Cyber Security Auditor

$2,000 Signing Bonus

Job Purpose:

The candidate will be responsible for conducting vulnerability and compliance assessments on network infrastructure and cloud architectures to include, but not limited to scanning these environments to identify active client, server and infrastructure devices such as routers, switches, firewalls, proxy servers, intrusion detection/prevention systems (IDS/IPS), fingerprint applications/operating systems, identify vulnerabilities, analyze results, manually verify findings to eliminate false positives or negatives, capture artifacts such as screen captures, etc., to provide evidence and artifacts for each exploitable vulnerability, etc. Candidate must also be able to adequately “tell the story” of how vulnerability was exploited and what the overall impact would be to particular hosts or networks.

More specifically, the candidate will:

• Conduct vulnerability and compliance assessments on AF and DoD systems (i.e., Microsoft Windows and UNIX based platforms) and network infrastructure/cloud architectures (i.e., routers, switches, Voice over IP, etc.)
• Demonstrated understanding of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) and employed/use of virtual private networks (VPNs)
• Collaborate with cyber and security to ensure security controls are embedded into architectures/designs to be assessed
• Create proof-of-concepts to demonstrate feasibility of new ideas/innovations
• Demonstrated ability to read raw network device configuration and be able to identify and describe why a particular setting is erroneous without the assistance of automated tools
• Remain abreast of emerging cloud technologies to provide input and knowledge on trends to support future customer missions/tasks
• Ability to map out a network and identify the location of discovered devices within the network/cloud architecture
• Ability to methodically analyze problems and identify potential solutions
• Ability to adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability or exploit
• Analyze and evaluate network and infrastructure diagrams for potential attack vectors; render sound cyber security remediation recommendations for items identified
• Knowledgeable in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events
• Assist customer with implementing policies and tactics, techniques and procedures for conducting assessments
• Exhibit good written and verbal skills, with an attention to detail and desire to deliver a quality product; additionally, an ability to render concise reports, summaries, and formal oral presentations
• Demonstrate willingness and ability to mentor co-workers an share knowledge with internal customers
• Ability to prioritize conflicting demands to arrange, address and resolve support issues
• Travel up to 25% with trips encompassing 1-4 weeks in duration

MINIMUM REQUIREMENTS

• Must meet DoD 8570 IAT Level 3 requirements (CASP, CISSP , CISA, etc.) and have an active TS/SCI clearance
• Must possess a cloud computing professional certification (AWS CSA/CD, Azure Administrator/Security Engineer, Google Cloud Engineer, etc.)

• Must obtain a CSSP-Auditor (C|EH, CySA, CISA, GSNA) certification within 6 months

• Minimum bachelor’s degree and 2 years’ experience, associates degree with 4 years’ experience or 6 years equivalent experience without a degree; degrees focused on engineering or applied science
• Expertise with cross-functional requirements and interfaces for hardware, software and communications in a cloud computing environment (AWS, Azure) (5 years)
• Experience in working with and in a network systems security environment with a focus on network administration and security (5 years)

• Demonstrated understanding of virtualization technology and Docker containers (i.e. Hyper-V, VMware, Citrix, and VirtualBox)
• Proficient in review and understanding of JSON and YAML languages

• Demonstrated ability to employ NMAP, its associated options, and interpret results
• Demonstrated ability to apply Nessus/ACAS and SCC to scan environments and interpret the results; firm understanding of how to review, analyze and interpret DISA STIGs
• Interest in research to stay abreast of future direction and trends for cloud technologies

• Self-motivated with minimal supervision
• Must complete customer pre-screen, skills assessment lab, pass customer training and certification program and remain mission ready qualified

PREFERRED REQUIREMENTS IN ADDITION TO THE AFOREMENTIONED

• Analytical with the ability to understand and implement customer objectives
• Familiarity with NIST, RMF, DISA STIGs and experience in conducting DoD vulnerability and compliance assessments
• Experience or familiarity with military operations highly desirable

SIM&S, Inc. is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other protected class.