Navy Qualified Validator (NQV)

About The Position

Requirements

• Minimum 8 years of experience serving as a Navy Qualified Validator (NQV).
• Proficiency with eMASS.
• Familiarity with DoD Application and Database Management System (DADMS).
• Thorough understanding of NIST SP 800-53 security controls.
• Working knowledge of DoD and DoN network architectures and cybersecurity policy.
• Must possess at least ONE of the following certifications:
• Certified Chief Information Security Officer (CCISO)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Officer (CISSO)
• Certified Information Systems Security Professional (CISSP)
• Certified Penetration Testing Engineer (CPTE)
• CompTIA Cybersecurity Analyst (CySA+)
• Federal IT Security Professional – Auditor-NG (FITSP-A)
• GIAC Cloud Security Automation (GCSA)
• GIAC Security Essentials Certification (GSEC)
• GIAC Security Leadership Certification (GSLC)
• GIAC Systems and Network Auditor (GSNA)
• Information Systems Security Engineering Professional (ISSEP)
• Eligibility for TS/SCI required

Responsibilities

• Serve independently as a Navy Qualified Validator (NQV) performing RMF validation activities using Navy SCA–approved processes.
• Conduct Validation and Risk Assessment (RA) activities, including:
• Validation Security Assessment Testing (VSAT)
• System risk documentation
• System audits
• Security hardware and software testing
• Develop, review, and deliver all RMF artifacts and documentation required to plan, execute, and report on system security assessments.
• Produce complete, accurate, and defensible risk assessments in support of RMF efforts.
• Apply Navy A&A guidance and policy to support authorization decisions, vulnerability remediation, and determination of system risk posture.
• Actively support and coordinate with the Information Systems Security Manager (ISSM).
• Engage with Information Systems Security Engineers (ISSEs) and support staff throughout the RMF lifecycle.
• Execute and analyze ACAS vulnerability scans and other DoD-approved tools to validate security control implementation.
• Participate in technical meetings to support RMF package development and authorization objectives.
• Maintain current knowledge of RMF, A&A processes, DoD, and Navy cybersecurity policy.
• Work collaboratively with system owners, technical leads, cybersecurity staff, and other stakeholders.
• Exercise strong customer service and communication skills in a fast-paced operational environment.
• Adhere to guidance outlined in the RMF Process Guide and Risk Assessment Guide.