Security Auditor

About The Position

Requirements

• Bachelor's degree in IT, Computer Science, or related field (or equivalent work experience)
• 8+ years of relevant experience as a Security Control Assessor, Security Auditor, or related role
• Excellent understanding of cybersecurity principles, risk management frameworks, and IT security methodologies
• Expert knowledge of vulnerability assessment tools and security testing methodologies
• Strong problem-solving, analytical, communication, and interpersonal skills
• Ability to manage multiple security assessments effectively and collaboratively
• Experience developing detailed security assessment reports with risk analysis and recommendations
• Security Assessment & Control Testing 
• Vulnerability Assessment & Analysis 
• Risk Analysis & Reporting 
• Cybersecurity Frameworks & Standards 
• Security Architecture Review

Nice To Haves

• CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) certification
• Certified Authorization Professional (CAP) certification from (ISC)²
• Familiarity with USACE IT environment and federal security standards
• Knowledge of NIST SP 800-53 security controls and assessment frameworks
• Experience with security assessment tools (Qualys, Tenable, OpenVAS)
• Background in federal IT security compliance and accreditation processes
• Experience with continuous monitoring and security control assessment methodologies
• Penetration Testing & Ethical Hacking 
• NIST SP 800-53 Controls Knowledge 
• Compliance Risk Management 
• Security Assessment Tools (Qualys, Tenable) 
• Federal Security Standards (FISMA, FedRAMP)

Responsibilities

• Conduct independent security assessments of management, operational, and technical controls
• Perform comprehensive security reviews and risk analyses across IT systems and infrastructure
• Identify security weaknesses and gaps in security architecture and controls
• Recommend evidence-based mitigation measures and control enhancements
• Monitor IT systems and infrastructure to ensure compliance with security requirements and standards
• Utilize vulnerability assessment tools to identify system weaknesses and attack vectors
• Conduct security testing including penetration testing and configuration compliance checks
• Evaluate system resilience, dependability, and recovery capabilities
• Document security assessment findings in comprehensive reports with risk ratings
• Verify implementation of corrective actions and remediation measures
• Provide expert guidance on security control selection and implementation
• Maintain current knowledge of security frameworks, standards, and best practices