Navy Exchange Service Command
CYBERSECURITY SYSTEM VALIDATOR
Navy Exchange Service Command, Virginia Beach, Virginia, us, 23450
Job Title:
CYBERSECURITY SYSTEM VALIDATOR (240002PT)Primary Location:
NEXCOMHQPay Range:
$100,692-$113,629 Based upon experienceJob Summary:
Serves as a Risk Management Framework (RMF) Security Control Validator who performs independent and impartial assessments of NIST 800-53 security and privacy controls employed within the Navy Exchange Enterprise.Duties and Responsibilities:Provides NEXCOM cybersecurity support, by performing full package analysis of all IT systems, as defined by the Navy Risk Management Framework (RMF) guide.Serves as a Navy Qualified Validator (NQV) for the Navy Exchange Enterprise.Interviews the Information Technology (IT) owner to obtain system or site information. Independently uses this and other available information to evaluate security features of the IT system or site being assessed and authorized. Works extensively with system-level program teams throughout the system lifecycle to ensure they meet DoD 8500 series.Performs complete assessments of a system or network security controls, known threats, and vulnerabilities, and provides a complete summary of failed controls and documenting issues.Provides clear and detailed technical feedback on potential risks affecting the systems vulnerability footprint and recommended courses of action to mitigate or consider other options to meet mission requirements while preserving or improving the security postures.Completes a Security Assessment Review (SAR) in collaboration with the Security Control Assessor (SCA) based on the assessment results.Recommends updates to the POA&M based on the assessment results while ensuring traceability of all vulnerabilities from raw assessment results to the POA&M.Prepares the SAR Executive Summary, with all assessment results, for SCA review.Prepares and submits the Security Assessment Plan (SAP) with program assistance.Serves in a continuous monitoring role of the system's security posture to ensure ongoing compliance and the timely detection of security issues after authorization, as necessary.Assesses need for specialized IA training. Prepares lesson plans for such training, as required, and ensures that training is given to appropriate personnel. May personally instruct such courses.Keeps supervisors up to date on all assignments.Performs other related duties as assigned.Certifications Required:SECNAV M-5239.2, DoN, Information Assurance (IA) Workforce Manual requires incumbents of this position to possess and maintain current, two types of certifications as follows:IA Certification: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP+), GIAC Security Leadership Certification (GSLC)Technical Certification: Operating System/Computing Environment (OS/CE) certificate of training as dictated by Supervisor and approved by Command Cyber IT/CSWF-PM.Candidate is also required to sign a Privileged Access Agreement. Candidates without the required certification may be placed into this job but must obtain the required certification within 6 months of appointment; failure to obtain this requirement will result in termination of employment.This position in accordance with SECNAV M-5510.30 will require a favorable Single Scope Background Investigation (SSBI).Experience Requirements:A total of 8 years of experience, consisting of the following combination:GENERAL EXPERIENCE:
3 years’ experience in security, technical or investigative work which demonstrated the ability and aptitudes required to perform technical, managerial or analytical work involving management information systems.ORSUBSTITUTION OF EXPERIENCE FOR EDUCATION:
One year of related academic study above the high school level may be substituted for 9 months of experience up to a maximum of a 4 year bachelor's degree in IT security or computer information systems for 3 years of general experience.ANDSPECIALIZED EXPERIENCE:
5 years of demonstrated experience in at least two of the following:Risk management validationIT security compliance and reportingTechnical risk analysisAuthorization and accreditationAnd experience in the performance of:System Security Assurance: ensuring that entire systems meet security requirements, function securely, and undergo comprehensive testing for overall security assurance.Security Assessments: conducting security assessments and developing Security Assessment Plans (SAPs).Technical Understanding: interpreting network diagrams, vulnerability scans, and compliance scans.Security Documentation: creating and maintaining various security documents, including Security Assessment Plans.Risk Management Framework: conducting security control assessments following a Risk Management Framework approach, along with conducting risk assessments and developing security assessment reports.And in-depth knowledge of:NIST 800-53Risk mitigation strategies for computer operating systems, networks, or cloud servicesSecurity controls and compliance frameworksThis position is designated in accordance with SECNAV M-5510.30 and will require a favorable Single Scope Background Investigation (SSBI). Candidates must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain will result in termination.
