Cybersecurity Auditor

Overview

Team Credence is seeking a qualified cybersecurity professional to conduct security audit functions to join our team. In this role, the candidate will be responsible for assessing and evaluating our organization’s cybersecurity policies, procedures and controls to ensure compliance with relevant DoD regulations and industry standards. They will create Audit plans, and provide detailed reports with recommendations for improving operations, processes, techniques, and technologies. They must also execute risk management, and deliver documentation that reflects the security state. The candidate must have demonstrated an ability to work independently and perform complex security analysis of classified and unclassified applications, systems and enclaves for compliance with security requirements within a DoD context.

Responsibilities include, but are not limited to the duties listed below

• Well qualified applicants will perform Command Cyber Readiness Inspections (CCRIs) and cybersecurity vulnerability evaluations.
• Recommends solutions to meet security requirements. Gathers and organizes technical information about an organization's mission goals and needs, and makes recommendations to improve existing security posture.

Education, Requirements and Qualifications

• Ability to obtain a public trust, or secret, or top secret security clearance is required.
• Bachelor's degree in Computer Science, Information Technology, or related field is required.
• DoD 8570 CSSP Analyst or CSSP Auditor Certification is required
• Tenable Certified NESSUS Auditor, IAM level III and IAT level II certifications.
• Experience with a variety of security techniques, technologies, and tools to evaluate security posture in highly complex computer systems and networks.
• Ability to perform vulnerability and risk analysis, and participate in a variety of computer security penetration studies. Analyzes and defines security requirements for computer and networking systems, to include mainframes, workstations, and personal computers.
• Demonstrated experience and ability to provide enterprise-wide technical analysis and direction for problem definition, analysis and remediation for complex systems and enclaves.
• Ability to provide workable recommendations and advice to client executive management on system improvements, optimization and maintenance in the following areas: Information Systems Architecture, Automation, Telecommunications, Networking, Communication Protocols, Application Software, Electronic Email, VOIP and VTC. Competent to work at the highest level of all phases of information systems auditing.

Minimum Qualifications:   

• Proven proficiency performing CCRI/ vulnerability assessment/ penetration testing on networks, databases, computer applications and IT frameworks in AWS or other cloud environments
• Seven (7) years IT experience
• Five (5) years IA experience
• Strong analytical and problem solving skills for resolving security issues
• Strong skills implementing and configuring cloud networks and network components
• Two (2) years of experience with DOD Vulnerability Management System
• Command Cyber Readiness Inspection certification in at least two of the following areas:
  • Operating Systems (Windows, Unix)
  • Boundary defense (network policy, router, firewall)
  • Internal defense (L2 switch, L3 switch)
  • DNS (policy, BIND/Windows)
  • HBSS (remote console, AV, ABM, PA, HIPS, ePO)
  • Traditional security (Common, Basic, NCV, SCV)

• Knowledge and understanding of DOD security regulations, DISA Security Technical Implementation Guides (STIG)
• Understanding of SCAP
• Knowledge of and proficiency with:
  • Vulnerator
  • USCYBERCOM CTO Compliance Program
  • Wireless vulnerability assessment
  • Web Services (IIS, Apache, Proxy)
  • Database (SQL Server, Oracle)
  • Email Services (Exchange)\
  • Vulnerability Scans (NESSUS, SCCM)
  • Knowledge of Phishing exercises

Preferred Qualifications:   

• DISA FSO certified CCRI Team and have a certification in penetration testing, such as:
  • Licensed Penetration Tester (LPT)
  • Certified Expert Penetration Tester (CEPT)
  • Certified Ethical Hacker (CEH)
  • Global Information Assurance Certification Penetration Tester (GPEN)
• Familiarity with AUTOCHECKLIST Tool
• Knowledge of Cloud and respective security configurations (i.e. AWS IAM, NACLs, Security Groups, Audit Logs, AWS Cloud Trail Logs, MS Active Directory/Entra Logs)
• Experience with FISMA, NIST SP 800-53, Risk Management Framework
• Experience with Governance, Risk, and Compliance tools (i.e. DoD eMASS, RSA Archer, etc)
• Knowledge of Zero Trust principals

Working Conditions and Physical Requirements

Primary location Vienna, VA. Travel to DLA HQ (Ft Belvoir or Lorton) may be required.