Position Description: 

The Department of War’s (DoW) Chief Digital and Artificial Intelligence Office (CDAO) are at the forefront of supporting the DoW with the adoption of innovative technologies such as data, analytics, and artificial intelligence to help accelerate predictions, forecasts, and interpretations for both strategic and tactical decisions across the enterprise. These ground-breaking endeavors bring new challenges to the assessment of DoW IT systems that previously did not exist. The Security Control Assessor (SCA) plays a pivotal role in comprehensively understanding the cybersecurity posture of a given capability within CDAO. The Senior SCA provides authoritative risk determinations and recommendations critical for the Authorizing Official (AO) to grant an Authority to Operate (ATO). Their assessments integrate technical rigor with regulatory compliance, ensuring a robust security posture and informing strategic decision-making. SCARs must go beyond a mere compliance focus on controls to articulate the inherent risks of systems. Success in this position requires expertise in statutory guidance such as the NIST 800 series including SP 800-160, DoDI 5000.88, DoDI 8500.01, DoD 8140.03, ISO 27001, COBIT, DoD RMF, along with current cybersecurity best practices. In addition, success in this role requires strong networking fundamentals and the ability to understand and interpret network and system architecture diagrams/topologies to assess security impacts across the environment. The Senior SCAR should also possess foundational knowledge of cloud technologies, architecture, and a working understanding of DevSecOps practices and CI/CD pipelines to evaluate how security is integrated into modern delivery and operational processes.

Location:

Clearance:   Must have an active TS Clearance SCI eligible

Responsibilities and/or Success Factors: 

• Provide the AO with an independent risk assessment of assigned systems and an authorization. 
• recommendation.
• Advise Program Managers on AO determination utilizing OVL documentation.
• Provide senior advisory support to CDAO AO regarding authorizations of CDAO capabilities.
• Utilize expert knowledge and experience regarding risk management strategies.
• Providing support regarding the agile authorization and OVL processes.
• Provide independent risk analysis and recommendation.
• Collaborate between the AO and the program as well as Program leadership.
• Identify the security baseline based on the mission and security impacts to the system.
• Determine assessment criteria, develop, review, and create a plan to assess the security requirements.
• Assess the security requirements in accordance with the assessment procedures defined in the Security.
• Assessment Plan (SAP).
• Prepare the Security Assessment Report (SAR). 
• Monitor POAM actions based on findings and reassess remediated risk(s) as appropriate.
• Develop the Risk Recommendation and AO Determination Brief.
• Develop a system-level continuous monitoring strategy.
• Author and present briefs regarding status of authorizations to AO and other senior Government officials.
• Provides security architecture and DoD compliance advisory support.
• Perform other duties as assigned or required. Success Factors
• Have a strong background in information security systems management (ISSM), risk management, and governance, risk and compliance (GRC).
• Strong clients focus and commitment to continuous improvement, ability to proactively network and establish relationships.
• Manage multiple priorities in a high-paced and fast-changing environment.
• Experience supporting and assessing risks within a CI/CD DevSecOps environment. Key areas of experience would include data mesh, data orchestration, control gates review, and vulnerability management within a pipeline.
• Expansive knowledge with integrating IaaS, PaaS, and SaaS offerings into government cloud environments (ie. AWS, AZURE & GCP). Experience would include cloud computing, cloud storage, cloud native solutions, cloud data transfer, Cross Domain Solutions, and cloud networking.
• Experience assessing STIGs, Cloud Compliance Guides, Shares responsibility models, and System Mission Owner responsibilities within Government Cloud Environments.
• Experience working with OSD leadership or Military component or branch.
• Expert understanding of NIST 800 series guidelines, DoDI 8500.01, DoD 8140.03, rISO 27001, COBIT, DoD RMF, OVL, and current cybersecurity best practices.
• Excellent communication/presentation skills briefing senior military and government civilian leadership.
• Experienced with writing policies, guides, procedures.
• Experience in hands on with eMASS, Xacta and/or other GRC tools.
• Experience with Federal and FedRamp A&A Processes.  Experienced and comfortable advising at the Senior Executive Service (SES) level of customers.

Minimum Qualifications Including Certificates: 

• Must have an active TS Clearance SCI eligible
• bachelor’s degree in computer science/information technology, or other related degree fields (master’s degree is preferred or at least 10 years of related experience)
• At least 10+ years of cybersecurity experience including a senior technical or management role, Project or Program Management experience a plus.
• At least one IAT/IAM or equivalent security certifications ex. CISSP, CCSP, CISM, CISA, or CASP

Position Overview 

Seeking an RMF Sr. Information Security Systems Manager (ISSM) and Subject Matter Expert to support mission critical Office of the Undersecretary of War for Research and Engineering (OUSW (R&E) capabilities within all facets of the RMF.  This pioneering domain presents unique challenges, necessitating skilled ISSMs to maintain system security and oversee cyber implementation. The role demands accountability for upholding security standards across the organization, navigating the evolving landscape of defense technology and safeguarding sensitive information crucial to national security. To be successful in this position the candidate must possess a firm understanding of statutory guidance such as statutory guidance including 570.01 (Information Assurance Workforce Improvement Program), DoWI 8500.01 (Cybersecurity), DoW Directive 8140.03 (Information Systems Security Manager – DoW Cyber Exchange), and NIST 800-37 r2 (Risk Management Framework for Information Systems and Organizations). 

