The Defense Technical Information Center (DTIC) is the central facility for the acquisition, preservation, protection, retrieval, and dissemination of scientific and technical information supporting the Research and Engineering (R&E) needs of the Department of Defense, as well as federal and industry partners. DTIC ensures the innovation and knowledge stemming from DoD's past and current investment in science and technology (S&T) forms the building blocks for the next generation of discovery.

Duties

Develops/maintains Center-wide cybersecurity policy and processes. Works with key stakeholders to confirm system documentation reflects the current security configuration of the system, in terms of hardware and software components, data flow, interconnections, and ports, protocols, and services. Conducts status meetings and determines next steps in moving the systems toward a successful accreditation effort. Develops and implements a comprehensive RMF program that aligns with the organization's risk tolerance and business objectives. Oversees all aspects of the organization's RMF implementation, including risk assessment, control selection, control implementation, and continuous monitoring. Develops and maintains RMF documentation, including the Plan of Action and Milestones (POA/M) and System Security Plan (SSP). Communicates the security posture of systems up the chain of command so that accreditation decisions can be made based on a thorough understanding of the risks associated with the configuration of systems and applications. Stays up to date on the latest RMF guidance and best practices. Provides expert advice and guidance to senior management on RMF matters. Maintains compliance to the standards set of artifacts to support CCRI, CCORI, CSSP and other applicable DoD inspection programs.

Requirements

• Must be a U.S. Citizen.
• Background investigation required.

Qualifications

Basic Requirement: Applicants must have IT-related experience demonstrating the following competencies appropriate to, or above, the level of this position. For vacancies below the full-performance level of the position, the basic requirement will be evaluated on a developmental basis. Your resume and work experience should clearly support your ability to meet these competencies and will be evaluated as part of the entire application process. Attention to Detail- experience reviewing my own information technology-related work or data and have been asked by others to review their work or data to ensure accuracy, completeness, and consistency with standards. Customer Service- experience maintaining relationships with customers, assessing current information technology needs of customers, and developing or identifying information technology products and services that are tailored to meet customer needs. Oral Communication- briefing mid-level management and IT staff on the status of information technology systems, projects, or daily operations, including the communication of technical information to a non-technical audience. Problem Solving- identifying alternatives to address complex information technology-related issues by gathering and applying information from a variety of sources that provide a number of potential solutions. In addition to meeting the basic requirement, qualified applicants must possess: One year of specialized experience equivalent in level of difficulty and responsibility to that of the next lower grade, GS-12, within the federal service, which demonstrates the ability to perform the duties of the position, is required. Specialized experience is defined as experience: (1) Preparing, submitting, and/or monitoring accreditation packages through the Risk Management Framework (RMF) process; (2) Performing authorization to operate (ATO) duties to include inheritance model for the entire system lifecycle; (3) Demonstrating use of cybersecurity concepts and tools such, as DISA STIGs, SCAP, SCC Tool, eMASS, and ACAS, to validate system security accreditation; (4) Overseeing risk management practices, continuous monitoring, and improvements to the security posture; (5) Reviewing and documenting Cloud Computing strategy and security controls; AND (6) Applying cybersecurity principles, concepts, and methods as a designated Information System Security Manager. Volunteer Experience: Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates to paid employment. You will receive credit for all qualifying experience, including volunteer experience.

Education

Education is not substitutable for specialized experience for this grade level.

Contacts

• Address DEFENSE TECHNICAL INFORMATION CENTER Apply Online Indianapolis, IN 46249 US
• Name: HR Customer Care Center
• Phone: (317) 212-0454
• Email: [email protected]