Employer Active
- USA
Not Disclosed
Salary Not Disclosed
1 Vacancy
Cyber Security MCS IT Security Auditor
The State of Michigan is looking for IT Security Auditor
Please note screening questions (attached) which are required to be submitted along with bid documents
Top Skills & Years of Experience
years of total IT related experience and ability to work seamlessly with the team as well as be selfmotivated to work independently
years implementing/utilizing Federal Industry and OpenSource Security Guidance and Secure Coding Practices
years with both compiled and interpreted languages such as Angular React Nodejs Java Spring Boot IBM WebSphere App server Oracle JBoss NET stacks
years with networking infrastructure secure application development and security automation (DevSecOps)
years of handson knowledge building and deploying secure complex distributed web and mobile applications
Must be a United States Citizen/GC Holder and ability to pass a CJIS background check
Will close submissions on / at am EST
Interview Process Virtual Interview via MS Teams video Please use laptop and be prepared so share screen if asked Use of headphones is strongly discouraged A screenshot photo of candidate will be required for any Teams interviews as well as a vendor present at beginning of interview to validate candidate
Duration year with possible extension
Remote or Onsite Candidates must be currently local within a commutable distance no more than hours Manager is not interested in candidates who would need to relocate to accept the role Position will be hybrid in office days a week upon start
Full Job Description Attached Please note screening questions (also attached) which are required to be submitted along with bid documents
IT Security Auditor Job Description
Short Job Description
Senior Full Stack Security Auditor who is passionate about designing and building secure platforms and applications The ideal candidate will feel comfortable working with both frontend and backend application developers as well as building automating and securing onpremises and cloudbased applications Partnering with distributed teams to help transform the way systems are built secured authorized and securely operated for continuous compliance and risk mitigation Specifically this candidate will help lead efforts to implement security patterns and practices with orchestration and automation tools that automate the secure configuration verification compliance and authorization of systems They will be a key member of a team tasked with maturing the organizations software development and security practices
Long Job Description
Functional Knowledge
Long Job Description
Functional Knowledge
Chrome/Firefox/Edge Development tools to see the request/response headers
Familiarity with Security scanning tools (SAST DAST SCA ASOC Container/Cloud)
Experience with Coverity BlackDuck CodeDX Fortify a plus
HTTP Request/Response headers for web and Restful API calls
Ability to explain in detail any of the OWASP top vulnerabilities
Cross Site Scripting Injection attacks SSRF CSRF XML entity etc
API Security
JWT
OAUTH/OIDC/PKCE
Web API replay attacks
Highlevel understanding of containers
Cloud development experience (Azure AWS GCP)
Minimum of years of total IT related experience
years implementing/utilizing Federal Industry and OpenSource Security Guidance and Secure Coding Practices (OWASP Top SANS CERT CWE Top Critical Security Controls Cloud Security Alliance SafeCode etc)
years with both compiled and interpreted languages such as Angular React Nodejs Java Spring Boot IBM WebSphere App server Oracle JBoss NET Stacks
years with networking infrastructure secure application development and security automation (DevSecOps)
years of handson knowledge building and deploying secure complex distributed web and mobile applications
United States Citizen and ability to pass a CJIS background check
Full Time