(604) Navy Qualified Validator (NQV) III

Company Summary

Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future. 

Position Description:

The Navy Qualified Validator (NQV) III will support Naval Surface Warfare Center Philadelphia Division (NSWCPD) as a contractor through Arlo Solutions, serving as an independent and objective assessor and extension of the Navy Security Control Assessor (SCA). This key personnel position is responsible for validating security control implementation through testing, examination, and interviews in support of Risk Assessments and Annual Security Reviews to ensure the confidentiality, integrity, and availability of NSWCPD systems and networks.

Location: (Onsite) Philadelphia, PA

Clearance:  Active Secret


Responsibilities and/or Success Factors: Security Assessment and Validation

• Meet the Navy Cybersecurity Technical Authority (CSTA) NQV qualification standards and maintain a passing Proficiency Tracking Record (PTR) score as defined by the CSTA 
• Serve as an independent and objective assessor and extension of the Navy Security Control Assessor (SCA) 
• Assist with the development and execute Security Assessment Plans (SAP)
• Validate security control implementation through on-site and in-person testing, examination, and interviews in support of Risk Assessments and Annual Security Reviews 
• Independently review system configurations to determine compliance with applicable Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRG) 
• Ensure traceability exists between supporting artifacts Documentation and Reporting 
• Verify that all vulnerabilities from raw assessment results are properly documented in the system's Enterprise Mission Assurance Support Service (eMASS) Plan of Action and Milestones (POA&M) 
• Provide a summary of non-compliant security controls in Risk Assessment tab in eMASS in accordance with Navy SCA Risk Assessment Guide and the SCA 
• Prepare Security Assessment Report (SAR) and SAR Executive Summary based on assessment results and in accordance with NAVSEA Standard Operating Procedures (SOPs)
• Document non-compliance findings with clear remediation recommendations
• Ensure all deliverables comply with contract requirements and applicable government regulations Technical Consultation and Expertise 
• Provide risk assessment related technical consultations to Program Managers, Information System Owners, Information System Security Engineers (ISSE), and Information System Security Officers (ISSOs)
• Interpret and apply DoD, DON, and NAVSEA cybersecurity policies and requirements
• Assist with identifying security control baselines and applicable overlays
• Review RMF lifecycle documentation for compliance with standards and requirements
• Participate in change control and configuration management processes 
• Maintain a DOD, DON, or NAVSEA continuous inspection readiness posture Compliance and Coordination
• Coordinate the validation of security controls with other stakeholders in the RMF process
• Participate in cybersecurity inspections, tests, and reviews for the network environment
• Correlate findings from non-RMF vulnerability assessments to RMF controls for tracking
• Communicate effectively with all levels of management both orally and in writing
  
  

Minimum Qualifications Including Certificates: 

• Must be a U.S. Citizen
• Active Secret security clearance
• Bachelor's degree in computer science, information technology, communications systems management, or equivalent STEM degree from an accredited college or university
• Minimum 10 years' practical experience in cybersecurity or A&A related fields. Experience implementing/reviewing RMF lifecycle documentation, validating system security, and conducting risk assessments
• Must possess Navy Qualified Validator Certification from the Navy Certification Authority
• Current IAT-II certification (CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, or SSCP)

Desired Qualifications: 

• Experience with Navy cybersecurity programs and processes
• Familiarity with NIST Special Publications and DoD cybersecurity instructions
• Experience with eMASS, VRAM, and other DoD cybersecurity systems
• Knowledge of Navy and DoD organizational structure
• Experience with vulnerability management tools (ACAS, Tenable, etc.)
• Experience with Security Information and Event Management (SIEM) systems

AAP Statement

We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.