Successful candidates should be able to:

• Expertly Implements and Manages Cybersecurity Controls: Implement and manage controls across all system lifecycle phases, ensuring alignment with DoW 8500.01 and NIST 800-53 requirements to maintain robust security posture, tailored risk mitigations, and full alignment with DoW cybersecurity directives and OVL processes.
• Security Policy Development: Develop and implement security policies, procedures, and guidelines to ensure compliance with applicable laws, regulations, and industry best practices.
• Risk Management: Conduct risk assessments and identify potential vulnerabilities and threats to information systems. Develop and implement risk mitigation strategies and controls to minimize the impact of security incidents.
• Security Planning and Implementation: Collaborate with system administrators, network administrators, and other stakeholders to plan and implement security measures for information systems. This includes establishing security controls and standards for information systems including Continuous Monitoring.
• Incident Response and Management: Develop and implement incident response procedures to reconstitute system operations to address security incidents and breaches.
• Assurance and Resiliency: Ensure compliance with relevant security standards, regulations, and frameworks. Conduct periodic security audits and assessments to evaluate the effectiveness of security controls and identify areas for improvement.
• Security Documentation and Reporting: Maintain accurate and up-to-date security documentation, including security plans, risk assessments, and incident reports. Provide regular reports to management on the status of information security and any identified risks or vulnerabilities.

Work Location: Full-Time Onsite (Mark Center, DMV)

Clearance: Top Secret with SCI eligibility

Job Responsibilities and/or Success Factors

• Utilize expert knowledge and experience regarding risk management strategies in support of a major DoW program.
• Serve as the primary cybersecurity authority responsible for integrating System Security Engineering (SSE) principles into system design, development, and operational processes to ensure systems are secure by design and aligned with mission requirements.
• Collaborate between the Cyber Risk Assessor/Security Control Assessor and the program as well as DoW senior leadership.
• Reporting of status and metrics for body of evidence and authorization conditions.
• Develop and implement security policies, procedures, and guidelines to ensure compliance with applicable laws, regulations, and industry best practices.
• Conduct risk assessments and identify potential vulnerabilities and threats to information systems, to include threat modeling, attack surface analysis, and mission impact evaluation.
• Develop and implement risk mitigation strategies and controls to minimize the impact of security incidents, ensuring alignment with system architecture and engineering design.
• Oversee and validate system security architecture, including authorization boundaries, data flows, trust zones, and external system interfaces (ISAs), ensuring alignment with DoW 8500.01 and NIST 800-53.
• Collaborate with system administrators, network administrators, engineers, and developers to plan, design, and implement security measures for information systems, ensuring security controls are engineered into solutions and not applied post-development.
• Ensure integration of cybersecurity within DevSecOps pipelines, including validation of secure coding practices, automated scanning (SAST/DAST), and software supply chain risk management.
• Develop and implement incident response procedures to reconstitute system operations and address security incidents and breaches.
• Ensure compliance with relevant security standards, regulations, and frameworks while validating technical control implementation effectiveness across the system lifecycle.
• Conduct periodic security audits and assessments to evaluate the effectiveness of security controls and identify areas for improvement, ensuring alignment between control implementation and assessment outcomes.
• Lead and manage Continuous Monitoring (ConMon) activities, including oversight of ACAS, SCAP, STIG compliance, and system telemetry integration to detect and respond to security posture drift.
• Perform and oversee Security Impact Analyses (SIA) for system changes, technology refresh, and new capability integration to determine impact on authorization status and required actions.
• Maintain accurate and up-to-date security documentation, including security plans, risk assessments, architecture artifacts, and incident reports.
• Provide regular reports to the Government customer on the status of information security, risk posture, and any identified vulnerabilities or operational risks.
• Provide support regarding the DoW’s agile authorization. Experience with Operation Vulcan Logic (OVL) processes a plus.
• Ensure systems are:
• Secure by design
• Continuously monitored
• Objectively assessed
• Defensible to the Authorizing Official (AO)
• Should have a strong background in information security, systems engineering, risk management, and compliance.
• Strong client focus and commitment to continuous improvement, ability to proactively network and establish relationships.
• Manage multiple priorities in a high-paced and fast-changing environment.
• Perform other duties as assigned or required.

Successful candidates should be able to: (Enhanced Section)

• Expertly implement and manage cybersecurity controls across all system lifecycle phases, ensuring alignment with DoW 8500.01 and NIST 800-53 requirements.
• Apply System Security Engineering (SSE) principles (NIST 800-160) to ensure security is embedded within system architecture, design, and implementation.
• Translate cybersecurity requirements into technical engineering solutions and system configurations.
• Analyze system architectures to identify security gaps, attack vectors, and design weaknesses, and recommend engineering-based mitigations.
• Oversee integration of Zero Trust principles, identity management (ICAM), and encryption solutions within system environments.
• Ensure effective implementation of Continuous Monitoring strategies, including automated data collection, analysis, and reporting.
• Interpret assessment results and translate findings into actionable engineering and risk mitigation strategies.
• Support DevSecOps and continuous ATO (cATO) approaches through automation, tooling, and integration of security into development pipelines.

Education and Minimum Qualifications

• Must have an active Top Secret with SCI eligibility
• Bachelor’s degree in computer science/information technology, or other related degree fields (master’s degree is preferred or at least 10 years of related experience)
• At least 10+ years of cybersecurity experience including a senior technical or management role, Project or Program Management experience a plus.
• At least one IAT/IAM or equivalent security certifications ex. CISSP, CCSP, CISM, CISA, or CASP
• Experience working with OSD leadership or Military component or branch.
• Excellent communication/presentation skills briefing senior military and government civilian leadership.
• Experienced with writing policies, guides, procedures.
• Experience in hands on with eMASS, Xacta and/or other GRC tools.
• Experience with Federal and FedRamp A&A Processes.
• Experienced and comfortable advising at the Senior Executive Service (SES) level of customers

Position Overview 

The Department of War’s (DoW) Chief Digital and Artificial Intelligence Office (CDAO) are at the forefront of supporting the DoW with the adoption of innovative technologies such as data, analytics, and artificial intelligence to help accelerate predictions, forecasts, and interpretations for both strategic and tactical decisions across the enterprise. These ground-breaking endeavors bring new challenges to the assessment of DoW IT systems that previously did not exist.  

