Navy Qualified Validator (NQV)

G

Geospatial And Cloud Analytics Inc

Navy Qualified Validator (NQV)

Norfolk, VA
Full Time
Paid
  • Responsibilities

    Position Overview

    The NQV conducts independent, comprehensive assessments of management, operational, and technical security controls and control enhancements implemented within, or inherited by, OPTEVFOR information technology (IT) systems. The role evaluates overall control effectiveness and provides independent cybersecurity analysis, documentation, validation, and risk determination in support of OPTEVFOR missions.

    The SCA serves independently as a Navy Qualified Validator (NQV), performing validation activities under the Risk Management Framework (RMF) using Navy SCA-approved processes. The position applies expert knowledge of DoD and Department of the Navy (DoN) architectures, policies, and guidance to identify vulnerabilities, assess risk, and improve operational security posture in accordance with the RMF Process Guide series and Navy Assessment & Authorization (A&A) policy.

    Security Clearance Requirement: Eligibility for Top Secret / Sensitive Compartmented Information (TS/SCI).

    Qualifications

    Minimum of eight (8) years of experience performing duties as a Navy Qualified Validator (NQV)

    Demonstrated proficiency with Enterprise Mission Assurance Support Service (eMASS) and familiarity with DoD Application and Database Management System (DADMS)

    Thorough working knowledge of NIST security controls and their application within DoD/DoN RMF processes

    Key Responsibilities

    Assessment, Validation, and Risk Determination

    Conduct Validation and Risk Assessment (RA) activities in support of OPTEVFOR systems, including:

    Validation Security Assessment Testing (VSAT)

    System risk documentation

    System audits

    Security hardware and software testing

    Perform independent evaluations of security controls to determine effectiveness and residual risk

    Produce complete, accurate, and defensible risk assessments in support of RMF authorization decisions

    RMF Documentation and Artifacts

    Create, review, and deliver all RMF-required artifacts and documentation necessary to plan, execute, and report on system security assessments

    Document system risks, control deficiencies, and mitigation recommendations in accordance with RMF and Navy A&A guidance

    Maintain and verify the accuracy and currency of authorization, assurance, and accreditation documentation

    Draft statements of preliminary and residual security risk to support authorization decisions

    Stakeholder Coordination and Advisory Support

    Work closely with the designated OPTEVFOR Information Systems Security Manager (ISSM) to provide final security assessment guidance and validation support

    Coordinate with Information Systems Security Engineers (ISSEs) and supporting staff throughout the RMF lifecycle

    Collaborate with system owners, technical leads, cybersecurity personnel, and other stakeholders to manage and resolve cybersecurity requirements

    Participate in technical meetings and working groups to support RMF package development and risk adjudication

    Provide clear, actionable guidance on vulnerability remediation and risk posture determination

    Vulnerability Assessment and Analysis

    Execute and analyze ACAS/Tenable vulnerability scans and other DoD-approved assessment tools

    Validate proper implementation of security controls in accordance with NIST, DoD, and DoN publications

    Identify known vulnerabilities using alerts, advisories, errata, and bulletins

    Verify implementation of stated security postures, document deviations, and recommend corrective actions

    Governance, Compliance, and Continuous Improvement

    Maintain current expertise in RMF and A&A policies, standards, and best practices

    Adhere strictly to the RMF Process Guide and Risk Assessment Guide

    Develop or refine security compliance processes and audit approaches, including those applicable to external services (e.g., cloud service providers)

    Exercise strong customer service, professionalism, and communication skills in fast-paced operational environments

    DCWF Knowledge, Skills, Abilities, and Tasks (KSATs)

    Knowledge

    Cyber defense, vulnerability assessment tools, and their capabilities

    NIST, DoD, and DoN security principles, controls, and publications

    Risk management processes, assessment methodologies, and mitigation strategies

    Network security architecture concepts (topology, protocols, components, defense-in-depth)

    Cryptography and cryptographic key management

    Embedded systems and specialized systems supporting critical infrastructure

    Emerging IT and cybersecurity technologies

    Enterprise IT goals, mission processes, and information classification programs

    PII protection standards and applicable security and privacy laws and regulations

    Skills & Abilities

    Conducting independent security control assessments and validation activities

    Determining protection needs and appropriate security controls for IT systems and networks

    Performing and analyzing vulnerability scans and assessment results

    Monitoring and evaluating compliance with security, resilience, and dependability requirements

    Applying confidentiality, integrity, and availability (CIA) principles

    Comparing expected versus actual security outcomes to identify risk impacts

    Developing risk statements, remediation recommendations, and corrective action guidance

    Reviewing authorization packages and assurance documentation to ensure risk acceptance is appropriate

    Verifying currency and accuracy of accreditation and authorization artifacts

    Providing technical evaluations of systems, networks, and applications to document security posture