Navy Qualified Validator (NQV)
About The Position
The NQV conducts independent, comprehensive assessments of management, operational, and technical security controls and control enhancements implemented within, or inherited by, OPTEVFOR information technology (IT) systems. The role evaluates overall control effectiveness and provides independent cybersecurity analysis, documentation, validation, and risk determination in support of OPTEVFOR missions. The SCA serves independently as a Navy Qualified Validator (NQV), performing validation activities under the Risk Management Framework (RMF) using Navy SCA-approved processes. The position applies expert knowledge of DoD and Department of the Navy (DoN) architectures, policies, and guidance to identify vulnerabilities, assess risk, and improve operational security posture in accordance with the RMF Process Guide series and Navy Assessment & Authorization (A&A) policy.
Requirements
- Minimum of eight (8) years of experience performing duties as a Navy Qualified Validator (NQV)
- Demonstrated proficiency with Enterprise Mission Assurance Support Service (eMASS) and familiarity with DoD Application and Database Management System (DADMS)
- Thorough working knowledge of NIST security controls and their application within DoD/DoN RMF processes
- Eligibility for Top Secret / Sensitive Compartmented Information (TS/SCI).
Responsibilities
- Conduct Validation and Risk Assessment (RA) activities in support of OPTEVFOR systems, including: Validation Security Assessment Testing (VSAT) System risk documentation System audits Security hardware and software testing
- Perform independent evaluations of security controls to determine effectiveness and residual risk
- Produce complete, accurate, and defensible risk assessments in support of RMF authorization decisions
- Create, review, and deliver all RMF-required artifacts and documentation necessary to plan, execute, and report on system security assessments
- Document system risks, control deficiencies, and mitigation recommendations in accordance with RMF and Navy A&A guidance
- Maintain and verify the accuracy and currency of authorization, assurance, and accreditation documentation
- Draft statements of preliminary and residual security risk to support authorization decisions
- Work closely with the designated OPTEVFOR Information Systems Security Manager (ISSM) to provide final security assessment guidance and validation support
- Coordinate with Information Systems Security Engineers (ISSEs) and supporting staff throughout the RMF lifecycle
- Collaborate with system owners, technical leads, cybersecurity personnel, and other stakeholders to manage and resolve cybersecurity requirements
- Participate in technical meetings and working groups to support RMF package development and risk adjudication
- Provide clear, actionable guidance on vulnerability remediation and risk posture determination
- Execute and analyze ACAS/Tenable vulnerability scans and other DoD-approved assessment tools
- Validate proper implementation of security controls in accordance with NIST, DoD, and DoN publications
- Identify known vulnerabilities using alerts, advisories, errata, and bulletins
- Verify implementation of stated security postures, document deviations, and recommend corrective actions
- Maintain current expertise in RMF and A&A policies, standards, and best practices
- Adhere strictly to the RMF Process Guide and Risk Assessment Guide
- Develop or refine security compliance processes and audit approaches, including those applicable to external services (e.g., cloud service providers)
- Exercise strong customer service, professionalism, and communication skills in fast-paced operational environments
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
