Cyber Security Auditor

San Antonio

Job Description Job Description Salary: $118,00 - $123,00

$2,000 Signing Bonus

Job Purpose:

The candidate will be responsible for conducting vulnerability and compliance assessments on network infrastructure and cloud architectures to include, but not limited to scanning these environments to identify active client, server and infrastructure devices such as routers, switches, firewalls, proxy servers, intrusion detection/prevention systems (IDS/IPS), fingerprint applications/operating systems, identify vulnerabilities, analyze results, manually verify findings to eliminate false positives or negatives, capture artifacts such as screen captures, etc., to provide evidence and artifacts for each exploitable vulnerability, etc. Candidate must also be able to adequately “tell the story” of how vulnerability was exploited and what the overall impact would be to particular hosts or networks.

More specifically, the candidate will:

Conduct vulnerability and compliance assessments on AF and DoD systems (i.e., Microsoft Windows and UNIX based platforms) and network infrastructure/cloud architectures (i.e., routers, switches, Voice over IP, etc.)

Demonstrated understanding of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) and employed/use of virtual private networks (VPNs)

Collaborate with cyber and security to ensure security controls are embedded into architectures/designs to be assessed

Create proof-of-concepts to demonstrate feasibility of new ideas/innovations

Demonstrated ability to read raw network device configuration and be able to identify and describe why a particular setting is erroneous without the assistance of automated tools

Remain abreast of emerging cloud technologies to provide input and knowledge on trends to support future customer missions/tasks

Ability to map out a network and identify the location of discovered devices within the network/cloud architecture

Ability to methodically analyze problems and identify potential solutions

Ability to adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular vulnerability or exploit

Analyze and evaluate network and infrastructure diagrams for potential attack vectors; render sound cyber security remediation recommendations for items identified

Knowledgeable in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events

Assist customer with implementing policies and tactics, techniques and procedures for conducting assessments

Exhibit good written and verbal skills, with an attention to detail and desire to deliver a quality product; additionally, an ability to render concise reports, summaries, and formal oral presentations

Demonstrate willingness and ability to mentor co-workers an share knowledge with internal customers

Ability to prioritize conflicting demands to arrange, address and resolve support issues

Travel up to 25% with trips encompassing 1-4 weeks in duration

MINIMUM REQUIREMENTS

Must meet DoD 8570 IAT Level 3 requirements (CASP, CISSP+, CISA, etc.) and have an active TS/SCI clearance

Must possess a cloud computing professional certification (AWS CSA/CD, Azure Administrator/Security Engineer, Google Cloud Engineer, etc.)

Must obtain a CSSP-Auditor (C|EH, CySA, CISA, GSNA) certification within 6 months

Minimum bachelor’s degree and 2 years’ experience, associates degree with 4 years’ experience or 6 years equivalent experience without a degree; degrees focused on engineering or applied science

Expertise with cross-functional requirements and interfaces for hardware, software and communications in a cloud computing environment (AWS, Azure) (5 years)

Experience in working with and in a network systems security environment with a focus on network administration and security (5 years)

Demonstrated understanding of virtualization technology and Docker containers (i.e. Hyper-V, VMware, Citrix, and VirtualBox)

Proficient in review and understanding of JSON and YAML languages

Demonstrated ability to employ NMAP, its associated options, and interpret results

Demonstrated ability to apply Nessus/ACAS and SCC to scan environments and interpret the results; firm understanding of how to review, analyze and interpret DISA STIGs

Interest in research to stay abreast of future direction and trends for cloud technologies

Self-motivated with minimal supervision

Must complete customer pre-screen, skills assessment lab, pass customer training and certification program and remain mission ready qualified

PREFERRED REQUIREMENTS IN ADDITION TO THE AFOREMENTIONED

Analytical with the ability to understand and implement customer objectives

Familiarity with NIST, RMF, DISA STIGs and experience in conducting DoD vulnerability and compliance assessments

Experience or familiarity with military operations highly desirable

SIM&S, Inc. is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other protected class.