Job opening: IT Specialist/Security Controls Assessment Representative (SCAR)-DIRECT HIRE AUTHORITY
Salary: $87 878 - 135 851 per year
Relocation: YES
Published at: Jan 08 2024
Employment Type: Multiple Schedules
For additional information on direct hire opportunities with the Air Force please click here. Once on the Air Force Civilian Careers website, click "LEARN MORE ABOUT DIRECT HIRE JOBS" and click on the LinkedIn icon located under "To learn more about current and future Direct Hire opportunities please follow us on LinkedIn"
Information regarding opportunities, how to submit your resume and your contact information may be located on the Air Force Civilian Careers LinkedIn site.
Duties
For additional information on direct hire opportunities with the Air Force please click here.
The primary purpose of this position is to serve as a SCAR, conductindependent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an IT system to determine the overall effectiveness of the controls (as defined in NIST 800-37).
This position is DoD Cyberspace Workforce (DCWF) Cyberspace Work Role coded:
- 612 (Security Control Assessor) (Proficiency Level: Advanced)
Security Control Assessor
- Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an IT system to determine the overall effectiveness of the controls (as defined in NIST 800-37).
DUTIES:
Develop methods to monitor and measure risk, compliance, and assurance efforts.
Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level.
Draft statements of preliminary or residual security risks for system operation.
Maintain information systems assurance and accreditation materials.
Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements.
Requirements
- U.S. Citizenship Required
- Telework may be authorized.
- If authorized, PCS will be paid IAW JTR and AF Regulations. If receiving an authorized PCS, you may be subject to completing/signing a CONUS agreement. More information on PCS requirements, may be found at: https://afciviliancareers.com/regulatory/
- Employee must be able to obtain and maintain a Top Secret security clearance, a fully adjudicated Top Secret clearance within past 5-years is preferred.
- Employee will be required to handle and safeguard sensitive and/or classified information in accordance with regulations to reduce potential compromise.
- This is a drug testing designated position. The incumbent is subject to pre-employment drug testing as a condition of employment, and participation in random drug testing.
- For additional information on direct hire opportunities with the Air Force please go to https://afciviliancareers.com/find-a-job/
- Locations are not negotiable. The actual duty locations available may be located on the Air Force Civilian Service website.
- In accordance with the Ethics in Government Act, 1978, employee may be required to file an OGE Form 450, Confidential Financial Disclosure Report, upon appointment and will be required to file annually.
Qualifications
For additional information on direct hire opportunities with the Air Force please click here.
New hires are required to meet the appropriate qualifications for the specific position being filled, per Department of Defense (DoD) Manual 8140.03 dated 15 Feb 2023, Cyberspace Workforce Qualification and Management Program.
This is a DoD Cyber Workforce position and is assigned the following Cyber Work Role Codes:
612 (Security Control Assessor) (Proficiency Level: Advanced)
Review the required Knowledge, Skills, Abilities, and Tasks (KSATs) for the Cyber Work Role, at https://dl.dod.cyber.mil/wp-content/uploads/dcwf/ElementsMap/story.html
KNOWLEDGE, SKILLS, & ABILITIES (KSAs):
Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
Knowledge of cybersecurity principles.
Knowledge of cyber threats and vulnerabilities.
Knowledge of cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of organization's evaluation and validation requirements.
Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.
Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Knowledge of specific operational impacts of cybersecurity lapses.
Knowledge of cloud computing service models Software as Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
Knowledge of cloud computing deployment models in private, public, and hybrid environments and the difference between on-premises and off-premises environments.
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
Education
- New hires are required to meet the appropriate qualifications for the specific position being filled, per Department of Defense (DoD) Manual 8140.03 dated 15 Feb 2023, Cyberspace Workforce Qualification and Management Program.
- This is a DoD Cyber Workforce position and is assigned the following Cyber Work Role Codes:
- 612 (Security Control Assessor) (Proficiency Level: Advanced)
Contacts
- Address EHA DHA
550 C Street West
JBSA Randolph AFB, TX 78150
US
- Name: Arlene Pando
- Email: [email protected]
Map