Information Technology Auditor

Tiber Creek Consulting is seeking Entry Level and Experienced IT Auditors to work as part of an IT Audit team.  Candidates should have a background in Computer Science, Information Systems, Information Security, Information Assurance, or a closely related field. Auditors will break down complex concepts into easy-to-understand content and work multiple complex tasks with tight deadlines while proactively seeking assistance from subject matter experts. The position has high growth potential in several directions, depending on your interests, including functional, technical, and/or project leadership roles. Entry level candidates having experience working in an IT environment, a solid understanding of IT fundamentals, and a desire to learn from industry leading experts are encouraged to apply. Active DoD SECRET clearance or higher is required to be considered for this position

Location: Falls Church, VA
Education: BS/BA degree or 4+ additional years' relevant work experience in a Computer Science, Information Systems, or a closely related Field.  Relevant Experience with Computer Science, Computer Information Systems, Cyber Security, ISO 9001, 27000, CMMI for Development, ISO27001, SOC 2, SSAE18, NIST SP800-171, Cyber or Audits or Enterprise Systems may be substituted for Degree Requirements
Certifications: Working to obtain or possessing a, CISA, or CISSP  or Microsoft Windows Server Certifications, Cisco certifications, VMware certifications, CompTIA Security+, CompTIA CASP, CompTIA, AWS Certifications, Microsoft Azure Certifications or other Information Security Certifications

Experience: Entry level 1+ years relevant work experience
Experienced 2-6+ years relevant work experience

Clearance: DoD SECRET or higher clearance is required
Travel: 25% Out of town travel

Related Experience
Should Include:
  • Experience in Information Technology processes.
  • Writing/documentation related to large scale information technology systems, preferably for DoD and other government agencies.
  • Technical education, training, certifications, and/or hands-on experience.
  • Strong organizational skills (including helping to manage technical projects).
  • Strong interpersonal skills (experience working with project managers, technical writing teams, developers, and customers).
  • HTML/CSS knowledge is a plus.
  • The Department of Defense Architecture Framework (DoDAF) experience is a plus.
  • Federal Enterprise Architecture Framework (FEAF) experience is a plus.
  • Prior military experience is a plus.
  • FISCAM methodology using NIST 800-53r4 controls, NIST RMF, AU-C 320, or FFMIA a plus

Senior level candidates will be expected to have the following experience:

  • Management Experience in IT, Cyber, or Financial Audits IT Documentation, Audit report experience with standards such as NIST SP800-53r4, NIST RMF, PCI DSS, ISO27001, HIPAA, HITRUST, SOC 1/2/3 reports, SOX, FedRAMP, NIST SP800-171r1.
  • Reviewing reports such as System Security Plan (SSP), System Interface Agreements, Security Assessment Reports (SAR), SOC 1/2/3 Attestation Reports, NIST RMF package/documentation, STIG results/reports, Vulnerability Assessment/Reports, IT and Information Security Policy/Procedure documentation, Security Test & Evaluation (ST&E) reports, Security Control mapping documentation, DOD Cloud Computing Security Requirements Guide (SRG), Risk Assessment and Management documentation, Incident Response Plan, Business Continuity documentation (COOP), Concepts of Operations (CONOPS) documentation, reviewing Plans of Actions and Milestones (POA&Ms), etc
Job Duties:
  • Generating SOC Report
  • RMF documentation
  • NIST SP800-53r4 control reviews
  • Reviewing and generating reports based on the FISCAM methodology
  • Supporting Audit teams
  • Security Test and Evaluation (ST&E) documentations
  • Reviewing Security Technical Implementation Guides (STIGs)
  • Reviewing DOD Cloud Security Requirement Guides (SRG)
  • Reviewing Vulnerability Assessments
  • Performing Security Assessments
  • Performing Network Security Assessments
  • Reviewing System Security Plans (SSP)
  • Reviewing Plan of Actions and Milestones (POA&M) artifacts
Physical Demands and Work Environment:
  • Usual office working conditions and standard office equipment. Required to sit for long periods of time using a personal computer. Some light physical effort required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.
Minimum Qualifiers:
  • Candidates must have current DoD Secret clearance or higher (application completion requires verifiable information regarding your U.S. citizenship, residence, education, employment history, family, associates, and foreign connections/travel as well as questions regarding criminal records, illegal drug involvement, financial delinquencies, certain types of mental health treatment, alcohol-related incidents and counseling, military service, prior clearances and investigations, civil court actions, misuse of computer systems, and subversive activities).
  • Unable to work with 3rd party candidates or agencies.
  • Only local residents to the Northern VA, DC, MD area will be considered.
  • A writing sample may be required with your resume to be considered for this position

Interested in joining our team?

Comments are closed.