The Security Control Assessor (SCA) plays a pivotal role in comprehensively understanding the cybersecurity posture of a given capability within CDAO. SCAs must go beyond a mere compliance focus on controls to articulate the inherent risks of systems. Success in this position requires expertise in statutory guidance such as the NIST 800 series, DoW I 8500.01, DoW 8140.03, ISO 27001, COBIT, DoW RMF, and Operation Vulcan Logic (OVL), along with current cybersecurity best practices.

The Senior SCA provides authoritative risk determinations and recommendations critical for the Authorizing Official (AO) to grant an Authority to Operate (ATO). Their assessments integrate technical rigor with regulatory compliance, ensuring a robust security posture and informing strategic decision-making.

Work Location

Full time remote. Candidates in the Washington DC Metropolitan area preferred. Travel requirements will vary with location, however, expect approximately 10% to 25%.   

Job Responsibilities

• Provide the AO with an independent risk assessment of assigned systems and authorization.
• Advise Program Managers on AO determination utilizing OVL documentation.
• Provide senior advisory support to CDAO AO regarding authorizations of CDAO capabilities.
• Utilize expert knowledge and experience regarding risk management strategies in support of a major DoW program.
• Providing support regarding the agile authorization and OVL processes.
• Provide independent risk analysis and recommendation.
• Collaborate between the AO and the program as well as Program leadership.
• Identify the security baseline based on the mission and security impacts to the system.
• Determine assessment criteria, develop, review, and create a plan to assess the security requirements.
• Assess the security requirements in accordance with the assessment procedures defined in the Security.
• Assessment Plan (SAP).
• Prepare the Security Assessment Report (SAR).
• Monitor POAM actions based on findings and reassess remediated risk(s) as appropriate.
• Develop the Risk Recommendation and AO Determination Brief.
• Develop a system-level continuous monitoring strategy.
• Author and present briefs regarding status of authorizations to AO and other senior Government officials.
• Provides security architecture and DoW compliance advisory support.
• Perform other duties as assigned or required.

Success Factors

• Have a strong background in information security systems management (ISSM), risk management, and governance, risk and compliance (GRC).
• Strong clients focus and commitment to continuous improvement, ability to proactively network and establish relationships.
• Manage multiple priorities in a high-paced and fast-changing environment.
• Experience supporting and assessing risks within a CI/CD DevSecOps environment. Key areas of experience would include data mesh, data orchestration, control gates review, and vulnerability management within a pipeline.
• Expansive knowledge with integrating IaaS, PaaS, and SaaS offerings into government cloud environments (ie. AWS, AZURE & GCP). Experience would include cloud compute, cloud storage, cloud native solutions, cloud data transfer, Cross Domain Solutions, and cloud networking.
• Experience assessing STIGs, Cloud Compliance Guides, Shares responsibility models, and System Mission Owner responsibilities within Government Cloud Environments.
• Experience working with OSD leadership or Military component or branch.
• Expert understanding of NIST 800 series guidelines, DoWI 8500.01, DoW 8140.03, rISO 27001, COBIT, DoW RMF, OVL, and current cybersecurity best practices.
• Excellent communication/presentation skills briefing senior military and government civilian leadership.
• Experienced with writing policies, guides, procedures.
• Experience in hands on with eMASS, Xacta and/or other GRC tools.
• Experience with Federal and FedRamp A&A Processes.
• Experienced and comfortable advising at the Senior Executive Service (SES) level of customers.

Education and Minimum Qualification

• Must have an active TS Clearance SCI eligible.
• Bachelor’s degree in computer science/information technology, or other related degree fields (master’s degree is preferred or at least 10 years of related experience)
• At least 10+ years of cybersecurity experience including a senior technical or management role, Project or Program Management experience a plus.
• At least one IAT/IAM or equivalent security certifications ex. CISSP, CCSP, CISM, CISA, or CASP

Position Description: The Information System Security Officer (ISSO) III will support Naval Surface Warfare Center Philadelphia Division (NSWCPD) as a contractor through Arlo Solutions, serving as a key cybersecurity professional for NSWCPD Code 104. This key personnel position is responsible for coordinating cybersecurity processes and activities for assigned systems, ensuring compliance with all applicable policies, and managing security controls implementation throughout the Risk Management Framework (RMF) lifecycle.

Location:  Philadelphia, PA

Clearance:  Active Secret

Responsibilities and/or Success Factors:

Cybersecurity Compliance and Policy Implementation

•  Assist the Information System Security Managers (ISSM) in executing their duties and responsibilities
• Ensure compliance with all NAVSEA, DON, and DoD cybersecurity policies 
• Ensure relevant cybersecurity policy and procedural documentation is current and accessible 
• Coordinate cybersecurity processes and activities for assigned systems 
• Report changes in system security posture to the ISSM Security Assessment and Authorization (A&A) Management 
• Maintain and report Assess Only (AO) and Assessment and Authorization (A&A) status to Program Managers, Information System Owners, and ISSMs
• Provide oversight of Security Plans for assigned systems throughout their lifecycle 
• Manage and maintain Plan of Actions and Milestones (POA&M), tracking vulnerabilities through remediation 
• Assist with identification of security control baselines and applicable overlays 
• Coordinate the validation of security controls with Navy Qualified Validators (NQV) 
• Perform Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews 
• Adjudicate findings from Package Submitting Officer (PSO) System Security Management
• Register and maintain systems in Enterprise Mission Assurance Support Service (eMASS) 
• Plan and coordinate security control testing during Risk Assessments and Annual Security Reviews 
• Maintain vulnerability data in Vulnerability Remediation Asset Manager (VRAM) 
• Participate in change control and configuration management processes 
• Ensure execution of Continuous Monitoring requirements as defined in system strategies 
• Review all data produced by Continuous Monitoring activities and update eMASS records as necessary 
• Correlate findings from non-RMF vulnerability assessments to RMF controls for holistic risk assessment Cybersecurity Analysis and Reporting 
• Perform analysis of logs, events, and reporting from various data collection tools 
• Assess impacts from observed risks and report via the Cybersecurity Program chain of command 
• Present data to management in a comprehensive and cohesive manner 
• Develop reports and produce procedural documentation as required 
• Evaluate system administrator, security engineer, and/or system owner proposed corrections

