Cybersecurity Software Assurance and Audit SME with Security Clearance

Cybersecurity Software Assurance & Audit SME LCAT: Information Assurance Engineer - Senior Required Certifications: CISSP and/or ISSEP Position Overview: This position is for a Cybersecurity Software Assurance and Audit Subject Matter Expert. This is a remote position, with limited/periodic travel to Radford, VA. This position will support both cybersecurity Software Assurance (SwA) processes and Audit support for our customers. Position Duties:

• Lead the cybersecurity portion of Software Assurance reviews on behalf of the client and hosted customers.

• Coordinate with team members to ensure that hosted application audit logs are properly configured and collected.

• Ensure that ACAS scans for servers hosting applications are remediated or mitigated to the appropriate level by coordinating with team members.

• Review Code Scan Analysis reports for accuracy and collaborate with ISSO/ISSM to validate or create necessary POA&M documentation.

• Act as a liaison between customers and the client's teams to facilitate efficient Software Assurance reviews.

• Compile Code Review Packages for final AO/AODR approval.

• Provide cybersecurity expertise and guidance for the design, implementation, and operation of DevSecOps pipeline.

• Serve as the client's Cybersecurity Subject Matter Expert (SME) for hosted customers with financial audit requirements.

• Oversee the process of reviewing, documenting, and monitoring privileged access to systems and data.

• Ensure compliance with policies regarding privileged access and make recommendations for improvements.

• Prepare for and participate in audits conducted by internal and external audit teams.

• Provide evidence and documentation to demonstrate compliance with security policies and regulatory requirements.

• Collaborate closely with IT, security, and compliance teams to gather necessary information for audits.

• Facilitate meetings with auditors to discuss findings, answer questions, and provide clarifications.

• Document audit findings, including any identified gaps or weaknesses, and track remediation efforts.

• Generate detailed reports for management summarizing audit activities, findings, and remediation status. Required Skills:
• Senior level Cybersecurity experience

• Strong understanding of Software Assurance processes to include DevSecOps

• Familiarity with compliance frameworks and regulatory requirements.

• Strong analytical and problem-solving skills to identify and address security issues.

• Ability to interpret complex data and make informed decisions.

• Excellent verbal and written communication skills.

• Ability to effectively communicate audit findings and recommendations to both technical and non-technical stakeholders.

• Strong understanding of privileged access management and related security best practices.

• Strong interpersonal skills to work collaboratively with internal teams and external auditors.

• Attention to detail and ability to maintain accurate and comprehensive documentation.

• Self-starter, effective time management and ability to meet audit deadlines.

• Extensive knowledge of DoD STIGs, and IA Vulnerability Management (IAVM).

• Ability to work cooperatively as a member of a team.

• Ability to interpret and apply rules, regulations, and procedures.

• Ability to gather, analyze, and present facts.

• Understanding of DOD Risk Management Framework Assessment & Authorization (RMF A&A). Required Certifications:
• DoD 8570.01-M IAM level III certification o CISSP and/or ISSEP Clearance Required:
• DoD Secret Position Location:
• This position is remote. Limited/periodic travel to Radford, VA. Education:
• Bachelor's degree or higher in IT related field