Cybersecurity Validator (IV&V) / Active Secret

Peraton is hiring an experienced Cybersecurity Validator (IV&V)

Location: Kansas City, MO, Quantico, VA, or Camp Lejeune, NC; Flexible for occasional telework – must be local to work location.

Overview: 

We are seeking an Independent Verification and Validation Specialist to:

• Support U.S. Marine Corps (USMC) enterprise-level hybrid-, multi-cloud operations.
• Enable USMC world-wide customers to execute critical missions.

What you will do:

• As a Independent Verification and Validation Specialist (Validator), you will work with a team responsible for validating system compliance with RMF Framework, DOD/Navy/USMC/MCCOG/HCS cybersecurity requirements for systems in the hybrid-, multi-cloud enterprise environment. 
• You will conduct validation of vulnerability analysis and self- assessment technical reviews, authorizaton and accreditation documentation and provide recommendations to government leadership on the risks associated with operating on or connected to USMC networks.  

Responsibilities include:

• Planning, leading and conducting verification and validation activities for cross-functional areas of Cybersecurity services.   
• Assessing implemented security controls including technical and documentation artifacts to determine compliance and risk posture.
• Interpreting information assurance & cybersecurity guidance and applying technical expertise to assess compliance and risk in the following areas:
• Navy/USMC Independent Verification & Validation.
• Authorization and Accreditation (C&A)/Assessment and Authorization (A&A) (including Risk Management Framework).
• Private and public cloud operations including commercial cloud-hosted environments (FedRAMP/DOD Certification inheritance models). 
• Preparing documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework).
• Preparing risk scoring and assessment recommendations to government leadership.
• Analyzing policies and procedures against Federal laws and regulations and provides recommendations for closing gaps to support Plan of Action and Milestone (POA&M) development.
• Conducting security program audits.
• Performing vulnerability assessments.
• Completes required analysis of and posting information through governance systems, currently eMASS.
• Supporting Security Control Assessor (SCA) operations.

Minimum requirements:

• 8 years with a BS/BAdegree; or minimum of 6 years with MS/MA; or minimum of 3 years with PhD. An additional 4 years of experience will be considered in lieu of the bachelors degree. 
• IAT II Certification required (8570) or Security Control Assessor-Intermediate (8140).
• ACAS and SCC/SCAP experience required.   
• eMASS experience and certification preferred.
• Experience in USMC or DOD RMF requirements for authorization and accreditation.
• Experience evaluating risk scoring.
• Experience with Evaluate STIG, Open RMF, manual STIG review (STIG Viewer, .cklb) and other STIG compliance review and tracking tools and practices.
• Knowledge and experience of cloud application of RMF and cloud security requirements.
• Knoweldge of NIST 800-53A and experiencing applying those guidelines in evaluating a system for security risk and compliance.
• Experience in documenting POA&Ms in eMASS and preparing and submitting Risk Assessment.
• Experience developing, planning, and executing security test plans such as Security Assessment Plan (SAP) and Security Assessment Reports (SAR).
• U.S. citizenship required. 
• DoD Secret clearance/Tier 3 BI.

Desired: 

• USMC or Navy Certified validator (preferred).
• Azure cloud certification (Administrator AZ-104 and Security Engineer AZ-500).
• RMF Certification.
• ACAS certification.