Minimum Qualifications Including Certificates:

• Must be a U.S. Citizen 
• Active Secret security clearance 
• Bachelor's degree in computer science, information technology, communications systems management, or equivalent STEM degree from an accredited college or university 
• Minimum 6 years of experience coordinating and implementing security changes, ensuring compliance with published policies, conducting cybersecurity vulnerability and threat analysis, and supporting cyber incident response 
• Current IAM-II certification (CAP, CASP+ CE, CISM, CISSP, GSLC, CCISO, or HCISPP)

Desired Qualifications: 

• Experience with the DoD Information Assessment and Authorization (A&A) process 
• Familiarity with Risk Management Framework (RMF) implementation 
• Proficiency with eMASS, VRAM, and other DoD cybersecurity systems 
• Experience with NIST Special Publications and DoD/Navy cybersecurity directives 
• Experience with vulnerability management tools (ACAS, HBSS, etc.) 
• Knowledge of Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)

Position Description:

The Program Manager will support Naval Surface Warfare Center Philadelphia Division (NSWCPD) as a contractor through Arlo Solutions, serving as the primary leader for cybersecurity and information assurance support services for NSWCPD Code 104. This key personnel position leads a team providing comprehensive cybersecurity program implementation, validation, and compliance services in support of the DoD Information Assessment and Authorization (A&A) process and Risk Management Framework (RMF).

Location: (Onsite) Philadelphia, PA

Clearance:  Active Secret

Responsibilities and/or Success Factors:

Program Leadership and Team Management:

• Serve as the overall program manager and primary interface with NSWCPD Code 104 customers 
• Plan and direct tasks, as well as conduct on-site supervision of subordinate personnel
• Validate and verify that work products and services of team members meet expectations and requirements 
• Review all deliverables and work products before they are delivered to ensure quality and compliance Project Management 
• Ensure, enact, and validate project execution in accordance with Department of Navy requirements and within time constraints 
• Partner with government project managers to ensure all key activities and actions are captured, scheduled, and risks identified and mitigated 
• Prepare project schedules, including resource loading, dependencies, and critical path analysis 
• Monitor progress of tasks and prepare progress reports per CDRL A001 requirements 
• Ensure compliance with all NAVSEA, DON, and DoD cybersecurity policies and procedures Client Communication 
• Communicate effectively with all levels of management both orally and in writing 
• Serve as the principal point of contact between NSWCPD and the contractor team 
• Present program status, challenges, and achievements to government stakeholders 
• Facilitate communication between all RMF stakeholders throughout the process Risk Management 
• Identify, track, and mitigate program and technical risks 
• Ensure all security requirements are being met by the team 
• Oversee plan of action and milestones (POA&M) management and resolution 
• Coordinate responses to cybersecurity findings and incidents Compliance and Reporting 
• Ensure all deliverables comply with contract requirements and applicable government regulations 
• Oversee preparation of all required reports and documentation per contract CDRLs 
• Maintain security clearance and meet all security requirements specified in Section 5 of the PWS 
• Ensure team maintains compliance with security training requirements

Minimum Qualifications Including Certificates: 

• Must be a US Citizen 
• Active Secret security clearance 
• Bachelor's degree in computer science, information technology, communications systems management, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university OR Project Management Professional Certification (PMP) 
• Ten (10) years' experience in managing a team in information technology while serving as the overall program manager and primary interface with customers 
• Five (5) years of experience related to information assurance 
• Experience with DoD Information Assessment and Authorization (A&A) process and Risk Management Framework (RMF) 
• Demonstrated leadership abilities and strong communication skills

Desired Qualifications: 

• Experience with Navy cybersecurity programs and processes 
• Familiarity with NIST Special Publications and DoD cybersecurity instructions 
• Experience with eMASS, VRAM, and other DoD cybersecurity systems 
• Knowledge of Navy and DoD organizational structure

Position Description:

The Information System Security Manager (ISSM) III will support Naval Surface Warfare Center Philadelphia Division (NSWCPD) as a contractor through Arlo Solutions, serving as a key cybersecurity leader for NSWCPD Code 104. This key personnel position is responsible for overseeing and managing information security program implementation within the organization, supporting DoD Information Assessment and Authorization (A&A) process and Risk Management Framework (RMF) services, and ensuring compliance with all NAVSEA, DON, and DoD cybersecurity policies.


