Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy; measures effectiveness of defense- in-depth architecture against known vulnerabilities; analyzes cyber defense policies and configurations and evaluates compliance with regulations and organizational directives; conducts and/or supports authorized penetration testing on enterprise network assets; maintains knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing; prepares audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions; performs technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications); makes recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).

Education: Bachelor’s Degree in Computer Information or Information Technology, Cybersecurity or Information Assurance or equivalent work experience of 5 or more years. 

Certifications: GIAC Systems and Network Auditor (GSNA), GIAC Critical Controls Certification (GCCC)