Information Security Specialist II (Cyber Auditor)

The Tatitlek Corporation•Moorestown, NJ

About The Position

The Information Security Specialist II (Cyber Auditor) supports cybersecurity compliance, audit readiness, and Risk Management Framework (RMF) validation activities for Department of Defense (DoD) information systems. This role focuses on independent assessment, audit support, and security control validation to ensure systems meet Authorization to Operate (ATO) requirements and maintain compliance with applicable cybersecurity policies. The Cyber Auditor operates as a trusted agent to the Security Control Assessor (SCA) and supports continuous monitoring, assessment, and reporting of cybersecurity posture across classified and unclassified environments. The position is not covered under the Service Contract Act (SCA) Davis Bacon Act (DBA), or union.

Requirements

Greater than 4 years of overall experience.
2–5 years of practical experience in Cybersecurity, Engineering, Test & Evaluation (T&E), or Assessment & Authorization (A&A).
Certifications (Required – One of the Following): CompTIA Security+ (CE), Certified Authorization Professional (CAP), CompTIA CASP+, Project Management Professional (PMP)
High School Diploma or equivalent (additional experience may substitute for formal education).
Active Secret clearance or ability to obtain and maintain a DoD Secret clearance.
Strong understanding of the Risk Management Framework (RMF), legacy DIACAP processes, and DoD cybersecurity policies and procedures.
Demonstrated ability to analyze and interpret security controls and findings.
Demonstrated ability to communicate audit results effectively to both technical and non-technical stakeholders.
Demonstrated ability to maintain a detail-oriented, compliance-focused approach to documentation.
U.S. Citizenship is required.
Must have the ability to obtain and maintain a security clearance.
Satisfactory background screening, negative drug test, positive references and proof of identity and legal authorization to work in the United States are required.

Nice To Haves

Desired Certifications- At least one of the following: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP

Responsibilities

Perform independent cybersecurity assessments and validate RMF security controls for ATO compliance.
Develop, review, and maintain RMF artifacts including SAPs, SARs, and POA&Ms.
Act as a trusted agent to the Security Control Assessor (SCA) supporting audit and validation activities.
Conduct continuous monitoring using tools such as ACAS, SIEM, and other compliance systems.
Identify, document, and track vulnerabilities, risks, and remediation actions.
Maintain and update cybersecurity documentation, policies, and system records (e.g., eMASS).
Evaluate system security configurations to ensure compliance with DoD and Navy cybersecurity requirements.
Support audit readiness efforts, inspections, and responses to cybersecurity data calls.
Collaborate with ISSMs, ISSOs, and system stakeholders on risk management and compliance activities.
Ensure compliance with DoD 8570/8140 cybersecurity workforce requirements and training standards.
Other duties as assigned.