• Sr. Information Systems Auditor

    Job Location
    VA-Crystal City
    # of Openings
    Security Clearance
    Percentage of Travel Required
    10% or less
    Regular Full-Time
  • Overview

    Provide support to customer on security testing methodologies and processes as well as conduct security assessment and authorization (SA&A) activities. 


    • Advise government program managers on security testing methodologies and processes and Recommends information assurance/security solutions to support customers’ requirements
    • Perform system analysis, system audits, system monitoring, security control assessment/testing (or ST&E), risk management, and incident response
    • Evaluate certification documentation and provide written recommendations for accreditation to government PM’s
    • Evaluate IT threats and vulnerabilities to determine whether additional safeguards are needed
    • Conduct certification tests that include verification that the features and assurances required for each protection level are in place
    • Conduct and coordinate IS security inspections, tests, and reviews
    • Experience preparing the final Security Assessment Report (SAR) containing the results and findings from the assessment
    • Create Plan of Action and Milestones (POA&M) with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR
    • Conduct SA&A activities providing accurate, sufficient and timely information for direct hires to make risk-related decisions
    • Conduct briefings to System Owner, Information System Security Officer, Authorizing Official and stakeholders
    • Assist in the creation of SA&A packages with the responsibility for gathering information from system owners, applying data to the appropriate templates, and attending meetings in support of the effort
    • Coordinates the quality-control activities required to ensure the accuracy and adequacy of each deliverable, including in-process and final reviews, editing for compliance with all applicable specifications and standards, validation, and change verification


    • Education:
      • Bachelor’s degree
    • Required Knowledge/Experience:
      • Experience supporting cloud based security authorizations (FedRamp and AWS)
      • 3-5+ years serving as an assessor, performing security assessments, managing tasks, and communication with key stakeholders, etc.
      • Experience with NIST SP 800-53, 800-37, 800-115, and 800-30
      • Experience and ability to create Security Assessment Plans, Security Assessment Reports, and Executive-level briefings
      • Experience with vulnerability scanning tools (Nessus, McAfee, Client WebInspect, AppDetective, BurpSuite, Wireshark, etc)
      • Excellent communication skills 
      • Must work well in team environment
      • Computer security certification (Security +, CISSP, CCSP, CISM, GSLC, or CASP)

    Other Responsibilities

    • Perform other tasks consistent with the goals and objectives of the department/contract
    • Perform other duties as assigned by Sr Program Manager

     Invest in a company that invests in you! Copper River provides its employees with ample opportunities for career growth and development. Tuition reimbursement is offered to help employees further their education and skillset. Other perks include Open Leave, 401k matching with immediate vesting, Medical, Vision, and Dental coverage.


    EEO/AA Employer Minorities/Females/Vets/Disability


    Disclaimer: The above statements are intended to describe the general nature and level of work performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed