PMA Validator/Vulnerability Manager/ISSO | Patuxent River, MD

PMA Validator/Vulnerability Manager/ISSO | Patuxent River, MD

Team CaVU

Our name is derived from the aviation acronym “Ceiling and Visibility Unlimited”. Team CaVU embodies this positive vibe as we bring creative, powerful and innovative solutions to clients and partners. CaVU is the provider of choice for our clients, crafting best-value support across a wide spectrum of functional areas. We are defined by integrity, technical excellence and commitment to our clients, people and partners. We consistently make a lasting, positive impact on our community—we make things better!

Job Description:

We are seeking an experienced PMA Validator/Vulnerability Manager/ISSO with Navy Qualified Validator (NQV) credentials to support the Program Management Activity (PMA)-268 for the MQ-25 and Unmanned Carrier Aviation Mission Control Station (UCMS). The ideal candidate will possess expert knowledge of cybersecurity policies and procedures relevant to Department of Defense (DoD) information systems, with emphasis on proficiency in executing all phases of the Navy Risk Management Framework (RMF) Process Guide (RPG). This role requires a strong background in developing and maintaining Security Packages within the Enterprise Mission Assurance Support Service (eMASS) database tool, including the collection of artifacts, test results, and scoring to support the assessment and authorization of operational Navy systems. The PMA Validator/Vulnerability Manager/ISSO will have demonstrated experience in validating controls and assessing risk, ensuring the security and compliance of critical naval information systems.

Responsibilities:

The Vulnerability Management Lead function is responsible for the establishment and execution of the PMA-268 Vulnerability Management Program. Responsibilities include:

• Development and implementation of a comprehensive PMA Vulnerability and Patch Management Policy.
• Coordination of the development of System-level Vulnerability and Patch Management Plans (VPMP).
• Serving as the NAVAIR Rapid Response Lead for PMA-268, including participation in Rapid Response meetings and coordination of consolidated PMA-268 responses to received Orders (e.g., EXORD, OPORD, TASKORD).
• Management of Vulnerability Risk Assessment Management (VRAM) records and provision of meeting summary notes to the PMA-268 cyber team for enhanced team awareness and cohesion.

The Validator function is responsible for assessing and validating PMA-268 RMF packages (ATOs and IATTs), ensuring compliance and security integrity. Responsibilities encompass:

• Coordination of the development of the Security Assessment Plan (SAP) with Integrated Product Teams (IPT) System Security Engineering (SSE) and system ISSOs.
• Execution of the SAP, provision of summaries of failed controls in eMASS (Risk Assessment), completion of the Security Assessment Report (SAR), and updating Plan of Actions and Milestones (POA&M) based on assessment results.
• Preparation of SAR Executive Summaries and support for Continuous Monitoring activities.
• Creation of consolidated lists of mitigation statements for POA&Ms to assist ISSOs with established mitigation statements for common non-compliant security controls.

The ISSO function supports the PMA-268 Information Systems Security Manager (ISSM) and SSE Lead in the execution of the Cybersecurity Program. Key tasks include:

• Review and provide feedback on Statements of Work (SoW), Contract Data Requirements Lists (CDRL), and Data Item Descriptions (DID).
• Offering assistance and guidance to other ISSOs within PMA-268.
• Updating and maintaining PMA-268 RMF Training Slides with the latest RMF guidance and roles/responsibilities flowcharts.
• Assistance in the development of eMASS Common Control Packages (CCPs), RMF security control templates, and the PMA Incident Response Plan.

Requirements:

• Bachelor's Degree required (preferred major in Engineering, Cyber Security, Information Security), Masters preferred
• Active DoD TS/SCI Clearance
• Six (6) years of DoD and/or Navy experience
• CISSP Certification or equivalent (CASP)
• Navy Qualified Validator (NQV) Level I or II
• Desired experience in C4I, Airborne platforms, and Unmanned Aviation

Comprehensive Compensation & Benefits Package:

Salary at CaVU is determined by various factors, including but not limited to location, education, training, certificates, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The expected salary range for this position is $125,000 - $155,000. To drive fair pay practices for employees, CaVU conducts regular comparisons across our employee groups and the industry. The above salary range represents a general guideline; however, CaVU considers a number of factors when determining salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.

At CaVU, our offerings include:

• 100% company-paid health, dental, and vision (to include individual, employee significant other, or family)
• 401K match with immediate vesting the date of hire with CaVU
• Employer paid $100,000 life insurance policy
• 11 paid holidays
• 10 days of vacation with graduating accruals every two years and 5 days of sick leave with capacity to carry-over annually
• Access to corporate discounts on retail/travel/entertainment
• Highly competitive compensation and opportunities for bonuses

EEO Commitment

CaVU is proud to be an equal opportunity employer, seeking to create a welcoming and diverse environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, ancestry, physical or mental disability, medical condition, marital status, genetics, age, or veteran status or any other applicable legally protected status or characteristic.

Salary : $125,000 - $155,000