Summary

Join the Navy Exchange Service Command (NEXCOM) as a Cyber Security System Validator, responsible for analyzing IT systems according to the Navy Risk Management Framework (RMF). As a Navy Qualified Validator, you'll ensure the security and compliance of the Navy Exchange Enterprise's IT system.

This job is open to

The public

U.S. Citizens, Nationals or those who owe allegiance to the U.S.

Clarification from the agency

This position in accordance with SECNAV M-5510.30 will require a favorable Single Scope Background Investigation (SSBI).

Duties

Provides NEXCOM cybersecurity support, by performing full package analysis of all IT systems, as defined by the Navy Risk Management Framework (RMF) guide.
Serves as a Navy Qualified Validator (NQV) for the Navy Exchange Enterprise.
Interviews the Information Technology (IT) owner to obtain system or site information. Independently uses this and other available information to evaluate security features of the IT system or site being assessed and authorized. Extensively work with system-level program teams throughout the system lifecycle to ensure they meet DoD 8500 series.
Performs complete assessments of a system or network security controls, known threats, and vulnerabilities, and provides a complete summary of failed controls and documenting issues.
Provides clear and detailed technical feedback on potential risks affecting the systems vulnerability footprint and recommended courses of action to mitigate or consider other options to meet mission requirements while preserving or improving the security postures. Capable of going off test procedure scripts to extensively test a possible discrepancy that the test procedures may not fully identify.
Completes a Security Assessment Review (SAR) in collaboration with the Security Control Assessor (SCA) based on the assessment results.
Recommends updates to the POA&M based on the assessment results while ensuring traceability of all vulnerabilities from raw assessment results to the POA&M.
Prepares the SAR Executive Summary, with all assessment results, for SCA review.
Prepares and submit the Security Assessment Plan (SAP) with program assistance.
Serves in a continuous monitoring role of the system's security posture to ensure ongoing compliance and the timely detection of security issues after authorization, as necessary.
Assesses need for specialized IA training. Prepares lesson plans for such training, as required, and ensures that training is given to appropriate personnel. May personally instruct such courses. Maintains contacts with departmental line managers, customer activity personnel and senior personnel within the Cybersecurity community for the purpose of developing, enhancing and promoting the program objectives.
Keeps supervisors up to date on all assignments.
Performs other related duties as assigned.

Requirements

Conditions of Employment

Key Requirements

Candidate must meet all qualification requirements by the closing date of this announcement.
A one-year probationary period will be required upon selection.
Social Security Card must be presented at time of appointment.
If you are selected for this position, the documentation that you present for purposes of completing the Department of Homeland Security (DHS) Form I-9 will be verified through the DHS E-verify system. Federal Law requires verifying eligibility of all new hires. The Navy Exchange Service Command is an E-Verify Participant.
Incumbents of this position must be U.S. Citizens.
Candidates/Incumbent must be eligible for and obtain a Secret Clearance.

Other Requirements

Must be US Citizen.

SECNAV M-5239.2, DoN, Information Assurance (IA) Workforce Manual requires incumbents of this position to possess and maintain current, two types of certifications as follows:

IA Certification: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP+), GIAC Security Leadership Certification (GSLC).
Technical Certification: Operating System/Computing Environment (OS/CE) certificate of training as dictated by Supervisor and approved by Command Cyber IT/CSWF-PM.

Candidate is also required to sign a Privileged Access Agreement.

Candidates without the required certification may be placed into this job but must obtain the required certification within 6 months of appointment; failure to obtain this requirement will result in termination of employment.

This position in accordance with SECNAV M-5510.30 will require a favorable Single Scope Background Investigation (SSBI).

Qualifications

A total of 8 years of experience, consisting of the following combination:

Qualified candidates must be U.S. Citizens.

GENERAL EXPERIENCE: 3 years' experience in security, technical or investigative work which demonstrated the ability and aptitudes required to perform technical, managerial or analytical work involving management information systems.

OR

SUBSTITUTION OF EXPERIENCE FOR EDUCATION: One year of related academic study above the high school level may be substituted for 9 months of experience up to a maximum of a 4 year bachelor's degree in IT security or computer information systems for 3 years of general experience.

AND

SPECIALIZED EXPERIENCE: 5 years of demonstrated experience in at least two of the following:

Risk management validation;
IT security compliance and reporting;
Technical risk analysis; and
Authorization and accreditation.

And experience in the performance of:

System Security Assurance: ensuring that entire systems meet security requirements, function securely, and undergo comprehensive testing for overall security assurance.
Security Assessments: conducting security assessments and developing Security Assessment Plans (SAPs).
Technical Understanding: interpreting network diagrams, vulnerability scans, and compliance scans.
Security Documentation: creating and maintaining various security documents, including Security Assessment Plans.
Risk Management Framework: conducting security control assessments following a Risk Management Framework approach, along with conducting risk assessments and developing security assessment reports.

And in-depth knowledge of:

NIST 800-53, risk mitigation strategies for computer operating systems, networks, or cloud services, and security controls and compliance frameworks.

This position is designated in accordance with SECNAV M-5510.30 and will require a favorable Single Scope Background Investigation (SSBI). Candidates must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain will result in termination.

Education

4-year bachelor's degree in a related field preferred.

Additional information

Benefits

2024 Virtual Benefits Fair: https://www.virtualfairhub.com/Nexcom/public/welcome.

Retirement Video: https://vimeo.com/892701134/032227107c?share=copy.

Benefits

Review our benefits

How You Will Be Evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Your qualifications will also be evaluated on the Minimum Qualification Requirements as described in your profile and resume. Credit will be given for appropriate paid and unpaid experience or volunteer work.

Required Documents

To apply for this position, you must provide a complete Application package which includes:
a) Your Resume.
b) Completion of Automated Application.
c) Any documents you wish to be reviewed.

If you are relying on your education to meet qualification requirements:

Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education.

Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.

How to Apply

Applicants must apply online via the Navy Exchange website, https://www.mynavyexchange.com/nex/work-for-us, and click "Work for Us."

To apply, please access our website by clicking on the link below and search for job number 240002PT

https://nexcom.taleo.net/careersection/.nexcom_ext_prof_cs/jobdetail.ftl?job=240002PT&tz=GMT-04%3A00&tzname=America%2FNew_York.

Agency contact information

Human Resources

Email: nexcom.jobs@NEXWEB.ORG
Address: Navy Exchange Service Command - NEXCOM
3280 Virginia Beach Boulevard
Virginia Beach, VA 23452
US

Learn more about this agency

Next steps

After we receive your complete application package, your qualifications will be reviewed.
You may follow the status of your application through the automated hiring system.
Only those candidates chosen for an interview will be contacted.

Overview

Accepting applications

Open & closing dates

11/05/2024 to 02/04/2025
Salary

$88,520 - $113,629 per year
Based upon Experience.
Pay scale & grade

NF 5
Location

1 vacancy in the following location:
- Virginia Beach, VA
Remote job

No
Telework eligible

No
Travel Required

Occasional travel - 10%
Relocation expenses reimbursed

Yes— You may qualify for reimbursement of relocation expenses in accordance with agency policy.
Appointment type

Permanent
Work schedule

Full-time
Service

Excepted
Promotion potential

5 - NF-2210-5A, Management
Job family (Series)

2210 Information Technology Management
Supervisory status

Yes
Security clearance

Other
Drug test

No
Financial disclosure

No
Bargaining unit status

No
Announcement number

240002PT
Control number

817614100

Cybersecurity System Validator Job in Virginia Beach, VA