Cybersecurity Auditor – Senior

About The Position

Requirements

• Must hold Active Secret Clerance
• Seven (7) years of IT experience
• Five (5) years of cybersecurity experience
• Proven proficiency performing CCRI/ vulnerability assessment/ penetration testing on networks, databases, computer applications and IT frameworks.
• Strong analytical and problem-solving skills for resolving security issues.
• Strong skills implementing and configuring networks and networks components.
• Command Cyber Readiness Inspection certification or equivalent in at least one of the following areas: Nessus Scan Analysis Operating Systems (Windows, Unix) Boundary Defense) Network Policy, Router, Firewall) Internal Defense (L2 Switch, L3 Switch) DNS (Policy, BIND/Windows) HBSS (remote console, AV, ABM, PA HIPS, ePO) Traditional Security (Common, Basic, NCV, SCV) Wireless Communications (BES, Handhelds)
• Tenable Certified NESSUS Auditory
• Knowledge and understanding of DOD security regulations, DISA Security Technical Implementation Guides
• Understanding of SCAP
• Knowledge of and proficiency with: VULNERATOR USCYBERCOM CTO Compliance Program Wireless vulnerability assessment Web Services (IIS, Apache, Proxy) Database (SQL Server, Oracle) Email Services (Exchange) Vulnerability Scans (NESSUS, SCCM) Knowledge of Phishing exercises Cloud Security Operational Technology Artificial Intelligence USB Detection Physical Security
• Required to be a DISA Risk Management Executive, Cyber Standards Branch Certified Command Cyber Readiness Inspection (CCRI) Team Lead and have a certification in penetration testing, such as: Licensed Penetration Tester (LPT) Certified Expert Penetration Tester (CEPT) Certified Ethical Hacker (CEH) Global Information Assurance Certification Penetration Tester (GPEN)
• Familiarity with AUTOCHECKLIST Tool
• Strong verbal communication skills, including the ability to brief government leadership and technical stakeholders.

Nice To Haves

• Experience with VULNERATOR
• Experience with SCCM vulnerability scans
• Experience with Exchange, IIS/Apache/Proxy services, and SQL/Oracle databases

Responsibilities

• Conduct complex security analysis of classified and unclassified systems for compliance with DoD requirements.
• Perform Command Cyber Readiness Inspections (CCRIs) and cybersecurity vulnerability evaluations.
• Execute vulnerability and penetration testing on networks, databases, and applications.
• Analyze and define security requirements for enterprise IT systems.
• Develop remediation recommendations and advise leadership on security posture improvements.
• Support compliance evaluations against DISA STIGs and USCYBERCOM CTO compliance programs.
• Provide enterprise-level technical guidance for security risk reduction and system optimization.