Job opening: INFORMATION TECHNOLOGY SPECIALIST (INFOSEC)-DIRECT HIRE AUTHORITY
Salary: $82 830 - 128 043 per year
Relocation: YES
Published at: Nov 15 2023
Employment Type: Multiple Schedules
For additional information on direct hire opportunities with the Air Force please click here. Once on the Air Force Civilian Careers website, click "LEARN MORE ABOUT DIRECT HIRE JOBS" and click on the LinkedIn icon located under "To learn more about current and future Direct Hire opportunities please follow us on LinkedIn"
Information regarding opportunities, how to submit your resume and your contact information may be located on the Air Force Civilian Careers LinkedIn site.
Duties
For additional information on direct hire opportunities with the Air Force please click here.
This position is DoD Cyberspace Workforce (DCWF) Cyberspace Work Role coded:
- 612 (Security Control Assessor) (Proficiency Level: Advanced)
Security Control Assessor
- Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an IT system to determine the overall effectiveness of the controls (as defined in NIST 800-37).
DUTIES:
Develop methods to monitor and measure risk, compliance, and assurance efforts.
Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level.
Draft statements of preliminary or residual security risks for system operation.
Maintain information systems assurance and accreditation materials.
Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements.
Requirements
- U.S. Citizenship Required
- Telework may be authorized.
- If authorized, PCS will be paid IAW JTR and AF Regulations. If receiving an authorized PCS, you may be subject to completing/signing a CONUS agreement. More information on PCS requirements, may be found at: https://afciviliancareers.com/regulatory/
- Employee must be able to obtain and maintain a Top Secret security clearance and will be required to handle and safeguard sensitive and/or classified information in accordance with regulations to reduce potential compromise.
- A fully adjudicated Top Secret clearance within past 5-years is preferred.
- This is a drug testing designated position. The incumbent is subject to pre-employment drug testing as a condition of employment, and
participation in random drug testing.
- For additional information on direct hire opportunities with the Air Force please go to https://afciviliancareers.com/find-a-job/
- Locations are not negotiable. The actual duty locations available may be located on the Air Force Civilian Service website.
- In accordance with the Ethics in Government Act, 1978, employee may be required to file an OGE Form 450, Confidential Financial Disclosure Report, upon appointment and will be required to file annually.
- Employee may be required to work overtime.
Qualifications
For additional information on direct hire opportunities with the Air Force please click here.
New hires are required to meet the appropriate qualifications for the specific position being filled, per Department of Defense (DoD) Manual 8140.03 dated 15 Feb 2023, Cyberspace Workforce Qualification and Management Program.
Review the required Knowledge, Skills, Abilities, and Tasks (KSATs) for the Cyber Work Role, at https://dl.dod.cyber.mil/wp-content/uploads/dcwf/ElementsMap/story.html.
KNOWLEDGE, SKILLS AND ABILITIES (KSAs): Your qualifications will be evaluated on the basis of your level of knowledge, skills, abilities and/or competencies in the following areas:
Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
Knowledge of cybersecurity principles.
Knowledge of cyber threats and vulnerabilities.
Knowledge of cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of organization's evaluation and validation requirements.
Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.
Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Knowledge of specific operational impacts of cybersecurity lapses.
Knowledge of cloud computing service models Software as Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
Knowledge of cloud computing deployment models in private, public, and hybrid environments and the difference between on-premises and off-premises environments.
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
Education
New hires are required to meet the appropriate qualifications for the specific position being filled, per Department of Defense (DoD) Manual 8140.03 dated 15 Feb 2023, Cyberspace Workforce Qualification and Management Program.
Contacts
- Address EHA DHA
550 C Street West
JBSA Randolph AFB, TX 78150
US
- Name: Arlene Pando
- Email: [email protected]
Map