Location: (Onsite) Philadelphia, PA

Clearance:  Active Secret

Responsibilities and/or Success Factors:

Cybersecurity Program Management

• Support IT security goals and objectives to reduce overall organizational risk 
• Communicate the value of IT security throughout all levels of organization stakeholders 
• Coordinate with various levels of the organization to oversee information security program implementation 
• Manage cyber strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources 
• Assist with facilitating communication between all RMF stakeholders throughout the RMF process Security Assessment and Authorization 
• Assist with the collection of data needed to meet system cybersecurity reporting requirements 
• Assist with security improvement actions as they are evaluated, validated, and implemented 
• Participate in information security risk assessments during the Security A&A process 
• Assist with identifying security requirements specific to IT systems in all phases of the system life cycle 
• Coordinate with programs to resolve findings identified during internal and external review processes Compliance and Risk Management 
• Assist with cybersecurity inspections, tests, and reviews for the network environment 
• Assist with identifying alternative information security strategies to address organizational security objectives 
• Interpret patterns of noncompliance to determine their impact on risk levels and overall effectiveness of the enterprise's cybersecurity program 
• Track audit findings and recommendations to ensure appropriate mitigation actions are taken 
• Monitor systems for upcoming authorization conditions/stipulations, upcoming or past due POA&M items, and SLCM activities Documentation and Reporting •
• Develop findings reports and recommended corrective actions for identified deficiencies 
• Report system compliance in DON Application and Database Management System (DADMS), Department of Defense Information Technology Portfolio Repository – Department of the Navy (DITPR-DON), and Vulnerability Remediation Asset Manager (VRAM) 
• Assist with Quality Assurance (QA) reviews for RMF package submissions in accordance with NSWCPD and NAVSEA 03 SOP 
• Ensure successful implementation and functionality of security requirements and appropriate IT policies and procedures consistent with the organization's mission and goals 
• Track and respond to Cybersecurity data calls per Government guidance
  
  

Minimum Qualifications Including Certificates:

• Must be a U.S. Citizen 
• Active Secret security clearance 
• Master's degree in computer science, information technology, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university 
• Eight (8) years of experience coordinating with various levels of an organization to oversee and manage information security program implementation 
• Experience managing cyber strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources 
• Must possess one of the following certifications: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, or HCISPP 
• IAM-II certification level 
• Experience with DoD Information Assessment and Authorization (A&A) process and Risk Management Framework (RMF)

Desired Qualifications:

• Experience with enterprise security technologies and tools including eMASS and VRAM 
• Knowledge of NIST Special Publications and DoD cybersecurity instructions 
• Experience with Navy and DoD organizational structures and policies 
• Familiarity with NAVSEA cybersecurity requirements and procedures 
• Experience with vulnerability management and continuous monitoring 
• Demonstrated leadership abilities and strong communication skills

Position Description:

The Policy Executive/Strategic Planner will support Naval Surface Warfare Center Philadelphia Division (NSWCPD) as a contractor through Arlo Solutions, serving as a key personnel position for cybersecurity and information assurance support services for NSWCPD Code 104. This role is responsible for developing high-level cybersecurity policies, strategic plans, and technical documentation that supports the DoD Information Assessment and Authorization (A&A) process and Risk Management Framework (RMF) implementation across the organization.


Location: (Onsite) Philadelphia, PA

Clearance:  Active Secret

Responsibilities and/or Success Factors: Policy Development and Strategic Planning 

• Support writing and documenting of high-level policies or strategies for cybersecurity as guided by the Government
• Develop technical documentation such as user manuals, reports, procedures, presentations, proposals, outlines, and summaries
• Create strategic plans aligned with Navy, DoD, and Federal cybersecurity requirements and policies
• Provide consultation, guidance, and portfolio management for systems and software compliance
• Present and explain complex cybersecurity policies and strategies to executives and leadership Program Implementation Support
• Provide support for cybersecurity program activities including development and maintenance of Plan of Actions and Milestones (POA&Ms)
• Track status of cybersecurity initiatives and provide scheduling for cybersecurity program reviews
• Maintain cybersecurity website content management and document milestones and issues
• Track and respond to cybersecurity data calls per Government guidance
• Provide configuration management and software reengineering consultation to facilitate application consolidation, migration, and retirement Technical Documentation and Communication
• Develop comprehensive technical and strategic documentation that meets established standards
• Provide weekly updates regarding assigned projects and tasks including percentage of completion, concerns/issues
• Communicate effectively with stakeholders at all organizational levels
• Translate complex technical requirements into clear policy directives
• Create presentations and final deliverable reports as required per CDRL requirements Governance and Compliance
• Ensure relevant cybersecurity policy and procedural documentation is current and accessible
• Assist in interpretation of patterns of noncompliance to determine their impact on risk levels
• Identify alternative information security strategies to address organizational security objectives
• Ensure policy alignment with NAVSEA, DON, and DoD cybersecurity policies
• Support cybersecurity program implementation within the organization's area of responsibility Coordination and Collaboration
• Partner with government project managers to capture key activities and mitigate risks
• Work closely with Information System Security Managers (ISSM) and Information System Security Officers (ISSO)
• Coordinate with programs to resolve findings identified during internal and external reviews
• Facilitate communication between all RMF stakeholders throughout the process \Collaborate with technical teams to ensure practical implementation of policies
  
  

Minimum Qualifications Including Certificates: 

• Must be a U.S. Citizen
• Active Secret security clearance
• Bachelor's degree in computer science, information technology, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university
• Eight (8) years' experience with writing policies, technical documents, strategic plans, designs, cybersecurity operations and procedures, as well as presenting and explaining those products to executives
• Experience with DoD Information Assessment and Authorization (A&A) process and Risk Management Framework (RMF)
• Strong technical writing skills and ability to present complex information clearly
• Demonstrated experience developing cybersecurity policies and procedures
• Knowledge of Navy and DoD cybersecurity standards, regulations, and guidelines

Desired Qualifications:

• Experience with Navy cybersecurity programs and processes
• Familiarity with NIST Special Publications and DoD cybersecurity instructions
• Experience with eMASS, VRAM, and other DoD cybersecurity systems
• Knowledge of Navy and DoD organizational structure
• Understanding of technical aspects of cybersecurity implementation
• Experience briefing executive leadership on cybersecurity matters

Position Overview

The Specialist, Information System Security III (SISS3) will support the Naval Surface Warfare Center Philadelphia Division (NSWCPD) Department 40 as contractor staff through Arlo Solutions. This key personnel position provides senior-level cybersecurity expertise and technical execution in support of Propulsion, Power & Auxiliary Machinery Systems Cybersecurity requirements, with specific focus on Risk Management Framework (RMF) lifecycle activities, Assessment & Authorization (A&A), and ongoing compliance and assurance across Navy afloat and ashore environments. The SISS3 is responsible for the development, validation, implementation, and continuous monitoring of cybersecurity controls in accordance with Department of Defense (DoD), Department of Navy (DON), and Naval Sea Systems Command (NAVSEA) policy.

