Cybersecurity, Senior (Auditor)

About The Position

Requirements

• U.S. Citizenship is required.
• Bachelor of Science (B.S.) degree in Cybersecurity, Engineering, Information Systems, Information Security, Computer Science or related technical discipline is required OR
• Ten years of IT Cybersecurity experience in Security Control Assessor Representative, Information System Security Manager or Information System Security Engineer disciplines may be substituted for education requirement.
• Required to hold and maintain a personnel certification associated with the DCWF IT Program Auditor work role (805) at an advanced (senior) proficiency level as outlined in DoWI 8510.01, AFMAN 17-1305 and AFI 17-101 for assigned systems/applications: o Certified Information Security Manager (CISM) o Certified Information Systems Auditor (CISA) o Certified Information Systems Security Officer (CISSO) o Certified Information Systems Security Professional - Information Systems Security Engineering Professional (CISSP-ISSEP) o Certified Information Systems Security Professional (CISSP) o Certified Penetration Testing Engineer (CPTE) o CompTIA Cybersecurity Analyst Plus (CYSA+) o Federal IT Security Professional-Auditor-NG (FITSP-A) o GIAC Cloud Security Automation (GCSA) o GIAC Security Leadership Certification (GSLC) o GIAC Systems and Network Auditor (GSNA)
• Must have and maintain an active Secret security clearance.

Nice To Haves

• Specific knowledge of applications, system, and network security, technologies, processes, and practices designed for prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communication services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and non-repudiation. The scope is not limited to information security; it includes the entire field of Cyber Security (availability, identification and authentication, confidentiality, integrity, and non-repudiation) to include Cyber Security techniques, processes, and industry trends. It also includes Information Operations (IO) (e.g. operational security of Information Technology (IT), the use of the electromagnetic spectrum for IT purposes and computer network operations).

Responsibilities

• Planning and conducting RMF security audits
• Auditing information systems, platforms and operating procedures in accordance with established Government standards for efficiency, accuracy, and security
• Documenting business processes within process narratives or flowcharts, identifying risks, and mitigating controls
• Identifying control gaps and testing the design of RMF controls
• Preparing and briefing audit reports detailing findings and recommendations to appropriate management personnel
• Participating in audit exit meetings and preparing presentations
• Notify Program Managers of audits in progress
• Recommending policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data; and,
• Developing templates for account management plans, audit plans and process, systems security contingency plans, and disaster recovery procedures.

Benefits

• ESOP participation
• 401(k) match and safe-harbor contribution
• medical
• dental
• vision
• life insurance
• short-term disability
• long-term disability
• flexible spending accounts
• Health Saving Accounts and Health Reimbursement Accounts
• EAP
• education assistance
• paid time off
• holidays