Location: Aberdeen Proving Ground,MD, USA
SAVA is looking for a Cybersecurity Technical Auditor to work at Aberdeen Proving Ground, TX.
Serve as a Cybersecurity Technical Auditor on a major IT support contract for the Army Test and Evaluation Command (ATEC) at the Aberdeen Test Center (ATC). Responsibilities include:
* Performs Secure Code Review
* Uses HP Fortify to examine code scan results submitted by developers.
* Identifies and verifies noted false positives.
* Provides comments on scan results and vulnerabilities present, recommend POA&M mitigations.
* Conducts Software and Hardware Assessments
* Of installed software on isolated VM and assess software against 800-53 controls and AS&D STIG,
* Uses Wireshark and Attack surface analyzer to assess software traffic and connections.
* Assesses Hardware against named Security Technical Implementation Guides (STIGs) or Security Requirements Guides (SRGs).
* Documents assessment results and potential mitigations.
* Assists with assessment of subordinate locations against STIG, 800-53 controls, and Army regulations.
* STIG checklist reviews for packages managed by the branch.
* Provide auditing of technical controls within eMASS.
Responsibilities
* Plans and implements security measures to protect computer systems, networks, and data from loss and service interruptions.
* Analyzes and documents security risks, breaches, and other cyber security incidents and the damage they cause.
* Oversees the monitoring of the computer networks for security issues.
* Installs and operates security software and measures to protect systems and information infrastructure, including firewalls and data encryption programs.
* May train staff on network and IT security procedures.
* Handles complex issues and problems and refers only the most complex issues to higher-level staff.
* Possesses comprehensive knowledge of subject matter.
* Performs work under minimal supervision.
* May act as a lead.
Qualifications
* Active Secret security clearance
* Bachelor's Degree in directly related field and at least 5 years of relevant experience; relevant work experience may be substituted for bachelor's degree.
* Must hold one of following DOD 8570 baseline certifications:
* CSSP-AU (CEH, CySA+ (formerly CSA+), CISA, GSNA, CFR, PenTest)
* IAT III or IASAE (CASP+CE, CISSP (or Associate), CSSLP)
* Must possess DOD 8570 baseline certifications meeting the requirements for:
* IAT Level II or IAM Level I
* Relevant education and/or experience in the assigned program area (Computer Science, Computer/Software Engineering, Computer Information Systems) with specific experience in cybersecurity and/or information assurance.
* Specialized experience in:
* AS&D STIG compliance
* Secure software development/testing
* Static and dynamic code analysis
* Software assurance, software assessments application threat modeling.
* Performing software and hardware risk and vulnerability analysis or a closely related function, such as technical assessment of software for networks, applications and systems.
* Using cybersecurity/IT audit tools such as ACAS, HP Fortify, HP Web Inspect, BURP Suite, or other software assurance tools.
This Hybrid position requires applicants to be within 1.5 - 2 hours commute from Aberdeen Proving Ground, MD or FT Cavazos, TX for IT support.