Title:
Navy Qualified Validator
Program Summary:
KBR’s Product and Technology Solutions Division specializes in rapid prototyping and advanced technology solutions for directed energy, electronic warfare, and security applications. With expertise in electronic warfare systems, critical infrastructure protection, and product R&D, KBR delivers cutting-edge innovations to meet mission-critical needs. Backed by a global presence and a strong ethical framework, KBR collaborates closely with customers to develop secure, effective, and forward-thinking solutions.
Job Summary:
KBR is currently seeking multiple Validators who will provide support to the Naval Research Laboratory located in Washington, DC in accordance with the Navy RPG and NAVWAR Risk Assessment for the following activities: documentation, and artifacts in support of obtaining ATO from the appropriate AO.
Roles and Responsibilities:
Validators will fulfill the following core functions to support the Navy's RMF process and FSCA activities:
- Ability to conduct independent security control assessments according to NIST standards.
- Documentation Review - Review all RMF documentation, including but not limited to the System Security Plan (SSP), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M) to ensure that documentation aligns with NRL, Navy, and DoD cybersecurity policies, procedures, and standards. Validate the accuracy, completeness, and consistency of all system documentation.
- Independent Validation: Conduct independent validation of RMF controls for information systems and networks per the Navy RMF Process Guide. Verify that all security controls have been correctly implemented and are functioning as intended. Ensure the system's security posture is adequately documented, and all relevant artifacts are available for review by the Navy Authorizing Official (NAO)/Functional Authorizing Official (FAO) as appropriate.
- Assessment and Analysis: Conduct thorough assessments of security controls based on criteria set forth in NIST SP 800-53, CNSSI 1253, and other applicable Navy and DoD cybersecurity frameworks. Perform technical validation of implemented controls, including but not limited to vulnerability scanning, configuration assessments, and security testing. Analyze findings to determine potential impacts and likelihoods, contributing to a risk-based decision-making process.
- Risk Identification and Reporting: Identify, categorize, and document cybersecurity risks, vulnerabilities, and deficiencies discovered during the validation process. Provide comprehensive risk assessments that include severity ratings, likelihood determinations, and potential impact assessments. Recommend actionable and prioritized remediation strategies or compensating controls to address identified risks.
- Annual Security Reviews (ASRs): Support ASR activities per the Navy SCA Risk Assessment Guide. Validate and assess a subset of the security controls per the system’s approved System Level Continuous Monitoring (SLCM) Strategy. Each annual review will include verification of compliance of inherited controls within those families.
- Functional Security Control Assessor (FSCA) Liaison Support: Serve as FSCA-Liaisons (FSCA-Ls) as needed to review validations and support the FSCA in their duties to include but not limited to reviewing Validator generated SARs, drafting SAR Executive summaries, and reviewing and grading Validator assessments. FSCA-Ls will ensure all FSCA assessment documentation are aligned with Validator findings and the overall cybersecurity posture of the system. Serving as FSCA-Ls, Validators will ensure that independent validation efforts adhere to the Navy SCA Risk Assessment Guide and assess the quality of assessment documentation to include but not limited to the SSP, SAP, Security Test Report and the SAR. As FSCA-Ls, Validators will provide subject matter expertise and support to the FSCA in conducting assessments, validating security controls, and addressing deficiencies or gaps identified during the RMF process.
Basic Qualifications:
- Must be a U.S. citizen. Must possess or have previously possessed DoD SECRET security clearance or higher.
- BS/BA degree. 10+ (Ten) years of directly related experience.
- In lieu of degree 8 years additional related work experience.
- Experience with Risk Management Framework (RMF) and tools like eMASS (Enterprise Mission Assurance Support Service).
- Prior professional cybersecurity experience.
- Experience with cybersecurity for cloud environments.
- Knowledge of the Defense Information Systems Agency's Security Technical Implementation Guides (STIGs) is beneficial.
- General National Institute of Standards and Training Special Publications (NIST SPs) knowledge.
- Assessment and Authorization (A&A formerly C&A, i.e. RMF and DIACAP respectively) knowledge.
Preferred Qualifications:
- Prior experience with IT/OT systems is preferred.
- A DoD 8570.01-M IAM/IAT Level III certification
- Security+ certification
- Certified Authorization Professional (CAP)
- Certified Information Systems Security Professional (CISSP)
- Certified Advanced Security Practitioner (CASP)
- Navy Qualified Validator (NQV) certification a plus.
Compensation: $148,695 - $223,100. The salary range posted is for Washington, DC location. The offered rate will be based on the selected candidate’s location, knowledge, skills, abilities, and/or experience, contract affordability, and in consideration of internal parity.
Benefits:
KBR offers a selection of competitive lifestyle benefits which could include a 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule. We support career advancement through professional training and development
Belong, Connect and Grow at KBR
At KBR, we are passionate about our people and our Zero Harm culture. These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company. That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together.
KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.