Cleared Cyber Security Auditor

RESPONSIBILITIES:

• Secure Code Review
• Utilize HP Fortify to examine code scan results submitted by developers
• Identify and verify noted false positives
• Provide comments on scan results and vulnerabilities present, recommend POA&M mitigations
• Software and Hardware Assessments
• Install software on isolated VM and assess software against 800-53 controls and AS&D STIG
• Utilize Wireshark and Attack surface analyzer to assess software traffic and connections
• Assess Hardware against named STIG or SRG
• Document assessment results and potential mitigations
• Assist with assessment of subordinate locations against STIG, 800-53 controls, and Army regulations
• STIG checklist reviews for packages managed by the branch
• Auditing of technical controls within eMASS

QUALIFICATIONS:

• Bachelor’s Degree in directly related field and at least 5 years of relevant experience; Relevant work experience may be substituted for Bachelor’s degree
• Must hold one of following certifications:
  • CSSP-AU
  •  CISA
  • IASAE
  • CASP+CE, CISSP or associate, CSSLP
• Must possess DOD 8570.01-M certifications meeting the requirements for IAT Level II or IAM Level I.
• Relevant education and/or experience in the assigned program area (Computer Science, Computer/Software Engineering, Computer Information Systems) with specific experience in cybersecurity and/or information assurance.
• Specialized experience in AS&D STIG compliance, secure software development/testing, static and dynamic code analysis, software assurance, software assessments, application threat modeling, performing software and hardware risk and vulnerability analysis, or a closely related function, such as technical assessment of software for networks, applications and systems; using cybersecurity/IT audit tools such as ACAS, HP Fortify, HP Web Inspect, BURP Suite, and other software assurance tools.

SECURITY CLEARANCE:

• Ability to obtain/maintain Secret clearance is required

#LI-VG1