Cybersecurity Validator (IV&V) / Active Secret
About The Position
Peraton is hiring an experienced Cybersecurity Validator (IV&V) to support U.S. Marine Corps (USMC) enterprise-level hybrid-, multi-cloud operations. This role enables USMC world-wide customers to execute critical missions. As an Independent Verification and Validation Specialist (Validator), you will work with a team responsible for validating system compliance with RMF Framework, DOD/Navy/USMC/MCCOG/HCS cybersecurity requirements for systems in the hybrid-, multi-cloud enterprise environment. You will conduct validation of vulnerability analysis and self-assessment technical reviews, authorization and accreditation documentation and provide recommendations to government leadership on the risks associated with operating on or connected to USMC networks.
Requirements
- 8 years with a BS/BA degree; or minimum of 6 years with MS/MA; or minimum of 3 years with PhD. An additional 4 years of experience will be considered in lieu of the bachelors degree.
- IAT II Certification required (8570) or Security Control Assessor-Intermediate (8140).
- ACAS and SCC/SCAP experience required.
- Experience in USMC or DOD RMF requirements for authorization and accreditation.
- Experience evaluating risk scoring.
- Experience with Evaluate STIG, Open RMF, manual STIG review (STIG Viewer, .cklb) and other STIG compliance review and tracking tools and practices.
- Knowledge and experience of cloud application of RMF and cloud security requirements.
- Knoweldge of NIST 800-53A and experiencing applying those guidelines in evaluating a system for security risk and compliance.
- Experience in documenting POA&Ms in eMASS and preparing and submitting Risk Assessment.
- Experience developing, planning, and executing security test plans such as Security Assessment Plan (SAP) and Security Assessment Reports (SAR).
- U.S. citizenship required.
- DoD Secret clearance/Tier 3 BI.
Nice To Haves
- eMASS experience and certification preferred.
- USMC or Navy Certified validator (preferred).
- Azure cloud certification (Administrator AZ-104 and Security Engineer AZ-500).
- RMF Certification.
- ACAS certification.
Responsibilities
- Planning, leading and conducting verification and validation activities for cross-functional areas of Cybersecurity services.
- Assessing implemented security controls including technical and documentation artifacts to determine compliance and risk posture.
- Interpreting information assurance & cybersecurity guidance and applying technical expertise to assess compliance and risk in the following areas: Navy/USMC Independent Verification & Validation.
- Authorization and Accreditation (C&A)/Assessment and Authorization (A&A) (including Risk Management Framework).
- Private and public cloud operations including commercial cloud-hosted environments (FedRAMP/DOD Certification inheritance models).
- Preparing documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework).
- Preparing risk scoring and assessment recommendations to government leadership.
- Analyzing policies and procedures against Federal laws and regulations and provides recommendations for closing gaps to support Plan of Action and Milestone (POA&M) development.
- Conducting security program audits.
- Performing vulnerability assessments.
- Completes required analysis of and posting information through governance systems, currently eMASS.
- Supporting Security Control Assessor (SCA) operations.
Benefits
- overtime
- shift differential
- discretionary bonus
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
