Position Overview

The NQV conducts independent, comprehensive assessments of management, operational, and technical security controls and control enhancements implemented within, or inherited by, OPTEVFOR information technology (IT) systems. The role evaluates overall control effectiveness and provides independent cybersecurity analysis, documentation, validation, and risk determination in support of OPTEVFOR missions.

The SCA serves independently as a Navy Qualified Validator (NQV), performing validation activities under the Risk Management Framework (RMF) using Navy SCA-approved processes. The position applies expert knowledge of DoD and Department of the Navy (DoN) architectures, policies, and guidance to identify vulnerabilities, assess risk, and improve operational security posture in accordance with the RMF Process Guide series and Navy Assessment & Authorization (A&A) policy.

Security Clearance Requirement:
Eligibility for Top Secret / Sensitive Compartmented Information (TS/SCI).

Qualifications

Minimum of eight (8) years of experience performing duties as a Navy Qualified Validator (NQV)
Demonstrated proficiency with Enterprise Mission Assurance Support Service (eMASS) and familiarity with DoD Application and Database Management System (DADMS)
Thorough working knowledge of NIST security controls and their application within DoD/DoN RMF processes

Key Responsibilities

Assessment, Validation, and Risk Determination

Conduct Validation and Risk Assessment (RA) activities in support of OPTEVFOR systems, including:
- Validation Security Assessment Testing (VSAT)
- System risk documentation
- System audits
- Security hardware and software testing
Perform independent evaluations of security controls to determine effectiveness and residual risk
Produce complete, accurate, and defensible risk assessments in support of RMF authorization decisions

RMF Documentation and Artifacts

Create, review, and deliver all RMF-required artifacts and documentation necessary to plan, execute, and report on system security assessments
Document system risks, control deficiencies, and mitigation recommendations in accordance with RMF and Navy A&A guidance
Maintain and verify the accuracy and currency of authorization, assurance, and accreditation documentation
Draft statements of preliminary and residual security risk to support authorization decisions

Stakeholder Coordination and Advisory Support

Work closely with the designated OPTEVFOR Information Systems Security Manager (ISSM) to provide final security assessment guidance and validation support
Coordinate with Information Systems Security Engineers (ISSEs) and supporting staff throughout the RMF lifecycle
Collaborate with system owners, technical leads, cybersecurity personnel, and other stakeholders to manage and resolve cybersecurity requirements
Participate in technical meetings and working groups to support RMF package development and risk adjudication
Provide clear, actionable guidance on vulnerability remediation and risk posture determination

Vulnerability Assessment and Analysis

Execute and analyze ACAS/Tenable vulnerability scans and other DoD-approved assessment tools
Validate proper implementation of security controls in accordance with NIST, DoD, and DoN publications
Identify known vulnerabilities using alerts, advisories, errata, and bulletins
Verify implementation of stated security postures, document deviations, and recommend corrective actions

Governance, Compliance, and Continuous Improvement

Maintain current expertise in RMF and A&A policies, standards, and best practices
Adhere strictly to the RMF Process Guide and Risk Assessment Guide
Develop or refine security compliance processes and audit approaches, including those applicable to external services (e.g., cloud service providers)
Exercise strong customer service, professionalism, and communication skills in fast-paced operational environments

DCWF Knowledge, Skills, Abilities, and Tasks (KSATs)

Knowledge

Cyber defense, vulnerability assessment tools, and their capabilities
NIST, DoD, and DoN security principles, controls, and publications
Risk management processes, assessment methodologies, and mitigation strategies
Network security architecture concepts (topology, protocols, components, defense-in-depth)
Cryptography and cryptographic key management
Embedded systems and specialized systems supporting critical infrastructure
Emerging IT and cybersecurity technologies
Enterprise IT goals, mission processes, and information classification programs
PII protection standards and applicable security and privacy laws and regulations

Skills & Abilities

Conducting independent security control assessments and validation activities
Determining protection needs and appropriate security controls for IT systems and networks
Performing and analyzing vulnerability scans and assessment results
Monitoring and evaluating compliance with security, resilience, and dependability requirements
Applying confidentiality, integrity, and availability (CIA) principles
Comparing expected versus actual security outcomes to identify risk impacts
Developing risk statements, remediation recommendations, and corrective action guidance
Reviewing authorization packages and assurance documentation to ensure risk acceptance is appropriate
Verifying currency and accuracy of accreditation and authorization artifacts
Providing technical evaluations of systems, networks, and applications to document security posture

GCA is a minority veteran owned small business providing solutions to customer requirements in every realm of the intelligence and information technology industries to include, imagery/intelligence analysis, related systems engineering and administration, operations and maintenance, networking and VTC services.

GCA is committed to a safer tomorrow. The challenges facing our Nation and the World grow ever more complex and require the highest level of dedication, integrity, and service. These core values are the backbone GCA builds upon to provide our customers with exceptional service within the dynamic intelligence community and ever changing Information Technology sector.

(if you already have a resume on Indeed)

Or apply here.

* required fields

First Name*

Last Name*

Email*

Phone*

Yes, Text Me!

I consent to receiving text messages about this hiring process and, if hired, future job related information from Geospatial And Cloud Analytics Inc.

Message and data rates may apply. Message frequency varies. Reply STOP to opt out. Reply HELP for help. See our User Terms of Service and Privacy Policy for details.

Get faster updates with texting!

Message and data rates may apply. Message frequency varies. Reply STOP to opt out. Reply HELP for help. See our User Terms of Service and Privacy Policy for details.