UIC Alaska

Navy Qualified Validator (NQV) Level II

ID
2022-3483
Category
Cybersecurity/Information Security
Position Type
Full-Time
Location : Location
US-SC-Charleston
Minimum Clearance Required
Secret
Travel Requirement
10% - 25%

Overview

NAVY QUALIFIED VALIDATOR LEVLEL II (BCSS-22-1299-W):

 

Bowhead seeks a Navy Qualified Validator (NQV) Level II to support the NIWC ISSS Validation Center of Excellence contract located in Charleston, SC. The Navy Qualified Validator (NQV) Level II will support the upcoming Cybersecurity Information Technology contract. The NQV II will plan, coordinate, and implement an organization's computer information security measures to safeguard information in computer files against accidental or unauthorized modification, destruction, or disclosure. Reviews violations of computer security procedures to eliminate violations.

 

Responsibilities

  • Conduct information assurance (IA) assessments based on the collection, analysis, and reporting of data in accordance with the appropriate security technology and government policy methods.
  • Analyze assessments and implements an overall risk-based decision to effectively certify security controls and countermeasures and the overall security posture of Federal IT systems and programs, networks and infrastructures throughout information technology engineering lifecycles.
  • Provide support for enclaves and systems to achieve an Authorization to Operate (ATO) and an Authorization to Connect (ATC) and maintain an appropriate IA posture.
  • Utilize enterprise Mission Assurance Support Service (eMASS), Xacta, or similar systems repositories for IA purposes. Assesses and mitigates technical security and operational risks specific to industrial control system enclaves and technologies.
  • Identify, quantify, prioritize or rank vulnerabilities and assess potential hazards and ensure the proper documentation of risk to an Information System (IS).
  • Actively work with the government validators and Project Management Offices (PMOs) to provide support and guidance throughout the program/system lifecycle.
  • Responsible for periodic auditing of IA artifacts to ensure proper adherence to DoD Instruction, Navy requirements, and the NIST Special Publication 800 series standards and industry best practices. Such interaction shall enhance the quality of IA packages for the purpose of receiving an ATO from the Navy/Marine Corps Designating Approval Authority (DAA)/Naval Approving Authority (NAO), Navy Security Control Assessor (SCA), Authorizing Official (AO) or Authorizing Official Designated Representative (AODR).
  • Compile all CT&E related test plans, test reports, risk analyses, and POA&Ms to a designated centralized storage location for future accessibility and historical tracking.
  • Support CT&E, including conducting security controls assessment procedures; Security Requirements and Implementation Guides (SRGs, and STIGs) assessment; and automated network and host-based assessment using tools from the Assured Compliance Assessment Solution (ACAS) suite as well as assessment using non-standard tools such as Network Mapper (Nmap) and Wireshark network protocol analyzer, within a time period defined by the CT&E test plan and by staying abreast of and following all applicable Department of Defense (DoD) and Department of Navy (DoN) scanning guidance.
  • Support Engineering Change Proposals (ECPs) by reviewing requesting modifications to system baseline, evaluating impact to design and writing necessary changes to the product specification to support new capability.

Qualifications

In accordance with Executive Order 14042: Ensuring Adequate COVID Safety Protocols for Federal Contractors, candidates should be aware that they may be required to have received or be willing to receive the COVID-19 vaccine by date of hire.

 

  • Certified Navy Qualified Validator (NQV) Level II. Completed one (1) applicable discipline certification (CAP - Certified Authorization Professional, CCFP - Certified Cyber Forensics Professional, CCSP - Certified Cloud Security Professional, CISSP - Certified Information Systems Security Professional, CISSP Concentrations, ISSAP - Information Systems Security Architecture Professional, ISSEP - Information Systems Security Engineering Professional, ISSMP
  • Information Systems Security Management Professional, CSSLP - Certified Secure Software Lifecycle Professional, SSCP - Systems Security Certified Practitioner, Security+, or other).Certified in accordance with DoDD 8570.1 Information Assurance Technician III and subject to meeting subsequent requirements of latest DoD 8140 manual.
  • Four (4+) years of experience in the support of information and information systems integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
  • Demonstrable experience with DoDI 8510.01 Risk Management Framework (RMF)/DIACAP requirements on all applicable Business IT/Support C2 systems and programs scheduled for IA accreditation. Experience in Engineering Lifecycle (SELC) integration and validation testing to include Assessment and Authorization (A&A) Support.
  • Possess proficient understanding of A&A processes and workflows, providing guidance and the necessary deliverables to achieve system authorization while receiving feedback for rework and traceability errors no greater than two (2) times per artifact submission.
  • Possess a proficient understanding down to implementation-level detail of the Internet Protocol (IP) suite and the Institute of Electrical and Electronics Engineers (IEEE) 802 family of standard, including IEEE 802.1Q, Virtual Local Area Network switching in an Ethernet Network and IEEE 802.3, Ethernet.
  • Proficient in assessment of the secure configuration of Unix-type operating systems, and Linux (specifically Red Hat Enterprise Linux). The contractor shall be proficient in the assessment of the secure configuration of network and infrastructure device operating systems such as those found in switches and routers, including Ciscos Internetwork Operating System (IOS). The contractor shall be proficient in assessment of embedded systems, specifically those operating using real time operating systems (RTOS).
  • Ability to communicate effectively with all levels of employees and outside contacts.
  • Strong interpersonal skills and good judgment with the ability to work alone or as part of a team.

 

Physical Demands:
• Must be able to lift up to 25 pounds
• Must be able to stand and walk for prolonged amounts of time
• Must be able to twist, bend, and squat periodically

 

SECURITY CLEARANCE REQUIREMENTS: Must currently hold a security clearance at the Secret level. US Citizenship is a requirement for Secret clearance at this location.

 

#LI-KC1

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed