Information Systems Auditor
The Information Systems Auditor evaluates the internal control and risk environment within the IT organization.Job Responsibilities:* Working independently or as part of multiple project teams, assesses the information technology (IT) risk and enhances IT business systems, processes, and controls.* Evaluates IT systems to ensure they comply with FISMA.* Enforces a separation of duties between enterprise IT managers, who administer user identities and set policy, and departmental staff, who administer systems.* Collaborates with the business to analyze, evaluate, and enhance information systems facilitating the business' internal control processes and the standards set by FISMA.* Continuously assesses opportunities to improve the internal control environment across the organization.* Present security findings to management and assist the IA team in completing compliance tasks in accordance with the NIST Risk Management Framework (RMF) and submit Assessment and Authorization (A) documentation to support an Authority to Operate (ATO).* Assess impacts of proposed system modifications.* Completes internal audit work in compliance with established audit methodology while meeting all organizational and professional ethical standards.* Maintain a strong awareness of the current threat landscape. Create knowledge base articles for handling medium and high severity incidents.* Assess, analyze, and evaluate potential attacks and identify solutions affecting the data center.* Perform vulnerability assessments for the Pre-prod and prod IT infrastructure.Skills:* Understanding and/or experience with one or more of the following programming languages: .NET, PHP, Perl, Python, Java, Ruby, C, C++.* General knowledge and experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices, and threat modeling.* Highly proficient in intrusion analysis and incident response.* A strong understanding of the information security threat landscape, including detailed technical knowledge about the most prevalent vulnerabilities, threats, attack methods, and infection vectors.* Planning and implementing corrective mitigation to stop the advanced persistent threats, security incidents, and system intrusions, anomalies, and potential unauthorized activity* Advanced experience with, Windows, and Linux systems.* Excellent problem solving, crisis management, and decision-making skills.* Basic system administration skills.* Advanced knowledge of Malware Detection, Email Security, Data Loss Prevention, Anti-Virus, Vulnerability Identification, etc.Education/Experience:* GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MSA, MCP, or MCSE preferred.* Evaluate operational processes and procedures to make recommendations for improvement and/or streamline the environment and workflow using ITIL processes and SLA/OLA metrics* Experience with SIEM (ie Splunk, QRadar) Sourcefire, FireEye, Snort or an equivalent tool required.* Experience configuring and troubleshoot networks, hardware and other attached devices.* 2-4 years' experience required.