Sure Secure Solutions is looking for a Cyber Security Auditing Specialist to support the clients for conducting security audits of information systems and applications. This includes identifying and assessing security risks, developing and implementing security controls, and reporting on the findings of audits. The Cyber Security Auditing Specialist must have a strong understanding of information security principles and practices, as well as the ability to work independently and as part of a team.
A Suitable candidate will have experience in AS&D STIG compliance, secure software development/testing, static and dynamic code analysis, software assurance, software assessments, application threat modeling, performing software and hardware risk and vulnerability analysis, or a closely related function, such as technical assessment of software for networks, applications and systems; using cybersecurity/IT audit tools such as ACAS, HP Fortify, HP Web Inspect, BURP Suite, and other software assurance tools.
Roles and Responsibilities:
- Secure Code Review
- Utilize HP Fortify to examine code scan results submitted by developers.
- Identify and verify noted false positives
- Provide comments on scan results and vulnerabilities present, recommend POA&M mitigations.
- Software and Hardware Assessments
- Install software on isolated VM and assess software against 800-53 controls and AS&D STIG
- Utilize Wireshark and Attack surface analyzer to assess software traffic and connections
- Assess Hardware against named STIG or SRG
- Document assessment results and potential mitigations
- Conduct security audits of information systems and applications.
- Identify and assess security risks.
- Develop and implement security controls.
- Report on the findings of audits.
- Stay up to date on the latest security threats and trends.
- Work with other members of the information security team to develop and implement security policies and procedures.
- Assist with assessment of subordinate locations against STIG, 800-53 controls, and Army regulations
- STIG checklist reviews for packages managed by the branch
- Auditing of technical controls within eMASS.
- Provide training to employees on security awareness and best practices.
Required Education and Experience:
- Ability to obtain/maintain DOD 8570.01-M certifications meeting the requirements for CSSP-AU and/or IASAE Level II with IAT Level II (CISSP, CSSLP. CASP+, or CISA)
- Bachelor’s degree in computer science, information security, or a related field.
- 5+ years of experience in information security.
- Secret security clearance.
- Strong understanding of information security principles and practices.
- Ability to work independently and as part of a team.
- Excellent written and verbal communication skills.
- Ability to work under pressure and meet deadlines.
- Experience with security frameworks, such as the Cybersecurity Framework (CSF) or the Information Systems Audit and Control Association (ISACA) Risk IT framework
- Experience with security testing tools and techniques
- Experience with security incident response
Sure Secure Solutions is an Equal Opportunity/Affirmative Action Employer, including Vets and Disabled. Employment contingent upon successful completion of a background investigation.
At Sure Secure Solutions we have an enjoyable working environment, offering competitive benefit packages and surrounded with professionals who have the subject matter expertise to develop innovative, cutting-edge business solutions in an ever-evolving technology landscape. The benefits include Dental Insurance, Vision Insurance, Life insurance, Long and short-term disability, Paid time off, 401(k) Retirement plan. More specific information on benefits eligibility will be provided as part of the interview process.
This is a full-time Role. A U.S. citizenship is required. All candidates must be able to obtain a Secret Security Clearance.