Jacobs Information Systems Auditor – Intermediate in Scott AFB, Illinois
Critical Mission Solutions
Your mission is our mission.
We're invested in you and your success. Everything we do - whether Aerospace, Defense, Intelligence, Information Technology, Cybersecurity, Nuclear, Automotive, or Telecommunications - is more than just a project. It's our challenge as human beings, too. That's why we bring a thoughtful and collaborative approach to every one of our partnerships.
It's our promise to challenge the status quo as we redefine how to solve the world's greatest challenges, and transform big ideas into intelligent solutions for a more connected, sustainable world.
Design your career with a company that inspires and empowers you to deliver your best work so you can evolve, grow and succeed –today and into tomorrow.
Jacobs is seeking a qualified Information Security Auditor – Intermediate professional to support the IT Service Management (ITSM) contract at Scott AFB, IL. Jacobs provides information technology solutions and services to a broad range of both Government and private industry, including Department of Defense, Federal Civilian agencies, healthcare, education, and small/medium business market. Our analysts, engineers, and technicians are highly trained, qualified subject matter experts, understanding each segments specialized business processes, requirements, and functions. Combined with an extensive IT background, Information Solutions Group's enhanced IT services enable our clients to analyze existing business processes, identify process improvements, evaluate associated risks, and develop operational solutions.
The Information Systems Auditor audits moderately complex new and existing information systems applications to ensure that appropriate controls exist, that processing is efficient and accurate, and that systems and procedures are following corporate standards. Competent to work on most phases of information systems auditing with little to no oversight.
Responsibilities include, but are not limited to:
Conduct an overall enterprise vulnerability management program as part of the overall risk management program for United States Transportation Command (USTRANSCOM);
Develop the procedures for and perform security audits of information systems to validate the system is compliant with security guidelines, build guides, checklist and STIG guidance and security alerts;
Analyze potential vulnerabilities and required mitigations as needed to protect and defend the USTRANSCOM information systems;
Assess the security procedures, measure effectiveness of the total system security and make mitigation recommendations based on the assessments and audits;
Prepare reports that detail compliance and non-compliance findings with remediation recommendations for non-compliant findings; revalidate systems compliance after system administrator’s remediation, and prepare final audit report;
Perform special security audits at the Government’s request to assess specific risk conditions or concerns, and will typically involve scanning and on-system measurements of the compliance status of the system;
Manage Information Assurance Vulnerability Management (IAVM) program to include track, distribute and report IAVM compliance and trend data; and update United States Cyber Command (USCYBERCOM) on IAVM status; prepare IAVM reports and trend analyses; and prepare and process POA&Ms;
Monitor government and private sector vulnerability databases and sources to identify vulnerabilities not released through the IAVM program;
Create, update maintain Remedy tickets for the overall Information Systems Security Engineering process and follow tasks for Security Evaluation of new and existing technologies.
Employ a vulnerability alert process to notify personnel to the presence of vulnerabilities affecting systems and networks; and ensure the Chief Information Security Office (CISO) and the Chief Information Officer (CIO) are aware of the vulnerabilities along with the appropriate mitigation methods.
Here’s What You’ll Need:
This position requires a Bachelor’s degree with 5 years of experience or a total of 8 years of related experience. A DoDI 8570 IAT Level II certification is required, and the ability to obtain Certified Ethical Hacker or equivalent certification within 6 months. The minimum of a Secret level DoD Security Clearance is required.
Requires sitting for extended periods of time at a desk (90%). Requires sitting at a computer terminal for long periods of time (90%). There is a possibility that due to parking availability and location of work area walking moderate to long distances can sometimes be required.
Inside office/cubicle environment. Requires ability to interact professionally with co-workers and all levels of management (100%).
Equipment and Machines
Requires ability to operate a personal computer, a telephone, copier, and other general office equipment (100%). Ability to conduct evaluation of third and fourth generation or current state of the art computer hardware and software and its ability to support specific requirements, interfacing with other equipment and systems.
Attendance is critical. Work hours are normally 8 hours per day and 5 days per week, Monday through Friday. Being prompt is important to provide continuous and on-going service to customers. Attendance is important to maintain continuity of service. Work outside of normal duty hours may be required with as little as one-hour advance notice. Overtime is infrequent, but important when required (1%).
Other Essential Functions
Must be able to communicate effectively, both verbally and in writing. Must be able to interface with individuals at all levels of the organization. Must be able to obtain unescorted access to work areas. Grooming and dress must be appropriate for the position and must not impose a safety risk/hazard to the employee or others.
A DoD IAT Level II baseline certification is required. Current list of approved certifications can be found at https://iase.disa.mil/iawip/Pages/iabaseline.aspx .
Familiarity with DoD RMF tool eMass is required.
The minimum of a Secret level DoD Security Clearance is required.
Knowledge of Nessus Vulnerability Scanner / Vulnerability Managment.
Jacobs is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, religion, creed, color, national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, medical condition, marital or domestic partner status, sexual orientation, gender, gender identity, gender expression and transgender status, mental disability or physical disability, genetic information, military or veteran status, citizenship, low-income status or any other status or characteristic protected by applicable law. Learn more about your rights under Federal EEO laws (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) and supplemental language. (https://www.eeoc.gov/sites/default/files/migrated_files/employers/eeoc_gina_supplement.pdf)
At Jacobs, we’re challenging today to reinvent tomorrow by solving the world’s most critical problems for thriving cities, resilient environments, mission-critical outcomes, operational advancement, scientific discovery and cutting-edge manufacturing, turning abstract ideas into realities that transform the world for good. With $13 billion in revenue and a talent force of more than 55,000, Jacobs provides a full spectrum of professional services including consulting, technical, scientific and project delivery for the government and private sector.