Navy Qualified Validator (NQV)
Company: Geospatial And Cloud Analytics Inc
Location: Virginia Beach
Posted on: February 19, 2026
|
|
|
Job Description:
Job Description Job Description Position Overview The NQV
conducts independent, comprehensive assessments of management,
operational, and technical security controls and control
enhancements implemented within, or inherited by, OPTEVFOR
information technology (IT) systems. The role evaluates overall
control effectiveness and provides independent cybersecurity
analysis, documentation, validation, and risk determination in
support of OPTEVFOR missions. The SCA serves independently as a
Navy Qualified Validator (NQV) , performing validation activities
under the Risk Management Framework (RMF) using Navy SCA-approved
processes. The position applies expert knowledge of DoD and
Department of the Navy (DoN) architectures, policies, and guidance
to identify vulnerabilities, assess risk, and improve operational
security posture in accordance with the RMF Process Guide series
and Navy Assessment & Authorization (A&A) policy. Security
Clearance Requirement: Eligibility for Top Secret / Sensitive
Compartmented Information (TS/SCI) . Qualifications Minimum of
eight (8) years of experience performing duties as a Navy Qualified
Validator (NQV) Demonstrated proficiency with Enterprise Mission
Assurance Support Service (eMASS) and familiarity with DoD
Application and Database Management System (DADMS) Thorough working
knowledge of NIST security controls and their application within
DoD/DoN RMF processes Key Responsibilities Assessment, Validation,
and Risk Determination Conduct Validation and Risk Assessment (RA)
activities in support of OPTEVFOR systems, including: Validation
Security Assessment Testing (VSAT) System risk documentation System
audits Security hardware and software testing Perform independent
evaluations of security controls to determine effectiveness and
residual risk Produce complete, accurate, and defensible risk
assessments in support of RMF authorization decisions RMF
Documentation and Artifacts Create, review, and deliver all
RMF-required artifacts and documentation necessary to plan,
execute, and report on system security assessments Document system
risks, control deficiencies, and mitigation recommendations in
accordance with RMF and Navy A&A guidance Maintain and verify
the accuracy and currency of authorization, assurance, and
accreditation documentation Draft statements of preliminary and
residual security risk to support authorization decisions
Stakeholder Coordination and Advisory Support Work closely with the
designated OPTEVFOR Information Systems Security Manager (ISSM) to
provide final security assessment guidance and validation support
Coordinate with Information Systems Security Engineers (ISSEs) and
supporting staff throughout the RMF lifecycle Collaborate with
system owners, technical leads, cybersecurity personnel, and other
stakeholders to manage and resolve cybersecurity requirements
Participate in technical meetings and working groups to support RMF
package development and risk adjudication Provide clear, actionable
guidance on vulnerability remediation and risk posture
determination Vulnerability Assessment and Analysis Execute and
analyze ACAS/Tenable vulnerability scans and other DoD-approved
assessment tools Validate proper implementation of security
controls in accordance with NIST, DoD, and DoN publications
Identify known vulnerabilities using alerts, advisories, errata,
and bulletins Verify implementation of stated security postures,
document deviations, and recommend corrective actions Governance,
Compliance, and Continuous Improvement Maintain current expertise
in RMF and A&A policies, standards, and best practices Adhere
strictly to the RMF Process Guide and Risk Assessment Guide Develop
or refine security compliance processes and audit approaches,
including those applicable to external services (e.g., cloud
service providers) Exercise strong customer service,
professionalism, and communication skills in fast-paced operational
environments DCWF Knowledge, Skills, Abilities, and Tasks (KSATs)
Knowledge Cyber defense, vulnerability assessment tools, and their
capabilities NIST, DoD, and DoN security principles, controls, and
publications Risk management processes, assessment methodologies,
and mitigation strategies Network security architecture concepts
(topology, protocols, components, defense-in-depth) Cryptography
and cryptographic key management Embedded systems and specialized
systems supporting critical infrastructure Emerging IT and
cybersecurity technologies Enterprise IT goals, mission processes,
and information classification programs PII protection standards
and applicable security and privacy laws and regulations Skills &
Abilities Conducting independent security control assessments and
validation activities Determining protection needs and appropriate
security controls for IT systems and networks Performing and
analyzing vulnerability scans and assessment results Monitoring and
evaluating compliance with security, resilience, and dependability
requirements Applying confidentiality, integrity, and availability
(CIA) principles Comparing expected versus actual security outcomes
to identify risk impacts Developing risk statements, remediation
recommendations, and corrective action guidance Reviewing
authorization packages and assurance documentation to ensure risk
acceptance is appropriate Verifying currency and accuracy of
accreditation and authorization artifacts Providing technical
evaluations of systems, networks, and applications to document
security posture
Keywords: Geospatial And Cloud Analytics Inc, Newport News , Navy Qualified Validator (NQV), IT / Software / Systems , Virginia Beach, Virginia
