Cybersecurity Auditor

Team Credence is seeking a qualified cybersecurity professional to conduct security audit functions to join our team. In this role, the candidate will be responsible for assessing and evaluating our organization’s cybersecurity policies, procedures and controls to ensure compliance with relevant DoD regulations and industry standards. They will create Audit plans, and provide detailed reports with recommendations for improving operations, processes, techniques, and technologies. They must also execute risk management, and deliver documentation that reflects the security state. The candidate must have demonstrated an ability to work independently and perform complex security analysis of classified and unclassified applications, systems and enclaves for compliance with security requirements within a DoD context.

Responsibilities include, but are not limited to the duties listed below

Well qualified applicants will perform Command Cyber Readiness Inspections (CCRIs) and cybersecurity vulnerability evaluations.

Recommends solutions to meet security requirements. Gathers and organizes technical information about an organization's mission goals and needs, and makes recommendations to improve existing security posture.

Education, Requirements and Qualifications

Ability to obtain a public trust, or secret, or top secret security clearance is required.

Bachelor's degree in Computer Science, Information Technology, or related field is required.

DoD 8570 CSSP Analyst or CSSP Auditor Certification is required

Tenable Certified NESSUS Auditor, IAM level III and IAT level II certifications.

Experience with a variety of security techniques, technologies, and tools to evaluate security posture in highly complex computer systems and networks.

Ability to perform vulnerability and risk analysis, and participate in a variety of computer security penetration studies. Analyzes and defines security requirements for computer and networking systems, to include mainframes, workstations, and personal computers.

Demonstrated experience and ability to provide enterprise-wide technical analysis and direction for problem definition, analysis and remediation for complex systems and enclaves.

Ability to provide workable recommendations and advice to client executive management on system improvements, optimization and maintenance in the following areas: Information Systems Architecture, Automation, Telecommunications, Networking, Communication Protocols, Application Software, Electronic Email, VOIP and VTC. Competent to work at the highest level of all phases of information systems auditing.

Minimum Qualifications:

Proven proficiency performing CCRI/ vulnerability assessment/ penetration testing on networks, databases, computer applications and IT frameworks in AWS or other cloud environments

Seven (7) years IT experience

Five (5) years IA experience

Strong analytical and problem solving skills for resolving security issues

Strong skills implementing and configuring cloud networks and network components

Two (2) years of experience with DOD Vulnerability Management System

Command Cyber Readiness Inspection certification in at least two of the following areas:

Operating Systems (Windows, Unix)

Boundary defense (network policy, router, firewall)

Internal defense (L2 switch, L3 switch)

DNS (policy, BIND/Windows)

HBSS (remote console, AV, ABM, PA, HIPS, ePO)

Traditional security (Common, Basic, NCV, SCV)

Knowledge and understanding of DOD security regulations, DISA Security Technical Implementation Guides (STIG)

Understanding of SCAP

Knowledge of and proficiency with:

Vulnerator

USCYBERCOM CTO Compliance Program

Wireless vulnerability assessment

Web Services (IIS, Apache, Proxy)

Database (SQL Server, Oracle)

Email Services (Exchange)\

Vulnerability Scans (NESSUS, SCCM)

Knowledge of Phishing exercises

Preferred Qualifications:

DISA FSO certified CCRI Team and have a certification in penetration testing, such as:

Licensed Penetration Tester (LPT)

Certified Expert Penetration Tester (CEPT)

Certified Ethical Hacker (CEH)

Global Information Assurance Certification Penetration Tester (GPEN)

Familiarity with AUTOCHECKLIST Tool

Knowledge of Cloud and respective security configurations (i.e. AWS IAM, NACLs, Security Groups, Audit Logs, AWS Cloud Trail Logs, MS Active Directory/Entra Logs)

Experience with FISMA, NIST SP 800-53, Risk Management Framework

Experience with Governance, Risk, and Compliance tools (i.e. DoD eMASS, RSA Archer, etc)

Knowledge of Zero Trust principals

Working Conditions and Physical Requirements

Primary location Vienna, VA. Travel to DLA HQ (Ft Belvoir or Lorton) may be required.

Regular Full-Time