with the requirements outlined in OPNAVINST N9210.3 Safeguarding Naval Nuclear Propulsion Information
+ Produce executive documents, reports, project plans and plan of action and milestones (POA&M).
Education
+ Bachelor's degree in an IT-related discipline or Level II Certification (Security+ or better)
Trace Systems
Trace Systems Inc. was founded to support and defend our nation's security interests at home and abroad–– whenever and wherever. We provide enterprise IT, engineering, full life-cycle communications, cybersecurity, cloud and virtualization services and solutions to the United States Department of Defense and other federal agencies.
To Apply: We invite you to put your talents to work by joining a growing team of dynamic professionals here at Trace Systems! Be part of a culture at our leading-edge company where you can achieve great things while fostering a satisfying and rewarding career progression. To learn more about our current openings, text ‘tracejobs’ to 97211 or apply directly through our website at: www.tracesystems.com. #jointracesystems
Trace Systems is an equal opportunity employer. Qualified candidates will be considered without regard to legally protected characteristics.
-
Recent Jobs
-
Navy Qualified Validator
- Trace Systems Inc (Portsmouth, VA)
-
Warehouse Associate, Weekend
- Cardinal Health (Boylston, MA)