Work Location:  Primary: Philadelphia, PA; periodic travel to customer and operational sites may be required

Clearance:  Active Secret security clearance

Job Responsibilities and/or Success Factors

Cybersecurity Assessment and Implementation

• Conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks, and protection needs
• Execute Security Assessment Plans (SAPs) by conducting on-site testing for afloat and Platform Information Technology (PIT) ashore systems
• Apply Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs), and perform Assured Compliance Assessment Solution (ACAS) scanning
• Implement security patches and configuration changes to obtain cybersecurity compliance and remediate vulnerabilities
• Perform analysis of logs, events, and reporting from various data collection tools including ACAS, Host Based Security Systems (HBSS), Security Information and Event Management (SIEM), firewall systems, and intrusion detection systems

Risk Management Framework (RMF) Support

• Develop and maintain Plan of Action and Milestones (POA&M) for all Information Assurance-related tasks and deliverables in Enterprise Mission Assurance Support Service (eMASS)
• Support continuous monitoring activities for authorized systems to maintain Authorization to Operate (ATO) status
• Document residual risks based on package content and assessment results for Security Controls Assessor review
• Maintain current vulnerability scan data and residual risk POA&Ms in Vulnerability Remediation Asset Manager (VRAM)
• Ensure compliance with NIST SP-800-37, SP-800-53 Rev 4, DoD Instruction 8510.01, and NAVSEA Business Rules

Systems Security and Monitoring

• Conduct systems security reviews, audits, and evaluations to ensure accreditation documents accurately represent current risk posture
• Monitor and assess impacts from observed cybersecurity risks and report via the Cybersecurity Program chain of command
• Perform evaluation of system administrator and security engineer proposed corrections to ensure compliance
• Test systems to verify adequate functionality for mission and project requirements
• Support Information Assurance Vulnerability Management (IAVM) activities including remediation, patching, and scanning

Technical Documentation and Reporting

• Develop technical documentation including vulnerability assessments, risk assessments, and security compliance reports
• Create and maintain system architecture diagrams, authorization boundary diagrams, and defense in depth diagrams
• Present and submit data to management, develop comprehensive reports, and produce procedural documentation
• Prepare security-related deliverables in accordance with contract CDRLs and government requirements

Operating System Administration

• Provide expert subject matter knowledge of Windows operating systems (Windows 11, 10, 7, XP, 2000, CE 6.0) and Red Hat Enterprise Linux
• Apply system configuration changes and software application updates as required by automated security assessment tools
• Identify, present, and implement improvements to operating system configuration settings to maintain secure operations
• Develop and enhance operating procedures, process guides, and system-level RMF Control Family Plans

Compliance and Coordination

• Ensure all security requirements and controls are implemented in accordance with DoD and Navy cybersecurity policies
• Coordinate with government personnel, system owners, and other stakeholders throughout the RMF process
• Support configuration control board practices and track deliverables per A&A guidance
• Maintain security clearance and comply with all security requirements specified in the contract

Education and Minimum Qualifications

• Must be a U.S. Citizen
• Active Secret security clearance
• Target Education: High school diploma or high school equivalency certificate
• Target Experience: Five (5) years of experience in the following areas:
  • Cybersecurity, Engineering, Test and Evaluation (T&E), or A&A related field
  • Information Assurance tools such as Defense Information Systems Agency (DISA) eMASS and ACAS
  • Microsoft Windows Operating System Administration, including Windows 11, Windows 10, Windows 7, and Windows XP (at a minimum)
  • Command line interface, PowerShell, and performing automated tasking through use of code
• Minimum Certification: Must demonstrate at least one of the following Information Assurance Technical (IAT) Level 2 certifications (acceptable certifications include: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, or SSCP)

Continuing Professional Education Requirements

• Maintain current IAT Level 2 certification with required Continuing Professional Education (CPE) as mandated by certification body
• Complete all required Government mandated training including Antiterrorism Level 1 Awareness, Operations Security (OPSEC), Cybersecurity 101 Training, and other security-related training as specified

Desired Qualifications

• Experience with Navy cybersecurity programs and RMF processes
• Familiarity with NIST Special Publications and DoD cybersecurity instructions
• Experience with eMASS, VRAM, ACAS, and other DoD cybersecurity systems
• Knowledge of Navy and DoD organizational structure
• Experience supporting NAVSEA or other Navy commands
• Professional experience in DoD or Navy environments

Position Overview

The Fully Qualified Navy Validator III will support Naval Surface Warfare Center Philadelphia Division (NSWCPD) Department 40 as a contractor through Arlo Solutions, serving as a senior cybersecurity validation specialist providing comprehensive Risk Management Framework (RMF) package validation and assessment services for Propulsion, Power & Auxiliary Machinery Systems. This key personnel position acts as an independent third-party validator who assesses and validates that systems have implemented approved security control baselines in accordance with Department of Defense (DoD) RMF processes and Navy cybersecurity requirements for both afloat and Platform Information Technology (PIT) ashore systems.

