The Cyber Security Audit Engineer will manage a variety of technical security auditing capabilities, including a holistic auditing approach of applications, databases, servers, networking devices, and software. Responsible for demonstrating skills in assessing IT process and technology risks, identifying and evaluating the design of IT controls, designing, executing and documenting IT audit tests, and making initial determination of reportable issues. Assist with HIPAA / HITECH assessments, and data breach preparedness. Will work in close coordination with team members and other business owner’s partners to carry our customer requirements.
ROLES and RESPONSIBILITIES:
- Design, build, implement and monitor a holistic audit program across the enterprise.
- Develop understanding of appropriate business aspects, IT risks, IT control requirements, processes and systems under review.
- Perform process and technology risk analysis with a cybersecurity mindset and focus, prepare process maps and flowcharts, prepare effective and efficient compliance and substantive technical approach; and execute in depth IT audit review.
- Perform assessment of IT process and security controls within information systems environment.
- Evaluate test results: accurately identify symptoms, root cause, problems, identify alternative controls and develop recommendations.
- Perform audit reviews of technology such as applications, databases, servers, networking devices (i.e., firewalls and routers), and security tools such as IDS/IPS, anti-malware, and authentication systems (e.g., Active Directory).
- Performing technology assessments in a wide variety of business environments, including:
- Information Technology Operational and Cyber Security Assessments in accordance with industry frameworks, such as COBIT 5, ISO 27001, ISO 27005, and NIST SP 800-30 and Cybersecurity Framework
- HIPAA Security Rule and HITECH Act Compliance
- Cloud Security Compliance
- Assisting clients with the performance of Business Impact Analyses (BIAs) along with the development of business continuity and disaster recovery plans (BCPs and DRPs);
- Assisting organizations with all aspects of data breach and information security Incident Response preparation and management
- Performing Service Organization Control Examinations in accordance with AICPA requirements (SOC 1 SSAE 16, SOC 2 AT 101, SOC 3 AT 101)
- Providing data classification services
- Developing information technology and security policies and procedures
- Providing trusted advisory services and guidance to clients that will reduce organizational risk and improve their overall cyber security posture
- Preparing reports and other deliverables that contain strategy, technical analysis, and findings in connection with our advisory and assessment engagements and communicating those results to client management
- Excellent technical and interpersonal skills required.
- Experience with Qualys / Nessus Vulnerability scanning tools.
- Cloud Experience a plus
EXPERIENCE, QUALIFICATION AND EDUCATION
- Minimum of 5 of experience with Enterprise Network, DMZ, and Security infrastructure, including design, implementation, and ongoing management and troubleshooting required.
- Minimum of 5 years’ experience in designing, developing, implementing, and managing solutions across cybersecurity domains (Cyber Defense, Threat and Vulnerability Management. Advanced Security Analytics, Data Security, Identity Management, Security Operations and Managed Security Services etc.)
- Three years or more of professional experience or job-related experience in Information Security, or Information Technology
- Extensive knowledge and skill of IT analysis which includes expertise in analyzing confidentiality, integrity, availability of complex IT systems.
- Familiarity with Secure Software Development practices
- Hands On experience with various programming languages or scripting languages and tools.
- Effective oral and written communication skills.
- Strong interpersonal skills and demonstrable leadership ability.
- Certifications in one or more of the following: CISSP, CWSP, CCNP, ACE, CCNP Security, Security+, or related.
- Familiarity with various operating system platforms (Linux, Windows) and databases security best practices for each.
- Strong analytical and problem-solving ability.
- Ability to work independently.