Cybersecurity Auditor - Intermediate – DOT

About The Position

Requirements

• Demonstrated proficiency in performing CCRI, vulnerability assessments, and penetration testing on networks, databases, computer applications, and IT frameworks.
• Seven years of IT experience.
• Five years of IA (Information Assurance) experience.
• Strong analytical and problem-solving skills for resolving security issues.
• Strong skills in implementing and configuring networks and network components.
• Command Cyber Readiness Inspection (CCRI) experience in at least one of the following areas:
• Nessus scan analysis
• Operating Systems (Windows, Unix)
• Boundary defense (network policy, router, firewall)
• Internal defense (L2/L3 switches)
• DNS policy and DNS servers (BIND/Windows)
• HBSS (remote console, AV, ABM, PA, HIPS, ePO)
• Traditional security (Common, Basic, NCV, SCV)
• Wireless communications (BES, handhelds)
• Tenable Certified Nessus Auditor
• Knowledge and understanding of DoD security regulations and DISA Security Technical Implementation Guides (STIGs)
• Understanding of SCAP (Security Content Automation Protocol)
• Familiarity with and proficiency in:
• Vulnerability assessment tools (e.g., VULNERATOR, Nessus, SCCM)
• USCYBERCOM CTO Compliance Program
• Wireless vulnerability assessment
• Web services (IIS, Apache, Proxy)
• Databases (SQL Server, Oracle)
• Email services (Exchange)
• Vulnerability scans (NESSUS, SCCM)
• Phishing exercises
• Container image scans
• USB security detection
• Physical security considerations
• Familiarity with the AUTOCHECKLIST Tool (for audit checklists and evidence collection)
• Must possess a DoD SECRET Clearance and be eligible for an IT-II Non-Critical Sensitive clearance or Tier 3 (T3) upon assignment.
• Certified in one or more of the following penetration testing certifications (or equivalent):
• Licensed Penetration Tester (LPT)
• Certified Expert Penetration Tester (CEPT)
• Certified Ethical Hacker (CEH)
• GIAC Penetration Tester (GPEN)
• Familiarity with being a DISA Risk Management Executive, and capable of serving as a Certified CCRI Team Lead in the Cyber Standards Branch (as applicable).
• Bachelor’s degree in Information Security, Computer Science, Cybersecurity, or a related field (or equivalent practical experience).

Responsibilities

• Independently perform complex security analyses of classified and unclassified applications, systems, and enclaves to verify compliance with security requirements.
• Conduct Command Cyber Readiness Inspections (CCRI) and comprehensive cybersecurity vulnerability evaluations.
• Apply a broad set of security techniques, technologies, and tools to assess security posture in highly complex computer systems and networks.
• Perform vulnerability and risk analyses and participate in computer security penetration studies to identify and remediate security gaps.
• Analyze and define security requirements for computer and networking systems, including mainframes, workstations, and personal computers; recommend practical solutions to meet security requirements.
• Gather, organize, and interpret technical information about an organization’s mission goals and needs; translate findings into actionable security improvements.
• Provide enterprise-wide technical analysis and direction for problem definition, analysis, and remediation of complex systems and enclaves.
• Deliver actionable recommendations and advice to client executive management on system improvements, optimization, and ongoing maintenance across areas, including:
• Information Systems Architecture
• Automation, Telecommunications, and Networking
• Communication Protocols
• Application Software
• Electronic Email, VOIP, and Video Teleconferencing (VTC)
• Demonstrate competence across all phases of information systems auditing, from planning and scoping to evidence collection, testing, reporting, and follow-up.
• Prepare clear, concise audit reports and executive summaries with prioritized remediation plans and realistic timelines.
• Collaborate with cross-functional teams (IT, security, operations, and management) to implement and validate corrective actions.
• Stay current with evolving cybersecurity threats, controls, standards, and regulatory requirements to maintain audit readiness.