5+ years in cybersecurity or information security roles
Experience with risk analysis and IT control frameworks
Familiarity with auditing methodologies and IT compliance standards
Hands-on knowledge of vulnerability scanning tools like Qualys and Nessus
Effective communication and leadership skills
Certifications such as CISSP, Security+, CCNP or similar
Background in secure software development practices
Responsibilities
Design and implement a comprehensive security audit program
Conduct technology and process risk assessments
Evaluate and enhance IT security controls across systems
Perform technical audits on applications, databases, and networks
Provide strategic recommendations based on audit findings
Assist clients with compliance for HIPAA and cybersecurity frameworks
Prepare detailed reports on technical analysis and audit results
Benefits
Professional development opportunities
Support for obtaining relevant certifications
Flexible working arrangements
Collaborative team environment
Access to cutting-edge cybersecurity tools and resources
Full Job Description
The Cyber Security Audit Engineer will manage a variety of technical security auditing capabilities, including a holistic auditing approach of applications, databases, servers, networking devices, and software. Responsible for demonstrating skills in assessing IT process and technology risks, identifying and evaluating the design of IT controls, designing, executing and documenting IT audit tests, and making initial determination of reportable issues. Assist with HIPAA / HITECH assessments, and data breach preparedness. Will work in close coordination with team members and other business owner's partners to carry our customer requirements. Job Description:
ROLES and RESPONSIBILITIES:
Design, build, implement and monitor a holistic audit program across the enterprise.
Develop understanding of appropriate business aspects, IT risks, IT control requirements, processes and systems under review.
Perform process and technology risk analysis with a cybersecurity mindset and focus, prepare process maps and flowcharts, prepare effective and efficient compliance and substantive technical approach; and execute in depth IT audit review.
Perform assessment of IT process and security controls within information systems environment.
Evaluate test results: accurately identify symptoms, root cause, problems, identify alternative controls and develop recommendations.
Perform audit reviews of technology such as applications, databases, servers, networking devices (i.e., firewalls and routers), and security tools such as IDS/IPS, anti-malware, and authentication systems (e.g., Active Directory).
Performing technology assessments in a wide variety of business environments, including:
Information Technology Operational and Cyber Security Assessments in accordance with industry frameworks, such as COBIT 5, ISO 27001, ISO 27005, and NIST SP 800-30 and Cybersecurity Framework
HIPAA Security Rule and HITECH Act Compliance
Cloud Security Compliance
Assisting clients with the performance of Business Impact Analyses (BIAs) along with the development of business continuity and disaster recovery plans (BCPs and DRPs);
Assisting organizations with all aspects of data breach and information security Incident Response preparation and management
Performing Service Organization Control Examinations in accordance with AICPA requirements (SOC 1 SSAE 16, SOC 2 AT 101, SOC 3 AT 101)
Providing data classification services
Developing information technology and security policies and procedures
Providing trusted advisory services and guidance to clients that will reduce organizational risk and improve their overall cyber security posture
Preparing reports and other deliverables that contain strategy, technical analysis, and findings in connection with our advisory and assessment engagements and communicating those results to client management
Excellent technical and interpersonal skills required.
Experience with Qualys / Nessus Vulnerability scanning tools.
Cloud Experience a plus
EXPERIENCE, QUALIFICATION AND EDUCATION
Minimum of 5 of experience with Enterprise Network, DMZ, and Security infrastructure, including design, implementation, and ongoing management and troubleshooting required.
Minimum of 5 years' experience in designing, developing, implementing, and managing solutions across cybersecurity domains (Cyber Defense, Threat and Vulnerability Management. Advanced Security Analytics, Data Security, Identity Management, Security Operations and Managed Security Services etc.)
Three years or more of professional experience or job-related experience in Information Security, or Information Technology
Extensive knowledge and skill of IT analysis which includes expertise in analyzing confidentiality, integrity, availability of complex IT systems.
Familiarity with Secure Software Development practices
Hands On experience with various programming languages or scripting languages and tools.
Effective oral and written communication skills.
Strong interpersonal skills and demonstrable leadership ability.
Certifications in one or more of the following: CISSP, CWSP, CCNP, ACE, CCNP Security, Security+, or related.
Familiarity with various operating system platforms (Linux, Windows) and databases security best practices for each.