Candidates MUST be within commuting distance of Aberdeen Proving Ground, MD. Hybrid work arrangement with one to two days per week expected in the office at APG, MD.
As part of several openings of ours in Aberdeen Proving Ground, MD, GovStaff is seeking a mid–level Cyber Security Auditor interested in growing their professional career while serving under a major IT support contract for the Army Test and Evaluation Command (ATEC), Aberdeen Test Center (ATC).
Offering a team-oriented challenging work environment, an attractive salary, excellent benefits, and an opportunity to work with a leading tech firm with more than 35 years' worth of experience and expertise providing information technology/management, data management, logistics, system engineering, and program management solutions to the Federal Government.
QUALIFICATIONS BELOW MUST BE REFLECTED IN RESUMES for CONSIDERATION:
- Hardware and Software audit/assessment experience
- Bachelor's Degree in directly related field and at least 5 years of relevant experience; Relevant work experience may be substituted for Bachelor's degree
- Must Have Specialized experience applying the Application Security and Development (AS&D) STIG (AppDev STIG) checklist compliance for hardware, software, and related peripherals – i.e. tablets, mobile devices
- Applying STIG Checklist to GOTS and COTS software applications
- Experience securing software development/testing, static and dynamic code analysis, software assurance, software assessments application threat modeling
- Experience performing software and hardware risk and vulnerability analysis, or closely related functions such as technical assessment of software for networks, applications, and systems using tools such as ACAS, HP Fortify, HP Web Inspect, BURP Suite and/or other software assurance tools
- Running hardware scans with ACAS to assess vulnerabilities
- Performing scans with tools like Fortify to scan the source code for vulnerabilities
- Experience working with engineers to suggest mitigations for the findings
CERTIFICATION REQUIREMENTS:
- Must hold one of the following certifications: CSSP–AU: CISA preferred, or CEH, CySA+, CISA, GSNA, CFR, or PenTest OR IASAE: CASP+CE, CISSP or associate, CSSLP
- Must also possess DOD 8570.01–M certifications meeting the requirements for IAT Level II or IAM Level I: Security + CE, CCNA–Security, CySA+, GICSP, GSEC, CND, SSCP, CAP, CND, or Cloud+
JOB RESPONSIBILITIES:
- Secure Code Review: Utilize HP Fortify to examine code scan results submitted by developers.
- Identify and verify noted false positives
- Provide comments on scan results and vulnerabilities present, recommend POA&M mitigations.
- Software and Hardware Assessments: Install software on isolated VM and assess software against 800–53 controls and AS&D STIG.
- Utilize Wireshark and Attack surface analyzer to assess software traffic and connections
- Assess Hardware against named STIG or SRG
- Document assessment results and potential mitigations
- Assist with assessment of subordinate locations against STIG, 800–53 controls, and Army regulations
- STIG checklist reviews for packages managed by the branch
- Auditing of technical controls within eMASS.
At GovStaff, we operate in strict confidence: We do not share resumes, names, or applications outside of GovStaff, unless given express consent by each candidate. We welcome all cleared professionals to our GovStaff Network, regardless of current job seeking status. If you feel this key opening may meet your experience and interests, please apply. If this position does not meet your interests or the requirements, all applications are still welcomed. We'll gladly hang onto your profile in the event another position opens that could be a match for your experience and interests. GovStaff, and all our business partners, adhere to all EEOC regulations.
#J-18808-Ljbffr