| ANALYGENCE is pursuing an opportunity to support the US Navy with operational test and evaluation support. The Security Control Assessor will conduct independent, comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls. The Assessor shall provide cybersecurity support, analysis, documentation, and validation services for OPTEVFOR IT systems. The Assessor serves independently as a Navy Qualified Validator (NQV), performing validation activities under the RMF process using Navy Security Control Assessor-approved processes and applies knowledge of DoD or DoN network architectures and policy toward assessment and identification of vulnerabilities as a means of improving operational security posture in accordance with the Risk Management Framework Process Guide series. The Assessor shall apply Navy Assessment & Authorization (A&A) guidance and policy to achieve/maintain program objectives on time/schedule ,and guidance regarding vulnerability remediation and determination of risk posture. 
 
 
 Responsible for conducting Validation and Risk Assessment (RA) activities in support of the customer (Validation Security Assessment Testing, System Risk Documentation, System Audits, Security Hardware and Software Testing).
Responsible for creating and providing all RMF appropriate artifacts and documentation necessary to plan and execute a thorough test of systems, document the system risks and report on the identified risks as necessary.
Develop and maintain System Security Plans (SSP), Contingency Plans, Privacy Impact Assessments, Certification Reports, Accreditation Reports, POA&Ms, and other A&A documentation.
Initiate and prepare A&A RMF packages; ensure existing A&A packages are maintained in a compliant status; verify and validate A&A package requirements and configuration modifications are performed and tested.
Actively work with the designated (OPTEVFOR) Information Systems Security Manager (ISSM) to provide final security assessment support and guidance.
Required to conduct periodic auditing of RMF artifacts to ensure proper adherence to DoD instruction, Navy requirements, and the NIST Special Publication 800 series standards and industry best practices.
Responsible for enhancing the overall quality of RMF packages for the purpose of receiving an ATO from the Navy Authorizing Official (NAO) or Authorizing Official Designated Representative (AODR).
Required to engage with the system Information Systems Security Engineer (ISSE) and ISSE support staff throughout the RMF process.
Responsible for validation events for all OPTEVFOR cyber OT&E infrastructure and toolset.
Maintain thorough and current knowledge of RMF and A&A process and standards.
Work closely with system owners, technical leads, cybersecurity staff, and other stakeholders to manage cybersecurity requirements.
Integration and implementation of computer system security solutions.
Execute and conduct analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans (or other DoD-approved tools) to validate appropriate implementation of security controls in accordance with NIST, DoD and DoN publications.
Coordinate technical meetings, prioritize topics, and identify objectives in support of package development.
Exercise strong customer service and excellent communication skills in a fast-paced environment.
Adhere to guidance outlined in RMF Process Guide. 
 Minimum 8 years' experience as an NQV.Proficiency in Enterprise Mission Assurance Support Service (eMASS) and DoD Application and Database Management System (DADMS), along with a thorough understanding of National Institute of Standards and Technology (NIST) controls. |