IT SPECIALIST (INFOSEC) - DIRECT HIRE AUTHORITY

Full Job Description

Click on "Learn more about this agency" button below to view Eligibilities being considered and other IMPORTANT information.

The primary purpose of this position is to support security and information assurance and other critical functions within the Bioeffects Division (RHD).

Experience requirements are described in the Office of Personnel Management (OPM) Qualification Standards for General Schedule Positions, Information Technology (IT) Management Series 2210 (Alternative A).

Due to the use of 120-day rosters, this period of experience may be completed within 120 days of the closing date of this announcement.

SPECIALIZED EXPERIENCE: Applicants must have at least 1 year (52 weeks), or will have one year within 120 days of closing of this announcement, specialized experience equivalent to the DO-01, or equivalent grade level in the Federal service.

Specialized experience includes planning, organizing, and managing Information Assurance (IA) Program activities for computer systems; serving as Information System Security Officer (ISSO/M); managing network security programs; implementing and advising on IT security policies and procedures; and/or serving as a Cybersecurity Liaison Officer.

Desired Qualifications CERTIFICATIONS: Required Certifications: CompTIA Security+, CISSP and/or CISM Desired Certifications, but not necessary: CGRC/CAP, SSCP EXPERIENCE: Experience in developing/researching/implementing policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data; Experience in serving as, assisting, or assuming responsibilities of an Information Systems Security Manager (ISSM); Strong track record in conducting risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs; Expertise with maintaining/assisting with a cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.

KNOWLEDGE, SKILLS AND ABILITIES (KSAs): Your qualifications will be evaluated on the basis of your level of knowledge, skills, abilities and/or competencies in the following areas: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.

Skill in determining how an IT security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

Continuously validate the organization's compliance with policies/guidelines/procedures/regulations/laws.

Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.

PART-TIME OR UNPAID EXPERIENCE: Credit will be given for appropriate unpaid and or part-time work.

You must clearly identify the duties and responsibilities in each position held and the total number of hours per week.

VOLUNTEER WORK EXPERIENCE: Refers to paid and unpaid experience, including volunteer work done through National Service Programs (i.e., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; student and social).

Volunteer work helps build critical competencies, knowledge and skills that can provide valuable training and experience that translates directly to paid employment.

You will receive credit for all qualifying experience, including volunteer experience. Major Duties:

Key Responsibilities: Serve as Information Systems Security Manager and/or Information Assurance Manager for the Bioeffects Division's cybersecurity systems and enclave.

Plans, organizes, and manages 711/RHD Information Assurance Program activities to ensure compliance with legal and regulatory requirements and meet customer needs at a geographically separated unit (GSU).

Maintains and improves the site's overall information assurance posture in accordance with all DoD regulations and the National Industrial Security Program Operating Manual Supplement.

Manages the following interrelated information assurance programs to ensure compliance with legal and regulatory requirements and fulfillment of customer needs: Information Security, Computer Security, Communications Security and Automated Information System Security Program.

Leads, coordinates, communicates, integrates and is accountable for the overall success of the program, ensuring alignment with critical agency priorities.

Implements and advises on information technology security policies and procedures to ensure protection of information transmitted within 711 HPW/RHD on the Joint Base San Antonio/Fort Sam Houston installation and from the installation using Local Area Networks, Wide Area Networks, the World Wide Web, or other communications modes.

Utilizes current and future multi-level security products collectively to provide data integrity, confidentiality, authentication, non-repudiation, and access control of Local Area Network.

Work pertains to the administration of all systems, including a myriad of associated hardware platforms, software applications and numerous interfaces included in the Local Area Network.

Performs other duties as assigned. Develops cyberspace plans, strategy, and policy to support and align with organizational cyberspace missions and initiatives.

Performs services as systems administrator: Serves as a systems administrator responsible for planning, coordinating, modifying, implementing, and troubleshooting to meet customer needs.