As part of several openings of ours in Aberdeen Proving Ground, MD, GovStaff is seeking a mid-level Cyber Security Auditor seeking grow their professional career while serving under a major IT support contract for the Army Test and Evaluation Command (ATEC), Aberdeen Test Center (ATC).

Hybrid work arrangement with 1 to 2 days per week expected in the office at the client location in APG, MD. Candidates must be within commuting distance and there will be an onsite ramp-up period of one to two weeks.  

Offering a team oriented challenging work environment, an attractive salary, excellent benefits, and an opportunity to work with a leading tech firm with more than 35 years’ worth of experience and expertise providing information technology/management, data management, logistics, system engineering, and program management solutions to the Federal Government.

QUALIFICATIONS:

• Bachelor’s Degree in directly related field and at least 5 years of relevant experience; Relevant work experience may be substituted for Bachelor’s degree
• Must hold one of following certifications:

• CSSP-AU: CISA preferred, or CEH, CySA+, CISA, GSNA, CFR, or PenTest 

• IASAE: CASP+CE, CISSP or associate, CSSLP

• Must possess DOD 8570.01-M certifications meeting the requirements for IAT Level II or IAM Level I: Security + CE, CCNA-Security, CySA+, GICSP, GSEC, CND, SSCP, CAP, CND, or Cloud+
• Relevant education and/or experience in the assigned program area (Computer Science, Computer/Software Engineering, Computer Information Systems) with specific experience in cybersecurity and/or information assurance.
• Specialized experience in AS&D STIG compliance
• Experience securing software development/testing, static and dynamic code analysis, software assurance, software assessments application threat modeling
• Experience performing software and hardware risk and vulnerability analysis, or closely related functions such as technical assessment of software for networks, applications, and systems using tools such as ACAS, HP Fortify, HP Web Inspect, BURP Suite and/or other software assurance tools.

QUALIFICATIONS:

• Bachelor’s Degree in directly related field and at least 5 years of relevant experience; Relevant work experience may be substituted for Bachelor’s degree
• Must hold one of the following certifications:

• CSSP-AU: CISA preferred, or CEH, CySA+, CISA, GSNA, CFR, or PenTest 

• IASAE: CASP+CE, CISSP or associate, CSSLP

• Must possess DOD 8570.01-M certifications meeting the requirements for IAT Level II or IAM Level I: Security + CE, CCNA-Security, CySA+, GICSP, GSEC, CND, SSCP, CAP, CND, or Cloud+
• Relevant education and/or experience in the assigned program area (Computer Science, Computer/Software Engineering, Computer Information Systems) with specific experience in cybersecurity and/or information assurance.
• Must have experience in AS&D STIG checklist compliance
• Experience securing software development/testing, static and dynamic code analysis, software assurance, software assessments application threat modeling
• Experience performing software and hardware risk and vulnerability analysis, or closely related functions such as technical assessment of software for networks, applications, and systems using tools such as ACAS, HP Fortify, HP Web Inspect, BURP Suite and/or other software assurance tools.
•          Experience applying the Application Security and Development (AS&D) STIG (AppDev STIG)
•          Performing hardware assessment using above STIG checklist
•          Running hardware scans with ACAS to assess vulnerabilities
•          Applying the same STIG to software GOTS software applications
•          Performing scans with tools like Fortify to scan the source code for vulnerabilities
•          Based on scan results, working with engineers to suggest mitigations for the findings

RESPONSIBILITIES:

• Secure Code Review 
• Utilize HP Fortify to examine code scan results submitted by developers.
• Identify and verify noted false positives 
• Provide comments on scan results and vulnerabilities present, recommend POA&M mitigations. 
• Software and Hardware Assessments 
• Install software on isolated VM and assess software against 800-53 controls and AS&D STIG
• Utilize Wireshark and Attack surface analyzer to assess software traffic and connections 
• Assess Hardware against named STIG or SRG 
• Document assessment results and potential mitigations 
• Assist with assessment of subordinate locations against STIG, 800-53 controls, and Army regulations
• STIG checklist reviews for packages managed by the branch 
• Auditing of technical controls within eMASS. 

At GovStaff, we operate in strict confidence: We do not share resumes, names, or applications outside of GovStaff, unless given express consent by each candidate. We welcome all cleared professionals to our GovStaff Network, regardless of current job seeking status.     

If you feel this key opening may meet your experience and interests, please apply. If this position does not meet your interests or the requirements, all applications are still welcomed. We’ll gladly hang onto your profile in the event another position opens that could be a match for your experience and interests. GovStaff, and all our business partners, adhere to all EEOC regulations.