Cybersecurity CND-SP Audit Inspector - TS/SCI required

Clearance Level
Top Secret/SCI
Information Security
Fort Bragg, North Carolina

REQ#: RQ91784

Travel Required: Less than 10%
Public Trust: None
Requisition Type: Regular

GDIT is seeking candidates to support the US Army Intelligence and Security Command (INSCOM). Under the I2TS 3 task order, INSCOM ensures reliable, uninterrupted availability of Command, Control, Communications, Computers, and Information Management (C4IM) including: networks, hardware, software, engineering, and specialized tools at the point of customer need to support INSCOMs mission. INSCOM and its MSCs provide the enabling layer to connect the Army and its tactical formations to defense and national intelligence agencies via tactical networks. The ability to provide mission critical intelligence is dependent on the successful use of its information technology (IT) networks worldwide.

Principal Duties and Responsibilities:

An I2TS 3 Cybersecurity-Computer Network Defense Service Provider (CND-SP) Auditor-Inspector will:


  • Registering new systems in eMASS.

  • Assisting in or completely performing Steps 1 through 6 of the RMF process for assigned system.

  • Performing initial on-site self-assessments for assigned systems.

  • Produce risk assessment reports for non-mitigated findings.

  • Draft, update, or coordinate the changes to security control documentation.  

  • Run ACAS vulnerability & compliance scans based on system’s hardware/software list.

  • Build, maintain, and track the mitigation of discovered security flaws utilizing POAM. 

  • Brief leadership on system security posture and recommend solutions to maintain an acceptable level of risk.

  • Obtain ATOs for assigned IS and maintain the ATO over the course of the systems lifecycle.

  • Implement continuous monitoring strategy and assist in maturing continuous monitoring processes.

  • Act as a secondary (back-up) auditor for all systems not primarily assigned to you.


  • Perform Computer Security Incident Response activities for a large organization, coordinate with other government agencies to record and report incidents

  • Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information

  • Communicate alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems

  • IAVM/OPORD Tracking & Reporting for assigned system (Daily).

  • Weekly Scan Results Review: Reviewing scan results for accuracy (Daily/Weekly).

  • Credential check-validations for all managed devices for all new scans.

  • Investigate and troubleshoot any credential issues, failed scans, etc. Escalate ACAS administrative level problems to appropriate administrator.

  • Review and analyze vulnerability scan results (Daily/Weekly).

  • Identify all vulnerabilities that are past their allowed mitigation dates

  • Create and assign trouble tickets for outstanding vulnerabilities, assign to appropriate personnel for mitigation. Ex. (Workstations-Tier 2, Servers Tier-3 etc).

  • Utilize all available tools such as ACAS, SCCM, and Active Directory to determine cause and provide info to mitigation personnel.

  • Run remediation scans for “mitigated” assets.

  • Run SCAP scans on assigned system’s hardware/software list.  Frequency should align with STIG release dates, and site implementation (quarterly).

  • Coordinate with system owners (systems, network teams) on STIG implementation and reporting.

  • Maintain system POAM (As needed). This includes:

  • Adding open findings that cannot be mitigated with patch/configuration. Scheduling appropriate milestone dates and coordinating the mitigation. This encompasses drafting waivers/exception requests, tracking change requests/implementation, and uploading POAM mitigation artifacts to the package body of evidence.

  • Requesting milestone extension for mitigations that require additional time for implementation.

  • Manage asset list for assigned system (eMASS, ATO Portal).

  • Upload new, updated CKL files for each asset when required.

  • Security Control Documentation Review:

  • Security control documentation must be reviewed and updated on an annual basis.

  • Draft, update, coordinate, and provide recommendations to changes of security control documentation.

  • Acquire and maintain access to require security tools to include eMASS, ACAS, Splunk, SCCM, SCC, STIG Viewer, & Vulnerator. 

  • Update bi-weekly stakeholder’s brief slides:

  • Be able to speak on and possibly brief the data being presented on slides to stakeholders.

  • Provide recommendations for improvements to presentation.

  • Continuous Monitoring Metrics Maturation (Daily):

  • Monitor status of security controls and their thresholds.

  • Provide ongoing observation, assessment, analysis, and diagnosis of continuous monitoring processes.

  • Drive remediation actions to meet the overall continuous monitoring targets.

  • Stay up-to-date on publications/policy directly related to ICD 503/RMF. (Ex. NIST SP 800-37, 800-53, 800-53a, 800-60, 800-137, CNSSI 1253, FIPS 199/200).

Desirable Skills / Experience:

  • 3-4 years of processing system accreditation packages in eMASS.

  • 3-4 years of vulnerability/compliance scanning experience utilizing ACAS.

  • Possess working knowledge of Assessment and Authorization practices within DoDI8510.01, ICD 503, CNSSI 1253, and the Risk Management Framework (RMF).

  • Strong analytical, organizational and administrative skills.

  • Knowledge of data security administration principles, methods, and techniques.

  • Strong familiarity with domain structures, user authentication, and digital signatures.

  • In-depth understanding of DHS/DoD policies and procedures, including CJCSM 6510.01 B, NIST 800-53, and other applicable policies.

  • 1-2 years of Splunk Log Analysis/Management and remediation strategies.

  • Strong briefing skills, ability to communicate technical subjects to non-technical individuals/groups.


  • DoD 8570.01-M IAT or IAM Level II Computing Environment (CE) Certification as determined by the Program Manager is required prior to support on contract

  • Required Security Environment Certification: CompTIA Security+ CE or equivalent

  • Computer Environment Certification: CEH, CySA+, GICSP, SSCP

Security Clearance:

  • TS/SCI required


  • Candidates must be willing and able to attain a CI Polygraph for certain positions as determined by the contract

High School Diploma/GED with 10 years of related experience, or Associates Degree with 8 years of experience, or Bachelors Degree with 6 years of experience, or Masters Degree with 4 years of experience



We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.