Vacancy caducado!
Overview
NAVY QUALIFIED VALIDATOR LEVLEL II (BCSS-22-1314-W):Bowhead seeks a Navy Qualified Validator (NQV) Level II to support the NIWC ISSS Cooperative Engagement Capability contract located in Charleston, SC. The Navy Qualified Validator (NQV) Level II will support the upcoming Cybersecurity Information Technology contract. This contract is tasked with Cybersecurity Test & Evaluation, Cybersecurity Engineering, and Cybersecurity Assessment and Authorization (A&A) activities for the Cooperative Engagement Capability (CEC) & Communications As A Service (CAAS) Cybersecurity Support, and other systems. Specifically, this support will encompass Risk Management Framework tasks, engineering activities, and recommendations for technical support for multiple projects and programs. The NQV II will plan, coordinate, and implement an organization's computer information security measures to safeguard information in computer files against accidental or unauthorized modification, destruction, or disclosure. Reviews violations of computer security procedures to eliminate violations.Responsibilities- Conduct information assurance (IA) assessments based on the collection, analysis, and reporting of data in accordance with the appropriate security technology and government policy methods.
- Analyze assessments and implements an overall risk-based decision to effectively certify security controls and countermeasures and the overall security posture of Federal IT systems and programs, networks and infrastructures throughout information technology engineering lifecycles.
- Provide support for enclaves and systems to achieve an Authorization to Operate (ATO) and an Authorization to Connect (ATC) and maintain an appropriate IA posture.
- Utilize enterprise Mission Assurance Support Service (eMASS), Xacta, or similar systems repositories for IA purposes. Assesses and mitigates technical security and operational risks specific to industrial control system enclaves and technologies.
- Identify, quantify, prioritize or rank vulnerabilities and assess potential hazards and ensure the proper documentation of risk to an Information System (IS).
- Actively work with the government validators and Project Management Offices (PMOs) to provide support and guidance throughout the program/system lifecycle.
- Responsible for periodic auditing of IA artifacts to ensure proper adherence to DoD Instruction, Navy requirements, and the NIST Special Publication 800 series standards and industry best practices. Such interaction shall enhance the quality of IA packages for the purpose of receiving an ATO from the Navy/Marine Corps Designating Approval Authority (DAA)/Naval Approving Authority (NAO), Navy Security Control Assessor (SCA), Authorizing Official (AO) or Authorizing Official Designated Representative (AODR).
- Compile all CT&E related test plans, test reports, risk analyses, and POA&Ms to a designated centralized storage location for future accessibility and historical tracking.
- Support CT&E, including conducting security controls assessment procedures; Security Requirements and Implementation Guides (SRGs, and STIGs) assessment; and automated network and host-based assessment using tools from the Assured Compliance Assessment Solution (ACAS) suite as well as assessment using non-standard tools such as Network Mapper (Nmap) and Wireshark network protocol analyzer, within a time period defined by the CT&E test plan and by staying abreast of and following all applicable Department of Defense (DoD) and Department of Navy (DoN) scanning guidance.
- Support Engineering Change Proposals (ECPs) by reviewing requesting modifications to system baseline, evaluating impact to design and writing necessary changes to the product specification to support new capability.
Vacancy caducado!