Cybersecurity Validator (IV&V) / Active Secret

Peraton is hiring an experienced Cybersecurity Validator (IV&V)

Location: Kansas City, MO, Quantico, VA, or Camp Lejeune, NC; Flexible for occasional telework – must be local to work location.

Overview: 

We are seeking an Independent Verification and Validation Specialist to:

• Support U.S. Marine Corps (USMC) enterprise-level hybrid-, multi-cloud operations.
• Enable USMC world-wide customers to execute critical missions.

What you will do:

• As a Independent Verification and Validation Specialist (Validator), you will work with a team responsible for validating system compliance with RMF Framework, DOD/Navy/USMC/MCCOG/HCS cybersecurity requirements for systems in the hybrid-, multi-cloud enterprise environment. 
• You will conduct validation of vulnerability analysis and self- assessment technical reviews, authorizaton and accreditation documentation and provide recommendations to government leadership on the risks associated with operating on or connected to USMC networks.  

Responsibilities include:

• Planning, leading and conducting verification and validation activities for cross-functional areas of Cybersecurity services.   
• Assessing implemented security controls including technical and documentation artifacts to determine compliance and risk posture.
• Interpreting information assurance & cybersecurity guidance and applying technical expertise to assess compliance and risk in the following areas:
• Navy/USMC Independent Verification & Validation.
• Authorization and Accreditation (C&A)/Assessment and Authorization (A&A) (including Risk Management Framework).
• Private and public cloud operations including commercial cloud-hosted environments (FedRAMP/DOD Certification inheritance models). 
• Preparing documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework).
• Preparing risk scoring and assessment recommendations to government leadership.
• Analyzing policies and procedures against Federal laws and regulations and provides recommendations for closing gaps to support Plan of Action and Milestone (POA&M) development.
• Conducting security program audits.
• Performing vulnerability assessments.
• Completes required analysis of and posting information through governance systems, currently eMASS.
• Supporting Security Control Assessor (SCA) operations.

Minimum requirements:

• 8 years with a BS/BAdegree; or minimum of 6 years with MS/MA; or minimum of 3 years with PhD. An additional 4 years of experience will be considered in lieu of the bachelors degree. 
• IAT II Certification required (8570) or Security Control Assessor-Intermediate (8140).
• ACAS and SCC/SCAP experience required.   
• eMASS experience and certification preferred.
• Experience in USMC or DOD RMF requirements for authorization and accreditation.
• Experience evaluating risk scoring.
• Experience with Evaluate STIG, Open RMF, manual STIG review (STIG Viewer, .cklb) and other STIG compliance review and tracking tools and practices.
• Knowledge and experience of cloud application of RMF and cloud security requirements.
• Knoweldge of NIST 800-53A and experiencing applying those guidelines in evaluating a system for security risk and compliance.
• Experience in documenting POA&Ms in eMASS and preparing and submitting Risk Assessment.
• Experience developing, planning, and executing security test plans such as Security Assessment Plan (SAP) and Security Assessment Reports (SAR).
• U.S. citizenship required. 
• DoD Secret clearance/Tier 3 BI.

Desired: 

• USMC or Navy Certified validator (preferred).
• Azure cloud certification (Administrator AZ-104 and Security Engineer AZ-500).
• RMF Certification.
• ACAS certification.

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.