Cambridge International Systems, Inc. · 4 months ago
Fully Qualified Validator – TS Clearance | Norfolk, VA
Norfolk, VA
Full-time
Onsite
Mid, Senior Level, Lead/Staff
8+ years expCambridge International Systems, Inc. is a dynamic global team focused on tackling complex challenges in defense and security. They are seeking a Fully Qualified Validator to conduct validation and risk assessment activities, create necessary documentation, and ensure compliance with DoD standards.
Cyber SecurityInformation Technology
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Responsible for conducting Validation and Risk Assessment (RA) activities in support of the customer (Validation Security Assessment Testing, System Risk Documentation, System Audits, Security Hardware and Software Testing)
Responsible for creating and providing all RMF appropriate artifacts and documentation necessary to plan and execute a thorough test of systems, document the system risks and report on the identified risks as necessary
Develop and maintain System Security Plans (SSP), Contingency Plans, Privacy Impact Assessments, Certification Reports, Accreditation Reports, POA&Ms, and other A&A documentation
Initiate and prepare A&A RMF packages; ensures existing A&A packages are maintained in a compliant status; verifies and validates A&A package requirements and configuration modifications are performed and tested
Actively work with the designated Information Systems Security Manager (ISSM) to provide final security assessment support and guidance
Required to conduct periodic auditing of RMF artifacts to ensure proper adherence to DoD instruction, Navy requirements, and the NIST Special Publication 800 series standards and industry best practices
Responsible for enhancing the overall quality of RMF packages for the purpose of receiving an ATO from the Navy Authorizing Official (NAO) or Authorizing Official Designated Representative (AODR)
Required to engage with the system Information Systems Security Engineer (ISSE) and ISSE support staff throughout the RMF process
Responsible for validation events for all the cyber OT&E infrastructure and toolset
Maintain thorough and current knowledge of RMF and A&A process and standards
Work closely with system owners, technical leads, cybersecurity staff, and other stakeholders to manage cybersecurity requirements
Integration and implementation of computer system security solutions
Execute and conduct analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans (or other DoD approved tools) to validate appropriate implementation of security controls in accordance with NIST, DoD and DoN publications
Coordinate technical meetings, prioritize topics, and identify objectives in support of package development
Exercise strong customer service and excellent communication skills in a fast-paced environment
Adhere to guidance outlined in RMF Process Guide
Qualification
Required
Minimum 8 years' experience as an NQV
Proficiency in Enterprise Mission Assurance Support Service (eMASS) and DoD Application and Database Management System (DADMS), along with a thorough understanding of National Institute of Standards and Technology (NIST) controls
Must have a current and active DoD TS security clearance with the ability to obtain a SCI clearance
Proficient with modern IT tools and infrastructure technologies
Preferred
Knowledge of cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities
Knowledge of organization's evaluation and validation requirements
Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data
Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins
Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption)
Knowledge of current industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts
Knowledge of risk management processes and methods for assessing and mitigating risk
Skill in determining how a security system should work, including its resilience and dependability capabilities
Skill in discerning protection needs (i.e., security controls) of information systems and networks
Draft statements of preliminary or residual security risks for system operation
Maintain information systems assurance and accreditation materials
Monitor and evaluate a system's compliance with IT security, resilience, and dependability requirements
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., defense-in-depth)
Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks
Knowledge of cryptography and cryptographic key management concepts
Knowledge of embedded systems
Knowledge of security risk assessments and authorization per RMF processes
Knowledge of new and emerging IT and cybersecurity technologies
Knowledge of structured analysis principles and methods
Knowledge of systems diagnostic tools and fault identification techniques
Knowledge of the organization's enterprise IT goals and objectives
Skill in applying confidentiality, integrity, and availability principles
Skill in identifying measures or indicators of system performance and actions needed to improve performance
Conduct Privacy Impact Assessments for security controls protecting PII
Perform validation steps, comparing actual results with expected results to identify impact and risks
Plan and conduct security authorization reviews and assurance case development for system and network installations
Provide technical evaluations of software applications, systems, or networks, documenting security posture, capabilities, and vulnerabilities
Recommend new or revised security, resilience, and dependability measures based on review results
Review security and privacy assessment plans
Review authorization and assurance documents to ensure risk is within acceptable limits
Verify implementation of security postures as stated, document deviations, and recommend corrective actions
Verify currency of software application/network/system accreditation and assurance documentation
Develop security compliance processes and/or audits for external services (e.g., cloud service providers)
Knowledge of core business/mission processes
Knowledge of PII data security standards
Knowledge of applicable laws and regulations relevant to security and privacy
Knowledge of local specialized system requirements for critical infrastructure/control systems
Knowledge of an organization's information classification program and procedures for information compromise
Benefits
Medical, dental, vision, life, accident, and critical illness insurance
401(k) immediate vesting and match
Paid time off and company holidays
Generous tuition & training support
Relocation assistance
Sign-on and performance-based bonuses
Employee referral program
Access to Tickets at Work, EAP, wellness initiatives, and more
Company
Cambridge International Systems, Inc.
At Cambridge International Systems, Inc. we design and deliver innovative and adaptive solutions to address capacity-building needs and enable success.
201-500 employees
Funding
Current Stage
Growth StageLeadership Team
Lisa Black
Chief Administrative Officer (CAO)
Recent News
Small Business Trends
2025-12-03
The Express Tribune
2025-07-02
Company data provided by crunchbase