What are the responsibilities and job description for the Cyber Security HW/SW Auditor position at GovStaff?

As part of several openings of ours in Aberdeen Proving Ground, MD, GovStaff is seeking a mid-level Cyber Security Auditor seeking grow their professional career while serving under a major IT support contract for the Army Test and Evaluation Command (ATEC), Aberdeen Test Center (ATC).

Hybrid work arrangement with 1 to 2 days per week expected in the office at the client location in APG, MD. Candidates must be within commuting distance and there will be an onsite ramp-up period of one to two weeks.

Offering a team oriented challenging work environment, an attractive salary, excellent benefits, and an opportunity to work with a leading tech firm with more than 35 years' worth of experience and expertise providing information technology / management, data management, logistics, system engineering, and program management solutions to the Federal Government.

QUALIFICATIONS :

Bachelor's Degree in directly related field and at least 5 years of relevant experience; Relevant work experience may be substituted for Bachelor's degree
Must hold one of following certifications :
CSSP-AU : CISA preferred, or CEH, CySA , CISA, GSNA, CFR, or PenTest
IASAE : CASP CE, CISSP or associate, CSSLP
Must possess DOD 8570.01-M certifications meeting the requirements for IAT Level II or IAM Level I : Security CE, CCNA-Security, CySA , GICSP, GSEC, CND, SSCP, CAP, CND, or Cloud
Relevant education and / or experience in the assigned program area (Computer Science, Computer / Software Engineering, Computer Information Systems) with specific experience in cybersecurity and / or information assurance.
Specialized experience in AS&D STIG compliance
Experience securing software development / testing, static and dynamic code analysis, software assurance, software assessments application threat modeling
Experience performing software and hardware risk and vulnerability analysis, or closely related functions such as technical assessment of software for networks, applications, and systems using tools such as ACAS, HP Fortify, HP Web Inspect, BURP Suite and / or other software assurance tools.

QUALIFICATIONS :

Bachelor's Degree in directly related field and at least 5 years of relevant experience; Relevant work experience may be substituted for Bachelor's degree

Must hold one of the following certifications :

CSSP-AU : CISA preferred, or CEH, CySA , CISA, GSNA, CFR, or PenTest

IASAE : CASP CE, CISSP or associate, CSSLP

Must possess DOD 8570.01-M certifications meeting the requirements for IAT Level II or IAM Level I : Security CE, CCNA-Security, CySA , GICSP, GSEC, CND, SSCP, CAP, CND, or Cloud

Relevant education and / or experience in the assigned program area (Computer Science, Computer / Software Engineering, Computer Information Systems) with specific experience in cybersecurity and / or information assurance.

Must have experience in AS&D STIG checklist compliance

Experience securing software development / testing, static and dynamic code analysis, software assurance, software assessments application threat modeling

Experience performing software and hardware risk and vulnerability analysis , or closely related functions such as technical assessment of software for networks, applications, and systems using tools such as ACAS, HP Fortify, HP Web Inspect, BURP Suite and / or other software assurance tools.

Experience applying the Application Security and Development (AS&D) STIG (AppDev STIG)

Performing hardware assessment using above STIG checklist

Running hardware scans with ACAS to assess vulnerabilities

Applying the same STIG to software GOTS software applications

Performing scans with tools like Fortify to scan the source code for vulnerabilities

Based on scan results, working with engineers to suggest mitigations for the findings

RESPONSIBILITIES :

Secure Code Review

Utilize HP Fortify to examine code scan results submitted by developers.

Identify and verify noted false positives

Provide comments on scan results and vulnerabilities present, recommend POA&M mitigations.

Software and Hardware Assessments

Install software on isolated VM and assess software against 800-53 controls and AS&D STIG

Utilize Wireshark and Attack surface analyzer to assess software traffic and connections

Assess Hardware against named STIG or SRG

Document assessment results and potential mitigations

Assist with assessment of subordinate locations against STIG, 800-53 controls, and Army regulations

STIG checklist reviews for packages managed by the branch

Auditing of technical controls within eMASS.

At GovStaff, we operate in strict confidence : We do not share resumes, names, or applications outside of GovStaff, unless given express consent by each candidate. We welcome all cleared professionals to our GovStaff Network, regardless of current job seeking status.

If you feel this key opening may meet your experience and interests, please apply. If this position does not meet your interests or the requirements, all applications are still welcomed. We'll gladly hang onto your profile in the event another position opens that could be a match for your experience and interests. GovStaff, and all our business partners, adhere to all EEOC regulations.

Apply for this job

Receive alerts for other Cyber Security HW/SW Auditor job openings

Cyber Security HW/SW Auditor

What are the responsibilities and job description for the Cyber Security HW/SW Auditor position at GovStaff?

What is the career path for a Cyber Security HW/SW Auditor?

Job openings at GovStaff

Not the job you're looking for? Here are some other Cyber Security HW/SW Auditor jobs in the Maryland, MD area that may be a better fit.

We don't have any other Cyber Security HW/SW Auditor jobs in the Maryland, MD area right now.

AI Assistant is available now!