Navy Qualified Validator/ ISSE

Navy Qualified Validator

Summary/objective:

KMS Solutions is seeking a motivated individual to join a team of cyber security professionals and Navy Qualified Validators providing support to Team Submarine Cyber Security Directorate (TSUB Cyber). As part of this select team, you will support cybersecurity compliance of US Navy submarine systems, especially the Submarine Warfare Federated Tactical System (SWFTS). SWFTS is federated system of systems that integrates submarine offensive and defensive capabilities, combat control, navigation, communications, and sensors, including SONAR, RADAR, and Imaging. TSUB Cyber ensure cyber authorization of all submarine systems. It is part of Naval Sea Systems Command (NAVSEA) and Program Executive Office Undersea Warfare Systems (PEO UWS).

Essential functions:

Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions.

• Validation: Act as an independent third party who assesses and validates that a system has implemented the approved security control baseline.

• RMF Packages: Create, maintain, and validate accreditation documentation including System Security Plans (SSP), Implementation Plans, Privacy Impact Assessments, Security Assessment Plans (SAP), Risk Assessment Reports (RAR), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M). May perform different roles based on the specific RMF package, i.e., occasionally acting as Information System Security Engineer (ISSE) instead of NQV for select packages.

• PIT Risk Assessment: Evaluate cybersecurity posture and perform risk assessments on Platform Information Technology (PIT) and PIT control systems (Industrial Control Systems) to identify and mitigate technical and non-technical vulnerabilities.
• Vulnerability Remediation: Collaborate with engineers to remediate existing vulnerabilities or develop mitigations to minimize risks.
• Policy Compliance: Implement and apply Department of Defense (DoD), Department of the Navy (DoN), and National Institute of Standards and Technology (NIST) policy, instruction, and requirements.

• Security Compliance Evaluation: Conduct traditional security compliance evaluation activities on testing sites, developmental sites, and shipboard environments.
• Network Mapping and Vulnerability Scanning: Familiarity with network mapping, vulnerability scanning tools (e.g., ACAS, Nessus), and Security Technical Implementation Guides (STIGs) and Security Requirement Guides (SRGs).

• Ad Hoc Data Calls: Participate in ad hoc cybersecurity data calls to support critical assessments.

• SCA Trusted Agent: Act as liaison for the Security Control Assessor (SCA) to assist in all matters of validation, documentation, vulnerability mitigation, and residual risk determination.

Required education and experience:

• Currently certified as a Navy Qualified Validator (NQV) by NAVWAR.

• 5 years of experience independently performing the NQV activities defined in the Navy's Risk Management Framework (RMF) Process Guide (RPG) or DoD Info Assurance Certification & Accreditation Process (DIACAP).
• 10 years of experience with cyber security focused on Assessment and Authorization (A&A) including package development, documentation development, and validation.

• Experience with accreditation documentation including System Security Plans (SSP), Implementation Plans, Privacy Impact Assessments, Security Assessment Plans (SAP), Risk Assessment Reports (RAR), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M).

• Experience with A&A of Navy PIT system(s).
• In depth understanding and experience with the NIST RMF process and documentation.

• Information Assurance certification in compliance with DoD 8570 at IAM Level II or IAT Level II/III requirements, i.e., CISSP, CASP , CAP, CISM, GSLC, CISA, or CySA .

• Bachelor’s degree in a related field.

Preferred education and experience:

• Experience with submarine systems or naval weapons systems.
• Experience working with or supporting a program office within Team Submarine, NAVSEA, or a naval Program Executive Office.
• Experience working with Xacta cyber risk management platform and eMASSter automation tool.
• Experience developing and standardizing cybersecurity A&A processes and practices.
• Master’s degree in a related field.

Competencies:

• Good verbal and written communication skills, with the ability to collaborate effectively with a team of government and industry professionals.
• Ability to manage time well to meet assigned milestones.
• Proficiency working with distributed teams.
• Proficiency guiding, mentoring, and developing more junior cybersecurity workforce members.
• Ability to work with system developers to ensure their compliance with RMF policies, instructions, and guidance.

Additional eligibility requirements

Work authorization/security clearance requirements:

A Top Secret / Sensitive Compartmented Information (TS/SCI) clearance is required.

Other Duties:

Please note this job posting is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. – No change to these statements

Supervisory Responsibility:

None.

Work Environment:

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, and photocopiers.

Physical Demands:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

While performing the duties of this job, the employee is regularly required to talk or hear. Excellent listening skills are essential. The employee frequently is required to stand, walk, use hands to finger, handle or feel, and reach with hands and arms. – No change to these statements

Position Type/Expected Hours of Work:

The typical workday is eight hours in length. Some flexibility in hours is allowed, with concurrence from the supervisor. The employee must be available during the “core” work hours of 9:00 a.m. to 3:00 p.m. and must account for the hours in a pay period to maintain full-time status.

Telework:

This is position allows for up to 40% telework. Tasking will require periods of full in-office work for short periods every quarter.

Travel:

Up to 10% travel may be required to locations including, but not limited to, Newport, RI; Manassas, VA; and Bangor, WA.

AAP/EEO Statement:

KMS Solutions provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

KMS Solutions is a drug free workplace.

#ZR

#LI-HYBRID

#LI-KMS