FTI is in search of a Cybersecurity Auditor to join our team in Moorestown, NJ.

As a Cyber Auditor, you will be responsible for planning, conducting, and reporting on comprehensive audits of the Navy AEGIS information systems, networks, applications, and cybersecurity programs to ensure compliance with applicable laws, regulations, policies, and best practices. You will evaluate the effectiveness of security controls, identify vulnerabilities, and recommend corrective actions to mitigate risks. 

Audit Planning and Execution:

• Develop risk-based audit plans and programs aligned with organizational objectives and cybersecurity frameworks (e.g., NIST Cybersecurity Framework, Risk Management Framework (RMF), FedRAMP).
• Conduct comprehensive audits of information systems, networks, applications, and databases, utilizing a variety of audit techniques (e.g., vulnerability scanning, penetration testing oversight, control testing, data analysis, interviews, and observation).
• Evaluate the design and effectiveness of security controls, including access controls, configuration management, incident response, data protection, and vulnerability management.
• Assess compliance with applicable laws, regulations, policies, and standards, such as FISMA, DoD regulations, and Navy cybersecurity policies.

Vulnerability Assessment and Risk Management:

• Identify and assess cybersecurity vulnerabilities and risks, using industry-standard methodologies and tools, such as Splunk
• Evaluate the effectiveness of risk mitigation strategies and recommend improvements.
• Analyze audit findings to identify systemic weaknesses and trends in cybersecurity posture.
• Conduct vulnerability assessments of networks, servers, databases, and web applications.

Reporting and Communication:

• Prepare clear, concise, and objective audit reports that document findings, conclusions, and recommendations.
• Communicate audit results to management and stakeholders, both orally and in writing.
• Track and follow up on the implementation of corrective actions.
• Provide technical expertise and guidance to management on cybersecurity best practices and compliance requirements.
• Brief leadership on audit findings and recommendations.

Continuous Improvement:

• Stay abreast of emerging cybersecurity threats, vulnerabilities, and technologies.
• Continuously improve audit methodologies and techniques to enhance effectiveness.
• Participate in professional development activities to maintain and enhance technical skills and certifications.
• Support the development and maintenance of cybersecurity policies, standards, and procedures.

Mandatory Technical Qualifications (MTQs):

• Knowledge of cybersecurity principles, practices, and technologies.
• Experience in conducting IT audits, security assessments, and vulnerability assessments.
• Experience with security audit tools and techniques (e.g., vulnerability scanners, penetration testing tools, security information and event management (SIEM) systems).
• Demonstrated ability to analyze complex technical issues and communicate findings effectively.

• Department of Defense (DoD) Directive 8570.01-M Information Assurance Technical (IAT) Level II certification, such as CCNA, GSEC, Security+ CE, or SSCP.
• 4+ years of experience within the MTQs
• Active Secret security clearance.

Preferred Qualifications:

• 5+ years of experience within the MTQs
• Bachelor's degree in computer science, information systems, cybersecurity, or a related field OR equivalent experience.
• Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or similar.
• Experience working with DoD or other government agencies.
• Familiarity with Navy IT systems and cybersecurity policies.