Motion Recruitment - Aberdeen, MD
posted about 2 months ago
Full-time - Mid Level
Aberdeen, MD
Administrative and Support Services
About the position
The Cyber Security Auditor is responsible for conducting secure code reviews, software and hardware assessments, and auditing technical controls. This role involves utilizing various tools to analyze code and assess compliance with established security standards, ensuring that vulnerabilities are identified and mitigated effectively.
Responsibilities
- Secure Code Review
- Utilize HP Fortify to examine code scan results submitted by developers
- Identify and verify noted false positives
- Provide comments on scan results and vulnerabilities present, recommend POA&M mitigations
- Install software on isolated VM and assess software against 800-53 controls and AS&D STIG
- Utilize Wireshark and Attack surface analyzer to assess software traffic and connections
- Assess Hardware against named STIG or SRG
- Document assessment results and potential mitigations
- Assist with assessment of subordinate locations against STIG, 800-53 controls, and Army regulations
- STIG checklist reviews for packages managed by the branch
- Auditing of technical controls within eMASS
Requirements
- Bachelor's Degree in directly related field and at least 5 years of relevant experience; Relevant work experience may be substituted for Bachelor's degree
- Must hold one of the following certifications: CSSP-AU, CISA, IASAE, CASP+CE, CISSP or associate, CSSLP
- Must possess DOD 8570.01-M certifications meeting the requirements for IAT Level II or IAM Level I
- Relevant education and/or experience in the assigned program area (Computer Science, Computer/Software Engineering, Computer Information Systems) with specific experience in cybersecurity and/or information assurance
- Specialized experience in AS&D STIG compliance, secure software development/testing, static and dynamic code analysis, software assurance, software assessments, application threat modeling, performing software and hardware risk and vulnerability analysis, or a closely related function, such as technical assessment of software for networks, applications and systems; using cybersecurity/IT audit tools such as ACAS, HP Fortify, HP Web Inspect, BURP Suite, and other software assurance tools.
