Caelum Research Corporation
Cybersecurity Auditor Specialist III
Caelum Research Corporation, Baltimore, Maryland, United States,
POSITION:
Cybersecurity Auditor Specialist III
LOCATION:
Aberdeen Proving Ground, MD
SCOPE:
Serve as a Cybersecurity Technical Auditor on a major IT support contract for the Army Test and Evaluation Command (ATEC) at the Aberdeen Test Center (ATC).
RESPONSIBILITIES:
Secure Code Review
Utilize HP Fortify to examine code scan results submitted by developers.
Identify and verify noted false positives.
Provide comments on scan results and vulnerabilities present, recommend POA&M mitigations.
Software and Hardware Assessments
Install software on isolated VM and assess software against 800-53 controls and AS&D STIG.
Utilize Wireshark and Attack surface analyzer to assess software traffic and connections.
Assess Hardware against named STIG or SRG.
Document assessment results and potential mitigations.
Assist with assessment of subordinate locations against STIG, 800-53 controls, and Army regulations.
STIG checklist reviews for packages managed by the branch.
Auditing of technical controls within eMASS.
QUALIFICATIONS:
Bachelor’s Degree in directly related field and at least 5 years of relevant experience; Relevant work experience may be substituted for Bachelor’s degree.
Must hold one of the following certifications:
CSSP-AU
CISA
IASAE
CASP+CE, CISSP or associate, CSSLP
Must possess DOD 8570.01-M certifications meeting the requirements for IAT Level II or IAM Level I.
Relevant education and/or experience in the assigned program area (Computer Science, Computer/Software Engineering, Computer Information Systems) with specific experience in cybersecurity and/or information assurance.
Specialized experience in AS&D STIG compliance, secure software development/testing, static and dynamic code analysis, software assurance, software assessments, application threat modeling, performing software and hardware risk and vulnerability analysis, or a closely related function, such as technical assessment of software for networks, applications and systems; using cybersecurity/IT audit tools such as ACAS, HP Fortify, HP Web Inspect, BURP Suite, and other software assurance tools.
SECURITY CLEARANCE:
Ability to obtain/maintain Secret clearance is required.
#J-18808-Ljbffr
Cybersecurity Auditor Specialist III
LOCATION:
Aberdeen Proving Ground, MD
SCOPE:
Serve as a Cybersecurity Technical Auditor on a major IT support contract for the Army Test and Evaluation Command (ATEC) at the Aberdeen Test Center (ATC).
RESPONSIBILITIES:
Secure Code Review
Utilize HP Fortify to examine code scan results submitted by developers.
Identify and verify noted false positives.
Provide comments on scan results and vulnerabilities present, recommend POA&M mitigations.
Software and Hardware Assessments
Install software on isolated VM and assess software against 800-53 controls and AS&D STIG.
Utilize Wireshark and Attack surface analyzer to assess software traffic and connections.
Assess Hardware against named STIG or SRG.
Document assessment results and potential mitigations.
Assist with assessment of subordinate locations against STIG, 800-53 controls, and Army regulations.
STIG checklist reviews for packages managed by the branch.
Auditing of technical controls within eMASS.
QUALIFICATIONS:
Bachelor’s Degree in directly related field and at least 5 years of relevant experience; Relevant work experience may be substituted for Bachelor’s degree.
Must hold one of the following certifications:
CSSP-AU
CISA
IASAE
CASP+CE, CISSP or associate, CSSLP
Must possess DOD 8570.01-M certifications meeting the requirements for IAT Level II or IAM Level I.
Relevant education and/or experience in the assigned program area (Computer Science, Computer/Software Engineering, Computer Information Systems) with specific experience in cybersecurity and/or information assurance.
Specialized experience in AS&D STIG compliance, secure software development/testing, static and dynamic code analysis, software assurance, software assessments, application threat modeling, performing software and hardware risk and vulnerability analysis, or a closely related function, such as technical assessment of software for networks, applications and systems; using cybersecurity/IT audit tools such as ACAS, HP Fortify, HP Web Inspect, BURP Suite, and other software assurance tools.
SECURITY CLEARANCE:
Ability to obtain/maintain Secret clearance is required.
#J-18808-Ljbffr