Security Auditor

The Security Auditor, serving as Compliance Lead, is responsible for performing independent assessments of management, operational, and technical security controls in the CASTLE-NET IT environment. This role conducts security reviews and risk analyses to identify weaknesses in security architecture, recommends mitigation measures, monitors and evaluates systems for compliance with IT security requirements, and ensures resilience and dependability standards are maintained across the infrastructure.

• Conduct independent security assessments of management, operational, and technical controls
• Perform comprehensive security reviews and risk analyses across IT systems and infrastructure
• Identify security weaknesses and gaps in security architecture and controls
• Recommend evidence-based mitigation measures and control enhancements
• Monitor IT systems and infrastructure to ensure compliance with security requirements and standards
• Utilize vulnerability assessment tools to identify system weaknesses and attack vectors
• Conduct security testing including penetration testing and configuration compliance checks
• Evaluate system resilience, dependability, and recovery capabilities
• Document security assessment findings in comprehensive reports with risk ratings
• Verify implementation of corrective actions and remediation measures
• Provide expert guidance on security control selection and implementation
• Maintain current knowledge of security frameworks, standards, and best practices

• Bachelor's degree in IT, Computer Science, or related field (or equivalent work experience)
• 8+ years of relevant experience as a Security Control Assessor, Security Auditor, or related role
• Excellent understanding of cybersecurity principles, risk management frameworks, and IT security methodologies
• Expert knowledge of vulnerability assessment tools and security testing methodologies
• Strong problem-solving, analytical, communication, and interpersonal skills
• Ability to manage multiple security assessments effectively and collaboratively
• Experience developing detailed security assessment reports with risk analysis and recommendations

• CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) certification
• Certified Authorization Professional (CAP) certification from (ISC)²
• Familiarity with USACE IT environment and federal security standards
• Knowledge of NIST SP 800-53 security controls and assessment frameworks
• Experience with security assessment tools (Qualys, Tenable, OpenVAS)
• Background in federal IT security compliance and accreditation processes
• Experience with continuous monitoring and security control assessment methodologies

• Security Assessment & Control Testing
• Vulnerability Assessment & Analysis
• Risk Analysis & Reporting
• Cybersecurity Frameworks & Standards
• Security Architecture Review

• Penetration Testing & Ethical Hacking
• NIST SP 800-53 Controls Knowledge
• Compliance Risk Management
• Security Assessment Tools (Qualys, Tenable)
• Federal Security Standards (FISMA, FedRAMP)

Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract‑specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.

$122,

The physical requirements described in "Knowledge,

Skills and Abilities

" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties" or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

The preceding job description has been designed…