Cybersecurity Validator (IV&V) / Active Secret
Peraton · Kansas City, MO · 2 wk ago
HybridInformation TechnologyFull-time
Overview
We are seeking an Independent Verification and Validation Specialist to:
- Support U.S. Marine Corps (USMC) enterprise-level hybrid-, multi-cloud operations.
- Enable USMC worldwide customers to execute critical missions.
Responsibilities
- Planning, leading and conducting verification and validation activities for cross-functional areas of Cybersecurity services.
- Assessing implemented security controls including technical and documentation artifacts to determine compliance and risk posture.
- Interpreting information assurance & cybersecurity guidance and applying technical expertise to assess compliance and risk in the following areas:
- Navy/USMC Independent Verification & Validation.
- Authorization and Accreditation (C&A)/Assessment and Authorization (A&A) (including Risk Management Framework).
- Private and public cloud operations including commercial cloud-hosted environments (FedRAMP/DOD Certification inheritance models).
- Preparing documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework).
- Preparing risk scoring and assessment recommendations to government leadership.
- Analyzing policies and procedures against Federal laws and regulations and providing recommendations for closing gaps to support Plan of Action and Milestone (POA&M) development.
- Conducting security program audits.
- Performing vulnerability assessments.
- Completing required analysis of and posting information through governance systems, currently eMASS.
- Supporting Security Control Assessor (SCA) operations.
Minimum Requirements
- 8 years with a BS/BA degree; or minimum of 6 years with MS/MA; or minimum of 3 years with PhD. An additional 4 years of experience will be considered in lieu of the bachelors degree.
- IAT II Certification required (8570) or Security Control Assessor-Intermediate (8140).
- ACAS and SCC/SCAP experience.
- eMASS experience and certification.
- Experience in USMC or DOD RMF requirements for authorization and accreditation.
- Experience evaluating risk scoring.
- Experience with Evaluate STIG, Open RMF, manual STIG review (STIG Viewer, .cklb) and other STIG compliance review and tracking tools and practices.
- Knowledge and experience of cloud application of RMF and cloud security requirements.
- Knowledge of NIST 800-53A and experiencing applying those guidelines in evaluating a system for security risk and compliance.
- Experience in documenting POA&Ms in eMASS and preparing and submitting Risk Assessment.
- Experience developing, planning, and executing security test plans such as Security Assessment Plan (SAP) and Security Assessment Reports (SAR).
- U.S. citizenship required.
- DoD Secret clearance/Tier 3 BI.
Desired
- USMC or Navy Certified validator (preferred).
- Azure cloud certification (Administrator AZ-104 and Security Engineer AZ-500).
- RMF Certification.
- ACAS certification.
EEO
Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.