COPPER RIVER ENTERPRISE SERVICES

Returning Candidate?

Information Systems Auditor - Senior

Information Systems Auditor - Senior

Job Location 
VA-Arlington
# of Openings 
1
Security Clearance 
Active Secret
Percentage of Travel Required 
10% or less
Type 
Regular Full-Time

More information about this job

Responsibilities

  • Advise government program managers on security testing methodologies and processes
  • Perform system analysis, system audits, system monitoring, security control assessment/testing (or ST&E), risk management, and incident response
  • Evaluate certification documentation and provide written recommendations for accreditation to government PM’s
  • Evaluate IT threats and vulnerabilities to determine whether additional safeguards are needed
  • Conduct certification tests that include verification that the features and assurances required for each protection level are in place
  • Conduct and coordinate IS security inspections, tests, and reviews
  • Experience preparing the final Security Assessment Report (SAR) containing the results and findings from the assessment
  • Initiate a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR

Qualifications

  • Education:
    • Bachelor’s degree
    • Computer security certification (CISSP, CCSP, CISM, GSLC, or CASP)
  • Required Knowledge/Experience:
    • Working knowledge of various hardware platforms and software applications:Operating Systems: Red Hat Linux Enterprise v6.x, Windows Server 2016, Windows Server 2012 R2, VMware vSphere ESXi v6
    • Applications: eMASS, CSAM, Xacta, Tenable Nessus Security Center
    • Web/Database: MySQL, Oracle Database, Microsoft SQL Server 2008 R2 Standard
    • Must have a good understanding of SDLC and RMF Process
    • Experience advising government program managers on security testing methodologies and processes
    • Experience performing system analysis, system audits, system monitoring, security control assessment/testing (or ST&E), risk management, incident response
    • Experience evaluating certification documentation and provide written recommendations for accreditation to government PM’s
    • Experience reviewing system security to accommodate changes to policy or technology
    • Evaluate IT threats and vulnerabilities to determine whether additional safeguards are needed
    • Experience advising the government concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system
    • Experience conducting certification tests that include verification that the features and assurances required for each protection level are in place
    • Experience with conducting and coordinating IS security inspections, tests, and reviews
    • Experience assessing changes in the system, its environment, and operational needs that could affect the accreditation
    • Experience preparing the final Security Assessment Report (SAR) containing the results and findings from the assessment
    • Experience with Initiating a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR
    • Experience performing risk assessments and make recommendations to customers
  • Preferred Knowledge/Experience:
    • Bachelor’s preferably in Information Systems, Computer Engineering, Computer Science, Cyber Security, or equivalent experience

Other Responsibilities

  • Perform other tasks consistent with the goals and objectives of the department/contract
  • Perform other duties as assigned by Sr Program Manager

 

Invest in a company that invests in you! Copper River provides its employees with ample opportunities for career growth and development. Tuition reimbursement is offered to help employees further their education and skillset. Other perks include Open Leave, 401k matching with immediate vesting, Medical, Vision, and Dental coverage.

 

EEO/AA Employer Minorities/Females/Vets/Disability

 

Disclaimer: The above statements are intended to describe the general nature and level of work performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.