IT SPECIALIST (INFOSEC)

Full Job Description

This position is for a IT SPECIALIST (INFOSEC), PD# D2178P01, part of the Nevada Air National Guard.

The purpose of this position is to serve as the Base Information Assurance Manager who is the wing commander's authority and focal point for Information Assurance.

Manages the communication-computer security (COMPUSEC) program, Electronic Key Management System (EKMS), Emission Security, and Information Assurance Awareness Programs.

In order to qualify for this position, your resume must provide sufficient experience and/or education, knowledge, skills, and abilities, to perform the duties of the specific position for which you are being considered.

Education requirement is based upon the qualification standards for the specific position and is stated under the heading "EDUCATION".

Your resume is the key means we have for evaluating your skills, knowledge, and abilities, as they relate to this position.

Therefore, we encourage you to be clear and specific in describing your experience.

EACH APPLICANT MUST FULLY SUBSTANTIATE (IN THEIR OWN WORDS) THAT THEY MEET THE REQUIREMENTS OF THE SPECIALIZED EXPERIENCE LISTED BELOW; OTHERWISE, THE APPLICANT WILL BE CONSIDERED UNQUALIFIED FOR THIS POSITION.

DO NOT COPY FROM THE VACANCY ANNOUNCEMENT OR THE POSITION DESCRIPTION OR YOU MAY BE DISQUALIFIED.

Must have or obtain a TS/SCI clearance within 1 year or OPM time frame Must attain and maintain a minimum Information Assurance Technical Level II certification within 180 days of selection.

GENERAL EXPERIENCE: Must possess the following minimum experience: Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

SPECIALIZED EXPERIENCE: ???????Must possess 1-year specialized experience equivalent to at least the next lower grade; experience, education, or training that approaches techniques and requirements appropriate to an assigned computer applications area or computer specialty area in an organization; experience planning the sequence of actions necessary to accomplish the assignment where this entailed coordination with others outside the organizational unit and development of project controls; experience that required adaptations of guidelines or precedents to meet the needs of the assignment; experience preparing documentation on cost/benefit studies where is involved summarizing the material and organizing it in a logical fashion.

Major Duties:

Serves as the Wing Information Assurance Manager.

Applies Information Technology (IT) security principles, methods, and security products to protect and maintain the availability, integrity, confidentiality, and accountability of information system resources and information processed throughout the system's life cycle.

Establishes and publishes base-wide policy to manage the INFOSEC (also known as COMPUSEC) program and provides advice and guidance in its implementation and in procedures used in the development and operation of systems.

Assists all base organizations in the development of their individual INFOSEC program. Disseminates information and ensures computer security practices are adhered to by all functional areas.

Reviews, analyzes, and validates certification and accreditation (C&A) packages.

Continuously identifies and analyzes threats and vulnerabilities to the information systems to maintain an appropriate level of protection.

Ensures computer software designs address information system security requirements. Accomplishes risk analysis, security testing, and certification due to modifications or changes to computer systems.

Manages the Network Security Program. Maintains required information assurance certification IAW DoD 8570.01-M, Federal Information Security Management Act of 2002, Clinger Cohen Act of 1996.

Implements and advises on IT security policies and procedures to ensure protection of information transmitted to the installation, among organizations on the installation, and from the installation using Local Area Networks (LAN), Wide Area Networks (WAN), the World Wide Web, or other communications modes.

Utilizes current and future multi-level security products collectively to provide data integrity, confidentiality, authentication, non-repudiation, and access control of the LAN.

Reports to MAJCOM, Air Force Communications Agency, National Security Agency, and Air Force Computer Emergency Response Team all incidents involving viruses, tampering, or unauthorized system entry.

Controls access to prevent unauthorized persons from using network facilities.

Limits access to privileged programs (i.e., operating system, system parameter and configuration files, and databases), utilities, and security-relevant programs/data files to authorized personnel.

Implements methods to prevent or minimize direct access, electronic or other forms of eavesdropping, interpreting electro-mechanical emanations, electronicintercept, telemetry interpretation, and other techniques designed to gain unauthorized access to IT information, equipment, or processes.

Serves as the Communications Security (COMSEC) Manager for all cryptographic activities including managing the Cryptographic Access Program (CAP).

Formulates and develops communications security criteria and requirements for inclusion in mobility, contingency, and exercise plans.

Maintains accountability for sensitive cryptographic materials and related COMSEC information. Oversees issuance of COMSEC materials. Maintains COMSEC inventory.

Prepares and evaluates written plans for emergency actions and ensures personnel are fully qualified in the execution of plans.

Investigates COMSEC security incidents to determine the possibility of compromise to COMSEC materials and ensures documentation and reporting to appropriate channels.

Performs destruction, receiving, issuing transferring and inspecting COMSEC material within the most stringent timelines.

Furnishes written guidance to user accounts concurring effective dates, accounting procedures, destruction requirements, and physical security of COMSEC materials including key.

Performs semi-annual functional reviews of all COMSEC user accounts, physically inspecting the user's COMSEC facilities, reviewing procedures, and audit of all cryptographic holdings.

Manages the Certification Authority Workstation. Manages the CAP by conducting briefings prior to granting access to cryptographic information.

Implements and manages the Electronic Key Management System (EKMS) program. This includes system configuration and operation of the Local Management Device, Data Transfer Device, and Key Processor.

Initializes the system, performs system backups, determines operator access, and control functions (privilege management), reloads and configures the operating system's parameters.

Installs or oversees installation of local COMSEC account hardware and software, including training alternates in the AFEKMS operations.

Serves as secure voice equipment (e.g., STE, secure VoIP) user Representative and Emissions Security Program Manager.

Develops, implements, and monitors security systems for the protection of controlled cryptographic cards, documents, ciphers, devices, communications centers, and equipment.

Adheres to management control plan requirements by conducting self inspection and staff assistance visits. Resolves identified discrepancies. Performs other duties as assigned.