Technology Audit position at Verizon

fullcrowmoon

Verizon is looking for people with good technical skills in the areas of IT operations or applications reviews, network operations or security audits, SSAE16 or PCI compliance, and/or ERP security and controls review. This is a Technology Audit position - you bring the skills and we'll teach you how to audit. It's actually a lot of fun! I'm totally serious about this!Technology Auditor - Ashburn, Virginia - Verizon Careers

https://www.linkedin.com/in/lauraeilers

NetworkNewb

fullcrowmoon wrote: »

It's actually a lot of fun!

riiiiiiiiiight....

fullcrowmoon

Ok, yes, I miss getting down in the dirt and fixing things myself, but when you audit and find all the hinky stuff they're trying to hide from you because you're a chick and they think you're stupid and then you catch them and are like HA! then it's extremely satisfying. Just sayin'.

ITSpectre

:d

beads

Fullcrowmoon;

I enjoyed my time in audit and learned so much about the business side of the house doing it - I have no regrets there. Only made me a better blue team person in the long run.

And yes, end-users, especially server administrators, make sport of lying to auditors. Developers are a close second. Oddly, the most honest? Infrastructure. End users are like shoes... all different shapes and sizes but still shoes.

- b/eads

fullcrowmoon

beads wrote: »

Fullcrowmoon;

I enjoyed my time in audit and learned so much about the business side of the house doing it - I have no regrets there. Only made me a better blue team person in the long run.

And yes, end-users, especially server administrators, make sport of lying to auditors. Developers are a close second. Oddly, the most honest? Infrastructure. End users are like shoes... all different shapes and sizes but still shoes.

- b/eads

Honestly I'm not that vicious. I don't like being lied to directly to my face though!

Raystafarian

You don't seem to be using auditor interviewing techniques very well. Always act dumb about the system. Get them to break it down as far as possible. Get them to explain what you know, have them do it and watch. Lead them to tell you what the problems are. Then lead them to a solution - have them come up with it, give them credit. Now you have your finding, response and buy-in.

Cyber_space

fullcrowmoon wrote: »

Verizon is looking for people with good technical skills in the areas of IT operations or applications reviews, network operations or security audits, SSAE16 or PCI compliance, and/or ERP security and controls review. This is a Technology Audit position - you bring the skills and we'll teach you how to audit. It's actually a lot of fun! I'm totally serious about this!Technology Auditor - Ashburn, Virginia - Verizon Careers

https://www.linkedin.com/in/lauraeilers

Are the roles only in Va?

fullcrowmoon

The listing should have other sites on it as well.

Cyber_space

fullcrowmoon wrote: »

The listing should have other sites on it as well.

I didn't see any.

UnixGuy

I can't apply because I'm not in the US. But how do you guys get into audit? They ask me for experience in things like ISO and whatnot, stuff I have never dealt with directly.

fullcrowmoon

UnixGuy wrote: »

I can't apply because I'm not in the US. But how do you guys get into audit? They ask me for experience in things like ISO and whatnot, stuff I have never dealt with directly.

I got into it by accident, really. I've been in operations my whole career - UNIX admin, running a NOC, network planning, things like that. Then I got picked up by my company's audit organization because they had figured out that it's easier to take someone who already has the technical skills and teach them how to audit, rather than take an auditor and teach them technical skills. I've been with the company for 16 years, so it was more a case of networking than anything, I think.

If they're asking you for ISO stuff, though, I'd try saying something like that - that you've got the hard skills and can learn the soft ones.

fullcrowmoon

Raystafarian wrote: »

You don't seem to be using auditor interviewing techniques very well. Always act dumb about the system. Get them to break it down as far as possible. Get them to explain what you know, have them do it and watch. Lead them to tell you what the problems are. Then lead them to a solution - have them come up with it, give them credit. Now you have your finding, response and buy-in.

You're basing that on a single throw-away comment of mine, that, yes, gave a bad impression if you were taking it 100% seriously and not as the joke it was intended to be. I can understand how you got that impression.