IT CYBERSECURITY SPECIALIST (INFOSEC)

Full Job Description

Click on "Learn more about this agency" button below for IMPORTANT additional information.

The primary purpose of a IT Cybersecurity Specialist (INFOSEC), GG-2210-13, is to serve as a Cybersecurity Specialist, responsible for designing/assessing the security architecture of systems.

Performs security architecture reviews for Cross Domain Solutions; Top Secret/Sensitive Compartmented Information weapon systems; Intelligence, Surveillance, and Reconnaissance airframes; and Center infrastructure.

Ideal Candidate: 1-Demonstrates expert-level, hands-on experience with Risk Management Framework, including direct experience with specific standards such as ICD 503, NIST SP 800-series, and NSM-8.; 2-Proven track record of analyzing and assessing complex, high-consequence systems, such as Cross Domain Solutions, TS/SCI weapon systems, and ISR platforms; 3-Expertise in evaluating and securing enterprise-level network architectures, with deep knowledge of multi-level security, data-centric security, and cloud infrastructure; 4-Significant experience guiding the development and remediation of Plans of Action and Milestones and advising senior leadership (e.g., Authorizing Officials, CISOs) on cybersecurity risk and policy; 5-Currently holds an advanced cybersecurity certification (e.g., CISSP, CISSP-Isse, CASP+ per DoDM 8140.03) or an advanced degree in cybersecurity, information technology, or a related field; 6-Current or recent work within cybersecurity in the Intelligence Community.

In order to qualify, you must meet the quality experience requirements described in the Office of Personnel Management (OPM) Qualification Standards, Information Technology (IT) Management Series 2210 (Alternative A).

BASIC REQUIREMENT OR INDIVIDUAL OCCUPATIONAL REQUIREMENT: For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below.

Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

In addition to meeting the basic requirement above, to qualify for this position you must also meet the qualification requirements listed below: EXPERIENCE REQUIRED: Your resume must reflect the quality level of experience which demonstrates the possession of the knowledge, skills, abilities, and competencies necessary for successful job performance required for this position.

Examples of creditable experience include: knowledge of a wide range of cybersecurity concepts, principles, and practices.

Knowledge of Cross Domain Solutions technologies, IT server and client technologies, network security architecture, endpoint security management, threat assessment methodologies, and common system vulnerabilities.

The incumbent applies this knowledge to independently analyze and resolve difficult and complex cybersecurity problems for a diverse portfolio of National Security Systems, ensuring that system security designs meet stringent requirements for confidentiality, integrity, and availability.

KNOWLEDGE, SKILLS AND ABILITIES (KSAs): Your qualifications will be evaluated on the basis of your level of knowledge, skills, abilities and/or competencies in the following areas: 1.

Extensive and demonstrative knowledge of risk management processes and requirements in alignment with Risk Management Framework (RMF), and organizational risk management directly related to the display, discussion, processing, storage, and connectivity of classified data.

2.

Expert knowledge of network security architecture design concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth, Zero Trust, cross domain solutions/multi-level security, data-centric security) relative to enterprise information technology (IT) goals and objectives.

3. Demonstrated ability to apply information security program management principles to the system architecture lifecycle principles, policies, and guidelines. 4.

Expert knowledge of incident response and handling methodologies. 5.

Deep understanding of, and ability to communicate, system and software life cycle management security principles, including secure design and development.

PART-TIME OR UNPAID EXPERIENCE: Credit will be given for appropriate unpaid and or part-time work.

You must clearly identify the duties and responsibilities in each position held and the total number of hours per week.

VOLUNTEER WORK EXPERIENCE: Refers to paid and unpaid experience, including volunteer work done through National Service Programs (i.e., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; student and social).

Volunteer work helps build critical competencies, knowledge and skills that can provide valuable training and experience that translates directly to paid employment.

You will receive credit for all qualifying experience, including volunteer experience.

Additional Information: This position has been designated by the Air Force as a Testing Designated Position(TDP) under the Air Force Civilian Drug Demand Reduction Program.

Candidate must pass initial and periodic short notice drug testing.

Illegal drug use by employees in sensitive positions presents a clear threat to the mission of the Air Force, national security, and public safety.

Information Assurance Certification is a condition of employment. This position includes information assurance (IA) work as a paramount duty requirement.

Per DoDM 8140.03, and in accordance with the DoD Cyber Exchange website, or any future directly superseding authoritative source, the incumbent of this position must achieve the 'Advanced' proficiency level within the incumbent's primary DoD Cyber Workforce Framework (DCWF) within nine (9) months of assignment of these duties as per DoDI 8140.02.

A limited-duration waiver for this requirement may be granted per DoD 8140.03. Failure to receive the proper Foundational Qualification may result in removal from this position.

Position is designated special-sensitive and requires eligibility to Sensitive Compartmented Information (SCI), other intelligence-related Specialist Sensitive information, or involvement in Top Secret Special Access Programs (SAP) to fully perform the duties and responsibilities of the position.

A non-disclosure agreement must be signed. Major Duties:

-Perform cybersecurity analysis for the administration of the Air Force Materiel Command's (AFMC)ISR Cybersecurity Program.

-Perform detailed security control reviews and authorization activities for foundational security protections on CDSs, TS/SCI weapon systems, ISR airframes, and base infrastructure.

-Guide the development and remediation of Plans of Action and Milestones (POA&Ms) to addressidentified security architecture vulnerabilities and areas of non-compliance with AF IC, ODNI, NSM-8, and other directives.

-Provide authoritative technical expertise and recommendations on cybersecurity risk managementand security system authorization decisions, analyzing and recommending risk acceptance forsystems requiring exceptions by evaluating mission impact versus architectural cybersecurity risk.