Work Location; Primary: Philadelphia, PA; periodic travel to customer and operational sites may be required

Clearance:  Active Secret

Job Responsibilities and/or Success Factors

Navy Qualified Validator (NQV) Registration and Certification

• Register and maintain listing on the official Navy Qualified Validators registry
• Perform and support activities as a certified Navy Validator for Risk Management Framework (RMF) packages
• Ensure strict separation of duties between the Information System Security Manager (ISSM)/Information System Security Engineer (ISSE) and Navy Qualified Validator roles
• Maintain current NQV Level III certification and comply with all associated requirements
• Act as a trusted agent to the Security Control Assessor (SCA) and SCA Liaison throughout the validation process

Security Assessment Planning and Execution

• Prepare comprehensive Security Assessment Plans (SAPs) with input from system ISSEs and ISSMs
• Submit SAPs for approval by the SCA prior to validation activities
• Conduct independent third-party assessments to validate that systems have implemented approved security control baselines
• Perform on-site validation testing as required for afloat and PIT ashore systems
• Execute validation activities in accordance with DON SCA office requirements and procedures

Security Assessment Reporting and Documentation

• Develop comprehensive Security Assessment Reports (SARs) to document residual risk of non-compliant security controls
• Create SAR Executive Summaries and Functional Security Control Assessor (FSCA) Appendices
• Document residual risk in Risk Assessment Reports (RARs) in accordance with NAVSEAINST 9400.2 instruction
• Provide detailed briefings to Program Managers and ISSMs on validation findings and recommendations
• Ensure all validation documentation meets DON, NAVSEA Business Rules, and DoD cybersecurity standards

Risk Assessment and Validation Activities

• Conduct comprehensive risk and vulnerability assessments of planned and installed systems
• Identify vulnerabilities, risks, and protection needs through systematic validation processes
• Perform systems security reviews, audits, and evaluations to ensure accreditation documents accurately represent current risk posture
• Validate compliance with all applicable Controls and Assessment Procedures (APs) for assigned DON systems
• Develop appropriate test procedures when necessary and execute comprehensive security testing protocols

RMF Package Validation Support

• Validate RMF packages in accordance with DoD Instruction 8510.01, NAVSEA Business Rules, and DON RMF Process Guides
• Review and assess Authorization Boundary Diagrams, Defense in Depth Diagrams, Security Plans, and other RMF artifacts
• Evaluate system compliance with National Institute of Standards and Technology (NIST) SP-800-37, SP-800-53 Rev 4, and applicable cybersecurity frameworks
• Support continuous monitoring activities to maintain Authorization to Operate (ATO) status
• Coordinate validation activities with government personnel, system owners, and other RMF stakeholders

Technical Documentation and Analysis

• Perform detailed technical documentation analysis of software/hardware associated with systems and components
• Develop system architecture diagrams, software design requirements, and network connection diagrams
• Create and maintain vulnerability assessments and security compliance documentation
• Analyze logs, events, and reporting from various data collection tools including Assured Compliance Assessment Solution (ACAS), Host Based Security Systems (HBSS), Security Information and Event Management (SIEM), and firewall systems
• Present validation findings and submit comprehensive data to management in a cohesive manner

Cybersecurity Technical Writing and Communication

• Write technical documentation including user manuals, reports, policies, presentations, and security assessments
• Develop RMF plans, policies, and procedural documentation for multiple platforms
• Create comprehensive vulnerability assessments and risk assessment reports
• Support development of technical documents across configuration management and RMF documentation platforms
• Communicate validation results and recommendations effectively to all levels of management

Quality Assurance and Compliance

• Ensure all validation activities comply with published Navy, NAVSEA Business Rules, NIST standards, and DoD regulations
• Verify accuracy of security control implementations and document any deficiencies or non-compliance issues
• Support Information Assurance Vulnerability Management (IAVM) activities including validation of remediation efforts
• Test systems to verify adequate functionality for mission and project requirements while maintaining security posture
• Maintain security clearance and comply with all security requirements specified in the contract

Education and Minimum Qualifications

• Must be a U.S. Citizen
• Active Secret security clearance
• Bachelor's degree in computer science from an accredited college or university

Target Experience

• Five (5) years of professional experience in the management of Information Assurance Technical (IAT), certification agents, and system engineers on compliance requirements to achieve certification and accreditation in accordance with the DoD RMF program and DON Chief Information Officer (CIO) IA Policy for Platform Information Technology (PIT) Systems

Minimum Certification

• Must demonstrate at least one of the following Information Assurance Management (IAM)/IAT Level 2 certifications (acceptable certifications include: CAP, CASP+ CE, CISM, CISSP or Associate, GSLC, CCISO, or HCISPP)

Required Certification

• Must provide evidence of current NQV Level III certification

Continuing Professional Education Requirements

• Maintain current IAM/IAT Level 2 certification with required Continuing Professional Education (CPE) as mandated by certification body
• Maintain current NQV Level III certification and complete all required training
• Complete all required Government mandated training including Antiterrorism Level 1 Awareness, Operations Security (OPSEC), Cybersecurity 101 Training, and other security-related training as specified

Desired Qualifications

• Professional experience supporting DON or DoD
• Experience with DON cybersecurity programs and RMF validation processes
• Familiarity with NIST Special Publications and DoD cybersecurity instructions
• Experience with eMASS, Vulnerability Remediation Asset Manager (VRAM), ACAS, and other DoD cybersecurity systems
• Knowledge of DON and DoD organizational structure and cybersecurity policies
• Experience supporting NAVSEA or other Navy commands
• Understanding of NAVSEA Business Rules and Standard Operating Procedures (SOPs)

Position Overview

The Specialist, Information Assurance Compliance II (SIAC2) will support the Naval Surface Warfare Center Philadelphia Division (NSWCPD) Department 40 as contractor staff through Arlo Solutions, serving as a senior cybersecurity compliance specialist providing comprehensive information assurance and Risk Management Framework (RMF) support services for Propulsion, Power & Auxiliary Machinery Systems. This key personnel position focuses on developing, implementing, and maintaining cybersecurity compliance programs and documentation to ensure adherence to Department of Defense (DoD) and Department of Navy (DON) cybersecurity policies and procedures for both afloat and Platform Information Technology (PIT) ashore systems.

