Jacobs provides information technology solutions and services to a broad range of both Government and private industry, including Department of Defense, Federal Civilian agencies, healthcare, education, and small/medium business market. Our analysts, engineers, and technicians are highly trained, qualified subject matter experts, understanding each segments specialized business processes, requirements, and functions. Combined with an extensive IT background, Information Solutions Group's enhanced IT services enable our clients to analyze existing business processes, identify process improvements, evaluate associated risks, and develop operational solutions.
The Information Systems Auditor audits moderately complex new and existing information systems applications to ensure that appropriate controls exist, that processing is efficient and accurate, and that systems and procedures are following corporate standards. Competent to work on most phases of information systems auditing with little to no oversight in support of the Security Controls Assessor (SCA).
Responsibilities include, but are not limited to:
Conduct an overall enterprise vulnerability management program as part of the overall risk management program for United States Transportation Command (USTRANSCOM);
Develop the procedures for and perform security audits of information systems to validate the system is compliant with security guidelines, build guides, checklist and STIG guidance and security alerts;
Analyze potential vulnerabilities and required mitigations as needed to protect and defend the USTRANSCOM information systems;
Assess the security controls and procedures, measure effectiveness of the total system security and make mitigation recommendations based on the assessments and audits;
Prepare reports that detail compliance and non-compliance findings with remediation recommendations for non-compliant findings; revalidate systems compliance after system administrator's remediation, and prepare final audit report;
Perform special security audits at the Government's request to assess specific risk conditions or concerns, and will typically involve scanning and on-system measurements of the compliance status of the system;
Manage Information Assurance Vulnerability Management (IAVM) program to include track, distribute and report IAVM compliance and trend data; and update United States Cyber Command (USCYBERCOM) on IAVM status; prepare IAVM reports and trend analyses; and prepare and process POA&Ms;
Monitor government and private sector vulnerability databases and sources to identify vulnerabilities not released through the IAVM program;
Employ a vulnerability alert process to notify personnel to the presence of vulnerabilities affecting systems and networks; and ensure the Chief Information Security Office (CISO) and the Chief Information Officer (CIO) are aware of the vulnerabilities along with the appropriate mitigation
This position requires a Bachelor's degree with 5 years of experience or a total of 8 years of related experience. A DoDI 8570 IAT Level II certification is required, and the ability to obtain Certified Ethical Hacker or equivalent certification within 6 months. The minimum of an interim Secret level DoD Security Clearance is required.
Requires sitting for extended periods of time at a desk (90%). Requires sitting at a computer terminal for long periods of time (90%). There is a possibility that due to parking availability and location of work area walking moderate to long distances can sometimes be required.
Inside office/cubicle environment. Requires ability to interact professionally with co-workers and all levels of management (100%).
Equipment and Machines
Requires ability to operate a personal computer, a telephone, copier, and other general office equipment (100%). Ability to conduct evaluation of third and fourth generation or current state of the art computer hardware and software and its ability to support specific requirements, interfacing with other equipment and systems.
Attendance is critical. Work hours are normally 8 hours per day and 5 days per week, Monday through Friday. Being prompt is important to provide continuous and on-going service to customers. Attendance is important to maintain continuity of service. Work outside of normal duty hours may be required with as little as one hour advance notice. Overtime is infrequent, but important when required (1%).
Other Essential Functions
Must be able to communicate effectively, both verbally and in writing. Must be able to interface with individuals at all levels of the organization. Must be able to obtain unescorted access to work areas. Grooming and dress must be appropriate for the position and must not impose a safety risk/hazard to the employee or others.
Posting ID: 552789527Posted: 2020-05-21