Cybersecurity Auditor – Intermediate       Job #: JHSDL0108

 

Location: Ft Belvoir, VA (Telework)

Clearance: Secret. Eligible for Top Secret

Type: Part-Time,  1099

Serves as technical lead to the Cyber Security Assessment Team. Provides expert support, research and analysis of exceptionally complex problems, and processes associated with them. Demonstrated ability to independently perform complex security analysis of classified and unclassified applications, systems and enclaves for compliance with security requirements. Performs CCRI Preparations and CVAs. Uses a variety of security techniques, technologies, and tools to evaluate security posture in highly complex computer systems and networks. Ability to perform vulnerability and risk analysis, and participate in a variety of computer security penetration studies. Analyzes and defines security requirements for computer and networking systems, to include mainframes, workstations, and personal computers. Recommends solutions to meet security requirements. Gathers and organizes technical information about an organization's mission goals and needs, and makes recommendations to improve existing security posture. Demonstrated experience and ability to provide enterprise-wide technical analysis and direction for problem definition, analysis and remediation for complex systems and enclaves. Ability to provide workable recommendations and advice to client executive management on system improvements, optimization and maintenance in the following areas: Information Systems Architecture, Automation, Telecommunications, Networking, Communication Protocols, Application Software, Electronic Email, VOIP and VTC. Competent to work at the highest level of all phases of information systems auditing. Develops advanced technological ideas and guides their development into a final product.
 

Qualifications

  • Proven proficiency performing CCRI/ CVA/ penetration testing on networks, databases, computer applications and IT frameworks

  • Seven years IT experience

  • Five years IA experience

  • Strong analytical and problem solving skills for resolving security issues

  • Strong skills implementing and configuring networks and network components

  • Training in ICS-CERT highly desirable

  • Completed and passed test for DISA SRR training in at least one of the following areas:

    • ACAS scan analysis

    • Operating Systems (Windows, Unix)

    • Boundary defense (network policy, router, firewall)

    • Internal defense (L2 switch, L3 switch)

    • DNS (policy, BIND/Windows)

    • HBSS (remote console, AV, ABM, PA, HIPS, ePO)

    • Traditional security

    • Wireless communications (BES, handhelds)

  • Knowledge and understanding of DOD security regulations, DISA Security Technical Implementation Guides (STIGS)

  • Understanding of SCAP

  • Knowledge of and proficiency with:

  • USCYBERCOM CTO Compliance Program

  • Wireless vulnerability assessment/penetration testing

  • Web Services (IIS, Apache, Proxy)

  • Database (SQL Server, Oracle)

  • Email Services (Exchange)

  • Vulnerability Scans (SCCM)

  • Knowledge of Phishing exercises

  • Physical Security

  • At least one contractor assigned to the team is required a certification in penetration testing, such as:

  • Licensed Penetration Tester (LPT)

  • Certified Expert Penetration Tester (CEPT)

  • Certified Ethical Hacker (CEH)

  • Global Information Assurance Certification Penetration Tester (GPEN)

To apply send resume to Norris@FlexSR.com
Attn Cyber Auditor (JHCDL0108)


www.CyberSecSource.com