INFORMATION TECHNOLOGY SPECIALIST (INFOSEC) (Title 5) with Security Clearance

---

Job description

Duties GS-11 DUTIES: 1. Serves as the Computer Security (COMPUSEC) Manager. Protects and maintains the availability, integrity, confidentiality, and accountability of information system resources and information processed throughout the system's life cycle. Establishes and publishes squadron policy to manage the COMPUSEC program. Disseminates information and ensures computer security practices are adhered to by all functional areas in-garrison and in support of deployed war-fighting personnel. Reviews, analyzes, and validates certification and accreditation packages. Continuously identifies and analyzes threats and vulnerabilities to the information systems to maintain an appropriate level of protection. Ensures computer software designs address information system security requirements. Accomplishes risk analysis, security testing, and certification due to modifications or changes to computer systems. Evaluates, assesses, or locally tests and approves all hardware, software, and firmware products that provide security features prior to use on any accredited information system or network. Certifies all software prior to installation and use on communications and computer systems. Executes computer security plans and enforces mandatory access control techniques such as trusted routers, bastion hosts, gateways, firewalls, or other methods of information systems protection. 2. Manages the Information Assurance Program. Implements procedures to ensure protection of information transmitted to the squadron, among units in the squadron, and from the squadron units using local or wide area networks, the worldwide web or other communications modes. Utilizes current and future multi-level security products collectively to provide data integrity, confidentiality, authentication, non-repudiation, and access control of the Local Area Network (LAN). Reports to Major Command (MAJCOM), Air Force Communications Agency (AFCA), National Security Agency (NSA), and Air Force Computer Emergency Response Team (AFCERT) all incidents involving viruses, tampering, or unauthorized system entry. Controls access to prevent unauthorized persons from using network facilities. Limits access to privileged programs (i.e., operating system, system parameter and configuration files, and databases), utilities, and security-relevant programs/data files to authorized personnel. Implements methods to prevent or minimize direct access, electronic or other forms of eavesdropping, interpreting electro-mechanical emanations, electronic intercept, telemetry interpretation, and other techniques designed to gain unauthorized access to Automated Data Processing (ADP) information, equipment, or processes. Recognizes such potential and defines vulnerabilities and oversees the installation of physical and technical security barriers to prevent others from improperly obtaining such information. 3. Serves as the Communications Security (COMSEC) Manager for all cryptographic activities including managing the Cryptographic Access Program (CAP). Formulates and develops communications security criteria and requirements for inclusion in mobility, contingency, and exercise plans. Maintains accountability for sensitive cryptographic materials and related COMSEC information. Oversees issuance of COMSEC materials. Maintains COMSEC inventory on the Computerized Management of COMSEC Material (CM2) database. Prepares and evaluates written plans for emergency actions and ensures personnel are fully qualified in the execution of plans. Investigates security incidents to determine the possibility of compromise to COMSEC materials and ensures documentation and reporting to appropriate channels. Performs destruction, receiving, issuing, and inspecting COMSEC material within the most stringent timelines. Furnishes written guidance to user accounts concurring effective dates, accounting procedures, destruction requirements, and physical security of COMSEC keying materials. Performs semi-annual functional reviews of all COMSEC user accounts, physically inspecting the user's COMSEC facilities, reviewing procedures, and audit of all cryptographic holdings. As required, manages the Certification Authority Workstation. Administers the CAP by conducting briefings prior to granting access to cryptographic information. Documents cryptographic access certificates and acts as liaison for scheduling polygraph examinations of personnel enrolled in the program. DUTIES CONTINUED UNDER EDUCATION Requirements Conditions of Employment Federal employment suitability as determined by a background investigation. May be required to successfully complete a probationary period. Participation in direct deposit is mandatory. Information Assurance Certification is a condition of employment. Per DoD 8570.01-M, the incumbent must achieve the appropriate IAM Level II certification within 12 months of assignment of these duties. Must be able to obtain/maintain appropriate security clearance Qualifications GENERAL EXPERIENCE: Experience, education, and/or training that has provided a basic knowledge of data processing functions and general management principles that enabled the applicant to understand the stages required to automate a work process. Experience may have been gained in work such as computer operator or assistant, computer sales representative, program analyst, or other positions that required the use or adaptation of computer programs and systems SPECIALIZED EXPERIENCE (GS-11) : 1-year specialized experience equivalent to at least the next lower grade. In addition to the OPM IORs (Alternative A) specialized experience examples, specialized experience includes experience, education, or training that approaches techniques and requirements appropriate to an assigned computer applications area or computer specialty area in an organization. Experience planning the sequence of actions necessary to accomplish the assignment where this entailed coordination with others outside the organizational unit and development of project controls. Experience that required adaptations of guidelines or precedents to meet the needs of the assignment. Experience preparing documentation on cost/benefit studies where is involved summarizing the material and organizing it in a logical fashion. SPECIALIZED EXPERIENCE (GS-12) : 1-year specialized experience equivalent to at least the next lower grade. Education GS-11 DUTIES CONTINUED: 4. Implements and manages the Air Force Electronic Key Management System program. This includes system configuration and operation of the Local Management Device, Data Transfer Device, and Key Processor. Initializes the system, performs system backups, determines operator access, and control functions (privilege management), reloads and configures the operating system's parameters. Installs or oversees installation of local COMSEC account hardware and software, including training alternates in the AFEKMS operations. Serves as secure telecommunications units/elements (STU-III) representative and Emissions Security Program (EMSEC) administrator. Develops, implements, and monitors security systems for the protection of controlled cryptographic cards, documents, ciphers, devices, communications centers, and equipment. Validates strapping and configuration options of cryptographic units. 5. Provides technical training and instruction on Computer Security Awareness Training and Education (SATE) program procedures to supervisors, employees, and/or unit security representatives. Utilizes computer-based training for both initial and recurring information protection training. Conveys the degree of reliance on information systems, the potential consequences arising from the lack of secure information systems, the organization's commitment to secure information systems, and the means by which users can protect information systems. Conducts annual COMSEC training for squadron COMSEC users. Uses a wide variety of formal training materials, such as outlines, handouts, publications, films, exhibits, protective devices, and visual aids to provide and/or reinforce information related to communications-computer systems security awareness practices. Promotes security campaigns through oral presentations at local security committee meetings; and extracts, compiles, and prepares security articles, bulletins, and pamphlets for local use by squadron personnel. Maintains required course records. 6. Assists unit personnel with duties involving a wide range of communications and information systems and telecommunications programs consisting of tactical communications equipment, LAN systems, information resource management, and information protection programs. 7. Performs other duties as assigned GS-12 DUTIES: 1. Performs as the Team Technical Lead during vulnerability assessments of DoD information systems. Utilizes knowledge of systems security principles and concepts, of new Information Technology (IT) security developments, and of the infrastructure protection environment to select appropriate tools to be used by team members. Establishes methodology, and determines best techniques to penetrate computer systems and exploit information within these systems. Directs the team during actual assessments to find vulnerabilities due to improper configurations, missing or improperly applied patches, or procedural errors. Provides assistance to owners of assessed systems by providing recommendations pertaining to implementing security programs designed to anticipate, assess, and minimize system vulnerabilities, to correct deficiencies discovered, and to apply new IT security concepts. Briefs commanders and network administrators on the purpose and findings of the assessment, and prepares reports on the findings. Assists in developing security solutions to correct deficiencies that cannot be fixed with existing solutions. 2. Conducts extensive research of new vulnerabilities discovered in operating systems, application softwar

<!– job description page –>