Fully Qualified Validator – TS/SCI | Norfolk, VA

Cambridge International Systems Inc-posted 4 months ago
Full-time • Mid Level
Norfolk, VA
251-500 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

Join a dynamic global team united by shared values: commitment, integrity, and perseverance. At Cambridge, you’ll work alongside top talent worldwide, tackling some of today’s most complex and critical challenges in defense and security. We are currently seeking a Fully Qualified Validator to support operations in Norfolk, VA. This is a full-time position requiring an active DoD TS/SCI clearance. This position is contingent upon contract award with an expected award date of November 2025.

  • Conduct Validation and Risk Assessment (RA) activities in support of the customer.
  • Create and provide all RMF appropriate artifacts and documentation necessary to plan and execute a thorough test of systems.
  • Develop and maintain System Security Plans (SSP), Contingency Plans, Privacy Impact Assessments, Certification Reports, Accreditation Reports, POA&Ms, and other A&A documentation.
  • Initiate and prepare A&A RMF packages; ensure existing A&A packages are maintained in a compliant status.
  • Verify and validate A&A package requirements and configuration modifications are performed and tested.
  • Work with the designated Information Systems Security Manager (ISSM) to provide final security assessment support and guidance.
  • Conduct periodic auditing of RMF artifacts to ensure proper adherence to DoD instruction, Navy requirements, and NIST standards.
  • Enhance the overall quality of RMF packages for the purpose of receiving an ATO from the Navy Authorizing Official.
  • Engage with the system Information Systems Security Engineer (ISSE) and ISSE support staff throughout the RMF process.
  • Conduct validation events for all the cyber OT&E infrastructure and toolset.
  • Maintain thorough and current knowledge of RMF and A&A process and standards.
  • Work closely with system owners, technical leads, cybersecurity staff, and other stakeholders to manage cybersecurity requirements.
  • Integrate and implement computer system security solutions.
  • Execute and conduct analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans.
  • Coordinate technical meetings, prioritize topics, and identify objectives in support of package development.
  • Exercise strong customer service and excellent communication skills in a fast-paced environment.
  • Adhere to guidance outlined in RMF Process Guide.
  • Minimum 8 years’ experience as an NQV.
  • Proficiency in Enterprise Mission Assurance Support Service (eMASS) and DoD Application and Database Management System (DADMS).
  • Thorough understanding of National Institute of Standards and Technology (NIST) controls.
  • Eligible to obtain and keep active, a DoD TS/SCI security clearance.
  • Proficient with modern IT tools and infrastructure technologies.
  • Knowledge of cyber defense and vulnerability assessment tools, including open-source tools.
  • Knowledge of organization’s evaluation and validation requirements.
  • Knowledge of cybersecurity principles used to manage risks related to information processing.
  • Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
  • Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • Knowledge of current industry methods for evaluating, implementing, and disseminating IT security assessment tools.
  • Knowledge of risk management processes and methods for assessing and mitigating risk.
  • Skill in determining how a security system should work, including its resilience and dependability capabilities.
  • Skill in discerning protection needs of information systems and networks.
  • Draft statements of preliminary or residual security risks for system operation.
  • Maintain information systems assurance and accreditation materials.
  • Monitor and evaluate a system’s compliance with IT security, resilience, and dependability requirements.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles.
  • Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks.
  • Knowledge of cryptography and cryptographic key management concepts.
  • Knowledge of embedded systems.
  • Knowledge of security risk assessments and authorization per RMF processes.
  • Knowledge of new and emerging IT and cybersecurity technologies.
  • Knowledge of structured analysis principles and methods.
  • Knowledge of systems diagnostic tools and fault identification techniques.
  • Knowledge of the organization’s enterprise IT goals and objectives.
  • Skill in applying confidentiality, integrity, and availability principles.
  • Skill in identifying measures or indicators of system performance and actions needed to improve performance.
  • Conduct Privacy Impact Assessments for security controls protecting PII.
  • Perform validation steps, comparing actual results with expected results to identify impact and risks.
  • Plan and conduct security authorization reviews and assurance case development for system and network installations.
  • Provide technical evaluations of software applications, systems, or networks, documenting security posture, capabilities, and vulnerabilities.
  • Recommend new or revised security, resilience, and dependability measures based on review results.
  • Review security and privacy assessment plans.
  • Review authorization and assurance documents to ensure risk is within acceptable limits.
  • Verify implementation of security postures as stated, document deviations, and recommend corrective actions.
  • Verify currency of software application/network/system accreditation and assurance documentation.
  • Develop security compliance processes and/or audits for external services.
  • Knowledge of core business/mission processes.
  • Knowledge of PII data security standards.
  • Knowledge of applicable laws and regulations relevant to security and privacy.
  • Knowledge of local specialized system requirements for critical infrastructure/control systems.
  • Knowledge of an organization’s information classification program and procedures for information compromise.
  • Medical, dental, vision, life, accident, and critical illness insurance.
  • 401(k) immediate vesting and match.
  • Paid time off and company holidays.
  • Generous tuition & training support.
  • Relocation assistance.
  • Sign-on and performance-based bonuses.
  • Employee referral program.
  • Access to Tickets at Work, EAP, wellness initiatives, and more.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service