This position is designated as key personnel and an advanced level Security Control Assessor (work role: 612) under DCWF.  CONTRACTOR shall conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls.  CONTRACTOR shall provide cybersecurity support, analysis, documentation, and validation services for OPTEVFOR IT systems.  CONTRACTOR serves independently as a Navy Qualified Validator (NQV), performing validation activities under the RMF process using Navy Security Control Assessor approved processes and applies knowledge of DoD or DoN network architectures and policy toward assessment and identification of vulnerabilities as a means of improving operational security posture  in accordance with the Risk Management Framework Process Guide series .CONTRACTOR shall apply Navy Assessment & Authorization (A&A) guidance and policy to achieving/maintaining program objectives on time/schedule and guidance regarding vulnerability remediation and determination of risk posture. Position security clearance requirement is ELIGIBILITY FOR TS/SCI.

• Responsible for conducting Validation and Risk Assessment (RA) activities in support of the customer (Validation Security Assessment Testing, System Risk Documentation, System Audits, Security Hardware and Software Testing).
• Responsible for creating and providing all RMF appropriate artifacts and documentation necessary to plan and execute a thorough test of systems, document the system risks and report on the identified risks as necessary
• Develop and maintain System Security Plans (SSP), Contingency Plans, Privacy Impact Assessments, Certification Reports, Accreditation Reports, POA&Ms, and other A&A documentation.
• Initiate and prepare A&A RMF packages; ensures existing  A&A packages are maintained in a compliant status; verifies and validates  A&A package requirements and configuration modifications are performed and tested.
• Actively work with the designated (OPTEVFOR) Information Systems Security Manager (ISSM) to provide final security assessment support and guidance.
• Required to conduct periodic auditing of RMF artifacts to ensure proper adherence to DoD instruction, Navy requirements, and the NIST Special Publication 800 series standards and industry best practices.
• Responsible for enhancing the overall quality of RMF packages for the purpose of receiving an ATO from the Navy Authorizing Official (NAO) or Authorizing Official Designated Representative (AODR).
• Required to engage with the system Information Systems Security Engineer (ISSE) and ISSE support staff throughout the RMF process.
• Responsible for validation events for all OPTEVFOR cyber OT&E infrastructure and toolset.
• Maintain thorough and current knowledge of RMF and A&A process and standards.
• Work closely with system owners, technical leads, cybersecurity staff, and other stakeholders to manage cybersecurity requirements.
• Integration and implementation of computer system security solutions.
• Execute and conduct analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans (or other DoD approved tools) to validate appropriate implementation of security controls in accordance with NIST, DoD and DoN publications.
• Coordinate technical meetings, prioritize topics, and identify objectives in support of package development.
• Exercise strong customer service and excellent communication skills in a fast-paced environment.
• Adhere to guidance outlined in RMF Process Guide

• Minimum 8 years’ experience as an NQV.
• Proficiency in Enterprise Mission Assurance Support Service (eMASS) and DoD Application and Database Management System (DADMS), along with a thorough understanding of National Institute of Standards and Technology (NIST) controls.
• Must have a DOD Secret security clearance and the ability to obtain a TS/SCI.

#LI-EB1

#LI-Onsite