Senior Cybersecurity Auditor
Benefits:
• 401(k) matching
• Bonus based on performance
• Competitive salary
• Dental insurance
• Health insurance
• Paid time off
• Parental leave
• Training & development
• Vision insurance
ORGANIZATIONAL BACKGROUND
Established in August 2016, Basecamp Consulting and Solutions is a dynamic Information Technology (IT) consulting firm committed to delivering results for our clients. Specializing in next-generation IT and digital transformation solutions, Basecamp Consulting and Solutions is dedicated to helping clients achieve success through trust, innovation, quality work, and a steadfast commitment to results.
At Basecamp, we believe in the power of emerging technologies to propel our clients toward their goals. Our focus lies in business and IT modernization, utilizing Cloud solutions, cybersecurity, and cutting-edge application development. We pride ourselves on a team of talented professionals who are passionate about supporting our clients on their journey towards innovative outcomes.
Basecamp Consulting and Solutions is dedicated to pushing the boundaries of IT consulting and we are equally committed to embodying these principles in every facet of our work.
POSITION OVERVIEW
Reporting to the Project Manager, the Senior Cybersecurity Auditor will independently perform complex security analysis of classified and unclassified applications, systems and enclaves for compliance with security requirements. Performs Command Cyber Readiness Inspections and cybersecurity vulnerability evaluations. Uses a variety of security techniques, technologies, and tools to evaluate security posture in highly complex computer systems and networks. Ability to perform vulnerability and risk analysis, and participate in a variety of computer security penetration studies. Analyzes and defines security requirements for computer and networking systems, to
include mainframes, workstations, and personal computers. Recommends solutions to meet security requirements. Gathers and organizes technical information about an organization's mission goals and needs, and makes recommendations to improve existing security posture. Demonstrated experience and ability to provide enterprise-wide technical analysis and direction for problem definition, analysis and remediation for complex systems and enclaves. Ability to provide workable recommendations and advice to client executive management on system improvements, optimization and maintenance in the following areas: Information Systems Architecture, Automation, Telecommunications, Networking, Communication Protocols, Application Software, Electronic Email, VOIP and VTC. Competent to work at the highest level of all phases of information systems auditing.
REQUIRED QUALIFICATIONS
• Active DoD Secret Clearance
• Active IAT II Certification (CompTIA Security+ etc)
• Active CSSP Analyst or CSSP Auditor Certification
• Proven proficiency performing CCRI/ vulnerability assessment/ penetration testing on networks, databases, computer applications and IT frameworks
• Seven years IT experience
• Five years IA experience
• Strong analytical and problem solving skills for resolving security issues
• Strong skills implementing and configuring networks and network components
• 2 years of experience with DOD Vulnerability Management System
• 5 years of experience with Command Cyber Readiness Inspection experience in at least one of the following areas listed below:
• Tenable scan analysis
• Operating Systems (Windows, Unix)
• Boundary defense (network policy, router, firewall)
• Internal defense (L2 switch, L3 switch)
• DNS (policy, BIND/Windows)
• HBSS (remote console, AV, ABM, PA, HIPS, ePO)
• Traditional security (Common, Basic, NCV, SCV)
• Wireless communications (BES, handhelds)
• Must possess certification meeting the DOD 8570.01 IAM level III and IAT level II
• Knowledge and understanding of DOD security regulations, DISA Security Technical
• Implementation Guides
• Understanding of SCAP
• Knowledge of and proficiency with:
• VULNERATOR
• USCYBERCOM CTO Compliance Program
• Wireless vulnerability assessment
• Web Services (IIS, Apache, Proxy)
• Database (SQL Server, Oracle)
• Email Services (Exchange)
• Vulnerability Scans (NESSUS, SCCM)
• Container Image scans
• Knowledge of Phishing exercises
• USB Detect
• Physical Security
This is a remote position.
Apply tot his job
Apply To this Job