#J-18808-Ljbffr
CYBERSECURITY SYSTEM VALIDATOR (240002PT)Primary Location:
NEXCOMHQPay Range:
$100,692-$113,629 Based upon experienceJob Summary:
Serves as a Risk Management Framework (RMF) Security Control Validator who performs independent and impartial assessments of NIST 800-53 security and privacy controls employed within the Navy Exchange Enterprise.Duties and Responsibilities:Provides NEXCOM cybersecurity support, by performing full package analysis of all IT systems, as defined by the Navy Risk Management Framework (RMF) guide.Serves as a Navy Qualified Validator (NQV) for the Navy Exchange Enterprise.Interviews the Information Technology (IT) owner to obtain system or site information. Independently uses this and other available information to evaluate security features of the IT system or site being assessed and authorized. Works extensively with system-level program teams throughout the system lifecycle to ensure they meet DoD 8500 series.Performs complete assessments of a system or network security controls, known threats, and vulnerabilities, and provides a complete summary of failed controls and documenting issues.Provides clear and detailed technical feedback on potential risks affecting the systems vulnerability footprint and recommended courses of action to mitigate or consider other options to meet mission requirements while preserving or improving the security postures.Completes a Security Assessment Review (SAR) in collaboration with the Security Control Assessor (SCA) based on the assessment results.Recommends updates to the POA&M based on the assessment results while ensuring traceability of all vulnerabilities from raw assessment results to the POA&M.Prepares the SAR Executive Summary, with all assessment results, for SCA review.Prepares and submits the Security Assessment Plan (SAP) with program assistance.Serves in a continuous monitoring role of the system's security posture to ensure ongoing compliance and the timely detection of security issues after authorization, as necessary.Assesses need for specialized IA training. Prepares lesson plans for such training, as required, and ensures that training is given to appropriate personnel. May personally instruct such courses.Keeps supervisors up to date on all assignments.Performs other related duties as assigned.Certifications Required:SECNAV M-5239.2, DoN, Information Assurance (IA) Workforce Manual requires incumbents of this position to possess and maintain current, two types of certifications as follows:IA Certification: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP+), GIAC Security Leadership Certification (GSLC)Technical Certification: Operating System/Computing Environment (OS/CE) certificate of training as dictated by Supervisor and approved by Command Cyber IT/CSWF-PM.Candidate is also required to sign a Privileged Access Agreement. Candidates without the required certification may be placed into this job but must obtain the required certification within 6 months of appointment; failure to obtain this requirement will result in termination of employment.This position in accordance with SECNAV M-5510.30 will require a favorable Single Scope Background Investigation (SSBI).Experience Requirements:A total of 8 years of experience, consisting of the following combination:GENERAL EXPERIENCE:
3 years’ experience in security, technical or investigative work which demonstrated the ability and aptitudes required to perform technical, managerial or analytical work involving management information systems.ORSUBSTITUTION OF EXPERIENCE FOR EDUCATION:
One year of related academic study above the high school level may be substituted for 9 months of experience up to a maximum of a 4 year bachelor's degree in IT security or computer information systems for 3 years of general experience.ANDSPECIALIZED EXPERIENCE:
5 years of demonstrated experience in at least two of the following:Risk management validationIT security compliance and reportingTechnical risk analysisAuthorization and accreditationAnd experience in the performance of:System Security Assurance: ensuring that entire systems meet security requirements, function securely, and undergo comprehensive testing for overall security assurance.Security Assessments: conducting security assessments and developing Security Assessment Plans (SAPs).Technical Understanding: interpreting network diagrams, vulnerability scans, and compliance scans.Security Documentation: creating and maintaining various security documents, including Security Assessment Plans.Risk Management Framework: conducting security control assessments following a Risk Management Framework approach, along with conducting risk assessments and developing security assessment reports.And in-depth knowledge of:NIST 800-53Risk mitigation strategies for computer operating systems, networks, or cloud servicesSecurity controls and compliance frameworksThis position is designated in accordance with SECNAV M-5510.30 and will require a favorable Single Scope Background Investigation (SSBI). Candidates must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain will result in termination.
#J-18808-Ljbffr