CSfC Information Systems Security Technical Auditor

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field, or equivalent experience.
• 5–10+ years of experience in cybersecurity engineering, security assessment, or related roles.
• Demonstrated experience assessing technical security controls in complex system environments.
• Strong understanding of: Encryption technologies including IPsec, VPNs, and certificates Network engineering fundamentals (routing, switching, VLANs) RMF lifecycle, NSA CSfC architecture, and CDS concepts
• Familiarity with CSfC-approved components such as firewalls, VPN gateways, and cross-domain solutions.
• Experience supporting NIST RMF and NIST SP 800-53 Rev. 5 implementations.
• Experience developing or supporting A&A documentation and/or NSA CSfC registration packages.
• Must meet applicable DoD 8140 requirements for cybersecurity roles.
• Active Secret clearance required; Top Secret / SCI preferred.
• Strong communication skills with both technical and non-technical audiences.
• Ability to clearly document complex systems and assessment results.
• Analytical thinker with strong problem-solving abilities.
• Comfortable working in fast-paced, high-security environments
• US Citizenship Required: Yes

Nice To Haves

• Experience aligned with IAM Level II or IAT Level II roles.
• DoD 8570/8140 baseline certification (e.g., CISSP, CASP+, CCSP), or ability to obtain within a defined timeframe.
• Prior experience supporting or assessing NSA-approved CSfC solutions.
• Working understanding of technologies such as: Cisco routing, switching, and firewalls Palo Alto firewalls Juniper routing Aruba networking SIEM solutions (PacStar IQ Core preferred) Certificate Authority (CA) solutions Virtual Desktop Infrastructure (VDI) architectures Tenable Nessus (ACAS)

Responsibilities

• Systems Security Assessment Conduct technical security assessments as part of the RMF lifecycle, with emphasis on control implementation and effectiveness.
• Review CSfC solution architectures, enclave boundaries, and data flows to support assessment activities and risk determinations.
• Identify, prioritize, and track vulnerability scan findings from an assessment and reporting perspective.
• Review Security Technical Implementation Guides (STIGs) for compliance and assessment purposes.
• Review Security Information and Event Management (SIEM) solutions to validate appropriate logging, alerting, and monitoring capabilities.
• Documentation & Accreditation Develop, review, and maintain security documentation including: eMASS authorization packages NSA CSfC Registration packages Cross-Domain Solution (CDS) Assessment & Authorization (A&A) packages Document and track Plans of Actions and Milestones (POA&M) findings.
• Compliance & Risk Management Assess system compliance with applicable policies and frameworks, including: CSfC Capability Packages (Mobile Access and Multi-Site Connectivity) NIST SP 800-53 Rev. 5 security controls Air Force and USAFE-specific cybersecurity policies Conduct security reviews for proposed product substitutions, upgrades, or configuration changes to assess security impact and risk.
• Security Leadership Provide technical assessment guidance to engineers, Authorizing Officials (or their designated representatives), and other stakeholders.
• Interface with NSA CSfC, CDS-E, and AO personnel as required to support assessment and authorization activities.

Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.
• We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.