Security Auditor

Email Us - 877.583.2841 - Request A Demo

Use This Form To Have A TruShield Team Member Contact You With More Information.

  • This field is for validation purposes and should be left unchanged.

Use This Form To Contact TruShield Inc Directly. Or you can call us at: 877.583.2841. We will respond back as quickly as possible!

  • This field is for validation purposes and should be left unchanged.

Security Auditor

Job Synopsis

Do you have a passion for protection information, brands, and people from today’s advanced threats? Do you recognize that IT Compliance establishes a baseline upon which more mature security programs can be developed? Do you enjoy collaborating with customers to help solve their toughest CyberSecurity challenges? If so, consider joining the Professional Services team at TruShield where you will directly help improve the security posture for a variety of industries including financial, government, legal, manufacturing, and more. The results of your efforts will help our clients improve their security posture through your CyberSecurity expertise.

TruShield is looking for proactive, responsible, and highly motivated Security Auditors to join our team in maintaining technical relationships with our clients. This position will demand interaction with large scale enterprises at senior levels, as well as with technical staff within the traditional IT organization. Security Auditors will engage directly with clients seeking TruShield’s services in a relationship that serves as an extension of the clients’ Security Program.

Job Responsibilities

You will be tasked with independent and group projects to execute a variety of Security Auditors services. The primary services to be performed include:

  • Enterprise Risk Assessments
  • IT Compliance Audits:
  • PCI DSS
  • NIST SP 800-53 (FISMA)
  • NIST SP 800-171 (DFARS)
  • ISO 27001/2
  • GDPR
  • HIPAA Security Rule
  • IT Compliance Gap Assessments
  • Customized to client requirements and risk profiles, draft Security Program Documentation, such as:
  • IT Security Policies
  • System Security Plans
  • Contingency Plans
  • Incident Response Plans
  • Conduct Security Awareness Training
  • Network Security Architecture Analysis and Improvement Planning
  • Disaster Recovery Planning and Testing
  • Draft IT Security Policy

Additionally, as a Security Auditor you will:

  • Assess and investigate client IT Security Programs via interviews, documentation review, physical site surveys, and technical information analysis
  • Develop client security programs by reviewing existing security programs; conducting comprehensive reviews of threats; evaluating and analyzing relevant data points
  • Coordinate with TruShield’s Client Services Team, SOC Analysts, Incident Response handlers, and network/system engineers to explore and report on security risk issues that could impact our clients
  • Provide recommendations on IT solutions to help clients manage information security risk
  • Provide secondary support to all Professional Services practice offerings which may include:
  • Vulnerability Assessments
  • Network Penetration Testing
  • Web Application testing
  • Compliance Assessments
  • Compromise Assessments
  • Social Engineering
  • Firewall Configuration Analysis
  • Incident Response
  • Digital Forensics
  • Malware Reverse Engineering
  • Represent TruShield as a spokesperson at webinars, conferences, and special meetings correlated to information assurance and security awareness

Travel

10%-20% with a chance of increase as the business grows.

Job Requirements

Security Auditors require handling multiple engagements with overlapping deadlines. A demonstrated ability to write clear, coherent and precise reports on a multiplicity of complex technical issues is essential. Expert-level technical skills and knowledge in some of the following areas are essential.

  • Meet/exceed Education and Experience listed in this job description
  • Hands-on experience with security assessment tools
  • Hands-on experience review and drafting network and security diagrams
  • Strong knowledge of the following:
  • Active Directory security and best practices
  • Web Application security controls including design, best practices, dynamic and static code analysis
  • Network and security engineering
  • System hardening procedures for Windows, Linux, and UNIX environments
  • Security Operations procedures to maintain firewalls, IDS/IPS, and SIEM platforms
  • BYOD and Mobile Device Management platforms
  • Cloud-based platforms (Microsoft Azure, Amazon AWS, etc.)
  • TCP/IP Protocols, network analysis, and network/security applications
  • Wired and wireless network security concepts
  • Common network protocols
  • Social Engineering tactics, techniques, and tools
  • Performing vulnerability research by identifying and developing new attack methodologies, tools, and/or scripts
  • Strong written and verbal skills
  • Maintain positive relationships working with IT and non-IT client personnel of various backgrounds and industries
  • Comfortable explaining findings, recommendations, and deliverables to technical and non-technical audiences
  • Knowledge of common regulatory frameworks and controls
  • Knowledge of IT Security Governance best practices
  • Occasional night and weekend work when evaluating systems/organizations during non-business hours

Education

  • Bachelor’s Degree
  • Experience performing security and risk assessment work
  • Strong, diverse technical background and truly exceptional oral and written communications skills
  • Must demonstrate proven success in working in a team as well as independently and exhibit follow-through to understand root causes of issues
  • Must be a team player who leads by example and can interact well with all levels of personnel within TruShield’s internal teams, our clients, and our partners
  • Must be able to work with minimal oversight to achieve project objectives and deadlines
  • Superior organizational skills, multitasking abilities, and able to re-evaluate priorities
  • Client-facing consulting experience is a plus

Certifications

A Security Auditor is expected to currently have or obtain within 6-months of hire one or more of the following:

  • PCI QSA Auditor ** REQUIRED **
  • CISSP
  • CISM
  • CISA
  • GSNA
  • GCIH

Job Type: Full-time

Job Location:

  • Raleigh-Durham, NC
  • Sterling, VA

Please fill out the form below and submit your resume to apply for this position

Security Auditor

  • Drop files here or
    Accepted file types: doc, pdf, docx, txt, rtf.
  • This field is for validation purposes and should be left unchanged.

Copyright © 2016