"Alerted.org

The Security Auditor, serving as Compliance Lead, is responsible for performing independent assessments of management, operational, and technical security controls in the CASTLE-NET IT environment. This role conducts security reviews and risk analyses to identify weaknesses in security architecture, recommends mitigation measures, monitors and evaluates systems for compliance with IT security requirements, and ensures resilience and dependability standards are maintained across the infrastructure.

Key Responsibilities

+ Conduct independent security assessments of management, operational, and technical controls

+ Perform comprehensive security reviews and risk analyses across IT systems and infrastructure

+ Identify security weaknesses and gaps in security architecture and controls

+ Recommend evidence-based mitigation measures and control enhancements

+ Monitor IT systems and infrastructure to ensure compliance with security requirements and standards

+ Utilize vulnerability assessment tools to identify system weaknesses and attack vectors

+ Conduct security testing including penetration testing and configuration compliance checks

+ Evaluate system resilience, dependability, and recovery capabilities

+ Document security assessment findings in comprehensive reports with risk ratings

+ Verify implementation of corrective actions and remediation measures

+ Provide expert guidance on security control selection and implementation

+ Maintain current knowledge of security frameworks, standards, and best practices

Required Qualifications

+ Bachelor's degree in IT, Computer Science, or related field (or equivalent work experience)

+ 8+ years of relevant experience as a Security Control Assessor, Security Auditor, or related role

+ Excellent understanding of cybersecurity principles, risk management frameworks, and IT security methodologies

+ Expert knowledge of vulnerability assessment tools and security testing methodologies

+ Strong problem-solving, analytical, communication, and interpersonal skills

+ Ability to manage multiple security assessments effectively and collaboratively

+ Experience developing detailed security assessment reports with risk analysis and recommendations

Preferred Qualifications

+ CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) certification

+ Certified Authorization Professional (CAP) certification from (ISC)²

+ Familiarity with USACE IT environment and federal security standards

+ Knowledge of NIST SP 800-53 security controls and assessment frameworks

+ Experience with security assessment tools (Qualys, Tenable, OpenVAS)

+ Background in federal IT security compliance and accreditation processes

+ Experience with continuous monitoring and security control assessment methodologies

Required Skills

+ Security Assessment & Control Testing

+ Vulnerability Assessment & Analysis

+ Risk Analysis & Reporting

+ Cybersecurity Frameworks & Standards

+ Security Architecture Review

Preferred Skills

+ Penetration Testing & Ethical Hacking

+ NIST SP 800-53 Controls Knowledge

+ Compliance Risk Management

+ Security Assessment Tools (Qualys, Tenable)

+ Federal Security Standards (FISMA, FedRAMP)

Compensation Ranges

Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.

Physical Requirements

The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

Disclaimer

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.

$122,900 - 154,500

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, gender identity, veteran status, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, veteran status, disability, gender identity, or age. All decisions on employment are made to abide by the principle of equal employment.