View All Jobs
Visit our website

IT Security Analyst/Cyber Auditor

JCD Staffing - Fayetteville, NC

Responsibilities:

  • Work with Team Governance and Security Lead to maintain an already accredited enterprise of solution.
  • Independently Performs audit log reviews and escalation of the solution ensuring U.S. Government networks are fully protected against internal and external adversaries
  • Must have an in-depth understanding of Public Key Infrastructure (PKI) implementations and associated requirements per RFC 3647, "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework"
  • Be familiar with Syslog dataflow analysis and can interpret data utilizing SIEM tools
  • Have the ability and experience to independently collaborate with solution stakeholders and report action items to Team Governance and Security Lead
  • Can engage operations and government personnel to assess compliance and recommend plans to improve compliance and reduce solution risk
  • Provide technical expertise and troubleshooting to maintain continuous operations of mission-critical solutions
  • Understands U.S. Government security practices and able to ensure regulations are tightly adhered to including the ability to understand the objective of security guidance and ensure the systems are compliant and secured per NIST 800-53, "Security and Privacy Controls for Information Systems and Organizations" and CNSSI 1253, "Security Categorization And Control Selection For National Security Systems"
  • Can independently examines internal IT controls, evaluate the design and operational effectiveness, determine exposure to risk and participate in remediation strategies.
  • Troubleshoot security and network problems and responds to all system and/or network security breaches, and report activities
  • Independently monitor security measures for the protection of the organization's data, systems and networks.
  • Participate in the change management process.
  • Test and identify network and system vulnerabilities and recommend counteractive strategies to protect the network to the team leads.
  • Conduct efficient and effective IT audit procedures.
  • Communicate complex technical issues in simplified terms to the relevant staff.
  • Perform regular audit testing and provide recommendations.
  • Review, evaluate, and test application controls.
  • Provide recommendations and guidance on identified security and control risks.
  • Familiar with DoD Cybersecurity Policies

Education and Experience

  • Bachelor's degree in an Information Technology field or have at least 5 years of IT Security or IT Auditor experience.
  • Must be familiar with Tenable/Nessus scanning tools and DoD STIGs
  • Must have experience with continuous monitoring practices
  • Must have experience with DoD Risk Management Framework (RMF) steps for assessing and authorizing DoD information technology
  • Must posses a current certificate from one of the following:
  • Certified Information System Security Professional (CISSP)
    • Certified Information Systems Auditor (CISA)
    • Cybersecurity Forensic Analyst Certification (CSFA)
    • Certified ISO/IEC 27001 Lead Auditor
    • Certified Ethical Hacker (CEH)
    • Security+ (If only possessing this certificate, must have at least 3 years IT Security/Auditor experience with this certification)

Requirements:

  • Must have active Secret security clearance
  • Must have at 5 years of direct experience working on DoD unclassified and classified networks
  • Education: Bachelor's degree in an Information Technology field or have at least 5 years of IT Security or IT Auditor experience.
  • Must be familiar with Tenable/Nessus scanning tools and DoD STIGs
  • Must have experience with continuous monitoring practices
  • Must have experience with DoD Risk Management Framework (RMF) steps for assessing and authorizing DoD information technology
  • Must posses a current certificate from one of the following:
  • Certified Information System Security Professional (CISSP)
    • Certified Information Systems Auditor (CISA)
    • Cybersecurity Forensic Analyst Certification (CSFA)
    • Certified ISO/IEC 27001 Lead Auditor
    • Certified Ethical Hacker (CEH)
    • Security+ (If only possessing this certificate, must have at least 3 years IT Security/Auditor experience with this certification)
  • Willing to work on-site in Fayetteville, NC area

Desirable:

  • Experience with security or auditing operations involving Commercial Solutions for Classified systems
  • Experience with NSA policies and procedures dealing with requirements of maintaining the security posture of an enterprise classified system.
  • Working knowledge of using log analysis tools such as Graylog, or equivalents
  • Experience with VDI technologies at an enterprise level


Posted On: Friday, November 11, 2022



Apply to this job

or
Powered by Crelate