Work Location:  Primary: Philadelphia, PA; periodic travel to customer and operational sites may be required

Clearance:  Active Secret security clearance

Job Responsibilities and/or Success Factors

Risk Management Framework (RMF) Development and Implementation

• Collect and collate system or site information to evaluate and document security postures in Enterprise Mission Assurance Support Service (eMASS)
• Develop, submit, and maintain RMF packages in accordance with DoD Instruction 8510.01, Naval Sea Systems Command (NAVSEA) Business Rules, DON RMF Process Guides, and NAVSEA Standard Operating Procedures (SOPs)
• Create comprehensive RMF package documentation including Assess Only (AO) Determination Request Packages, System Platform IT (PIT) Determinations, Categorization Forms, Authorization Boundary Diagrams, Defense in Depth Diagrams, Privacy Impact Assessments (PIA), and Security Plans (SPs)
• Develop and maintain Plan of Action and Milestones (POA&M) for all Information Assurance-related tasks and deliverables in eMASS

Policy and Compliance Management

• Develop or revise existing policies, plans, and strategy documents to meet requirements for RMF Control Families
• Create comprehensive documentation including Incident Response Plans, Contingency Plans, Information Assurance Vulnerability Management Plans, Configuration Management Plans, and Physical Security Plans
• Ensure all Information Assurance requirements are addressed and compliant with applicable DoD and DON cybersecurity policies
• Evaluate discrepancies and recommend potential mitigation measures for reducing or eliminating specific risks

Assessment and Evaluation Activities

• Conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks, and protection needs
• Execute Security Assessment Plans (SAPs) by conducting on-site testing for afloat and PIT ashore systems
• Perform systems security reviews, audits, and evaluations to ensure accreditation documents accurately represent current risk posture
• Determine residual risk of packages based on package content and assessment results for Security Controls Assessor review
• Conduct analysis of logs, events, and reporting from various data collection tools including Assured Compliance Assessment Solution (ACAS), Host Based Security Systems (HBSS), Security Information and Event Management (SIEM), firewall systems, and intrusion detection systems

Continuous Monitoring and Maintenance

• Support continuous monitoring activities for authorized systems to maintain Authorization to Operate (ATO) status
• Develop and update required eMASS documents at specified frequencies, including POA&Ms and Risk Assessment Reports (RARs)
• Determine system compliance with all applicable Controls and Assessment Procedures (APs) for assigned DON systems
• Maintain current vulnerability scan data and residual risk POA&Ms in Vulnerability Remediation Asset Manager (VRAM)
• Track deliverables and action items in accordance with A&A guidance

Technical Documentation and Reporting

• Perform detailed technical documentation analysis of software/hardware associated with systems and components
• Develop system architecture diagrams, software design requirements, network connection/authorization boundary diagrams, and RMF plans/policies
• Create and maintain vulnerability DON eMASS POAMs for systems
• Present and submit data to management, develop comprehensive reports, and produce procedural documentation
• Execute Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs), ACAS scanning, and apply patches to assets to obtain cybersecurity compliance

Stakeholder Coordination and Communication

• Manage, attend, and support configuration control board practices
• Coordinate with government personnel, system owners, and other stakeholders throughout the RMF process
• Assess impacts from observed risks and report via the Cybersecurity Program chain of command
• Perform evaluation of system administrator and security engineer proposed corrections to ensure compliance
• Support Information Assurance Vulnerability Management (IAVM) activities including remediation, patching, and scanning

Compliance and Quality Assurance

• Ensure RMF artifacts comply with published Navy, NAVSEA Business Rules, NIST SP-800-37, and SP-800-53 Rev 4 requirements
• Create and verify accuracy of POA&Ms/RARs as identified by vulnerability test results
• Ensure information systems are operated, used, maintained, and disposed of in accordance with security policies
• Test systems to verify adequate functionality for mission and project requirements
• Maintain security clearance and comply with all security requirements specified in the contract

Education and Minimum Qualifications

• Must be a U.S. Citizen
• Active Secret security clearance
• Target Education: Bachelor's degree (Computer Science, Information Technology or related technical degree) from accredited College or University
• Target Experience: Four (4) years of professional experience in Information Assurance Compliance

Minimum Certification: Must demonstrate at least one of the following

• Information Assurance Management (IAM)
• Information Assurance Technical (IAT) Level 2 certifications (acceptable certifications include: CAP, CASP+ CE, CISM, CISSP or Associate, GSLC, CCISO, or HCISPP)

Continuing Professional Education Requirements

• Maintain current IAM/IAT Level 2 certification with required Continuing Professional Education (CPE) as mandated by certification body
• Complete all required Government mandated training including Antiterrorism Level 1 Awareness, Operations Security (OPSEC), Cybersecurity 101 Training, and other security-related training as specified

Desired Qualifications

• Experience with Navy cybersecurity programs and RMF processes
• Familiarity with NIST Special Publications and DoD cybersecurity instructions
• Experience with eMASS, VRAM, ACAS, and other DoD cybersecurity systems
• Knowledge of Navy and DoD organizational structure
• Experience supporting NAVSEA or other Navy commands
• Professional experience in DoD or Navy environments
• Understanding of NAVSEA Business Rules and SOPs