Serves a Supervisory Cybersecurity Analystwithin the Enterprise Cybersecurity and Compliance Office as a Validator. The validator will examine through demonstration, inspection, or analysis the extent to which a system or application meets a set of security requirements as specified by the Authorizing Official (AO), governing instructions, and directives. The Security Control Validator (SCV) develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics of systems or elements of systems incorporating IT.
Conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations. The position is responsible for evaluation of IT systems or its individual components to determine compliance with published standards. Plans, prepares, and executes tests of systems to evaluate results against specifications and requirements as well as analyze/report test results.
Supervises full performance employees to include: assigning and distributing work, coaching, counseling, tutoring, and mentoring employees; approving and disapproving leave, recommending and completing personnel actions, completing performance reviews and signing timecards, and training employees.
Develop test plans to address specifications and requirements. Make recommendations based on test results. Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated. Create auditable evidence of security measures. Validate specifications and requirements for testability. Analyze the results of software, hardware, or interoperability testing. Perform operational testing. Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements. Develop methods to monitor and measure risk, compliance, and assurance efforts.
Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks. Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.
Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions. Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas.
Coordinate with project management, development, and other technical teams to create and submit A&A packages using the Marine Corps Certification and Accreditation Support Tool. Assess the implementation of security controls and hardening on various technology platforms and guidance for vulnerabilities, STIGs, security requirements guides (SRG), RMF security controls. Coordinate and interface with a team of system administrators and network engineers to complete Cybersecurity testing on systems and networks, and assist with remediation guidance and verification.
Assists in the daily operations and development of the MR Cybersecurity program that identifies architecture, requirements, objectives and policies, personnel and processes and procedures as they relate to policy, standards, and guidelines. Provides security oversight for MR and subordinate commands. As a SCV, test the implementation of applicable Cybersecurity controls for an assigned MCCS system. Ensure that development, review, endorsement, and maintenance of security compliance documentation is accomplished. Validate that documentation includes the System Security Plan(s) (SSP) for all MR applications, networks, and stand-alone systems. Develop, coordinate, and conduct security, CY, and compliance training as required.
Performs security compliance efforts IAW the PCI, FISMA, NIST SP 800 series, FIPS series, and USMC related policies and procedures. Coordinates directly with Project Managers, service providers, consultants and other USMC commands for compliance requirements. Works directly and proactively with MCCS IT Security staff, Project Managers, IT Managers, and HQMC C4/CY to meet objectives and to ensure maximum effective use of tools, techniques, and methodologies in proposing, developing, and implementing IT solutions. Liaises with designated HQMC C4 office staffs responsible for system CY and IT Portfolio management to ensure currency with compliance matters. Occasional travel may be required. This is a white-collar position where occasional lifting up to 20 lbs. may be required.