Skip to main content Skip to footer site map
This Position Is No Longer Available

Job Title:  IT Specialist (INFOSEC)
Agency:  Smithsonian Institution
Job Announcement Number:  14-13

This position is closed and no longer accepting online applications through USAJOBS.

The contents of the announcement can still be viewed.
$75,974.00 to $98,764.00 / Per Year
Friday, February 28, 2014 to Friday, May 09, 2014
Full Time - Trust Fund Indefinite (this is NOT a federal position)
1 vacancy in the following location(s):
Cambridge, MA View Map
Cambridge, MA View Map
This position is open to all qualified candidates eligible to work in the United States.
Q - Sensitive


About the Agency

The incumbent of this position serves as an Information Systems Security Officer (ISSO) and in conjunction with the SAO system sponsors for the Scientific Computing Infrastructure (SAO-SCI) and the High Energy Astrophysics Division (HEA) is responsible for supporting information security procedures that assure compliance with the requirements to safeguard the SAO-SCI and HEA Automated Information Systems (AIS), while optimizing protections for confidentiality, integrity, and the availability of SAO’s information system assets.


  • Not Required


  • No


  • Pre- and post-appointment background investigation.
  • May be required to serve a one-year probationary period.
  • Direct Deposit/Electronic Funds Transfer required for salary payment


Back to top

Reviews assigned log files for core/critical systems in order to identify potentially suspicious activity including but not limited to inappropriate and failed logins, security compromises to any SAO servers or desktops, etc.

Supports Plan of Action and Milestones (POA&Ms) and helps coordinate involvement and efforts to remediate security issues.  Follows up with SAO-SCI and HEA IT staff so that POA&Ms are worked and closed in a timely manner with an emphasis on closing any Smithsonian OIG IT security findings. Keeps SAO management briefed on POA&M remediation status and closures.

Reviews system and web applications for security vulnerabilities.  Works with the IT and web application staff to fix IT security weaknesses.  Keeps SAO management briefed on the risks associated with high impact security vulnerabilities.

Reviews SAO critical core devices (network switches, Solaris and Linux servers, Windows servers, web servers and applications, etc.) against vendor product documentation and/or vendor websites in order to optimize defenses or deterrents to high impact vulnerabilities based on timely patching of US-CERT and industry flagged security issues, etc.

Supports federal government requirements for FISMA assessments and authorizations, as implemented at the Smithsonian, by supporting annual IT Security risk assessments on the SAO-SCI and HEA Automated Information Systems (AIS).
Reviews and updates FISMA documents and artifacts as required for SAO to follow Smithsonian best practice recommendations based on:

     FIPS 140-2, Security Requirements for Cryptographic Modules

     FIPS 200, Minimum Security Requirements for Federal Information and     

     Information Systems

     System Categorization (FIPS 199)

     System Security Plan (SSP) and Annual Validated User List

     Configuration Management Plan (CMP)

     Configuration Management Compliance Reports

     System Test & Evaluation Plan (ST&E) and the annual test results and Security

     Assessment Report (SAR) Summary

     Contingency Plan (CP) Annual Test Results

     Disaster Recovery Plan (DRP) Tabletop Test Results

     Risk Assessment (RA)

     Plan of Action and Milestones (POA&M) Workbook

     Authorization “Authority to Operate” Letter

     Quarterly Account Management Reports for core/critical systems

     Quarterly Log Review, Patch reports for core/critical systems

     Vulnerability Scan Results


Back to top

To meet the basic requirement, individuals must have IT-related experience demonstrating each of the four competencies listed below:

1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Applicants must demonstrate possession of these competencies within the application package.


Applicants must have 1 year of specialized experience equivalent to at least the next lower grade level (11). Specialized experience is experience that has equipped the candidate with the particular knowledge, skills, and abilities to perform successfully the duties of the position. Examples of qualifying specialized experience include: providing analysis of IT security in infrastructure operations, server management, COTS and web applications in conformance with the National Institute of Standards (NIST) guidelines and industry recommended best practices.

Qualification requirements must be met within 30 days of the job opportunity announcement closing date. For information on qualification requirements, see Qualification Standards Handbook for General Schedule Positions viewable on the web at There is no education substitution for specialized experience.


Your application will be evaluated first for the basic qualifications described above. The applicants that meet the basic qualifications will be evaluated further against the following criteria:

Broad knowledge of and experience with IT System Security as represented by a Certified Information Systems Security Professional (CISSP) certification or industry recognized equivalent.

Broad knowledge of, and skill in applying IT security principles and methods sufficient to document and maintain the organization’s contingency plans and disaster recovery plans (CP/DRP), to respond to new security requirements or changes in the IT architecture, and present updated plans to SAO CF Department Manager for review and approval.

Ability to perform enterprise-level operational security administration, assessments and authorizations in a complex, resource constrained educational environment.

Broad knowledge of best practices and techniques for computer and data security engineering and protocols sufficient to:

  • enable the incumbent to coordinate, review, and provide technical and engineering advice relative to the implementation and operation of core critical IT components to monitor and maintain SAO IT security.
  • identify and specify information system security requirements associated with migrations to new environments and provide guidance and planning implementing migration activities.
Knowledge of the best practices and techniques of risk and vulnerability evaluation and determination sufficient to enable the incumbent to coordinate, review, and provide technical and engineering advice for security remediation. 

The ability to write accurate, concise, readable, documentation is essential.

The incumbent must possess good verbal and written communications skills and the ability to work effectively and cooperatively with computer and network users and systems staff.

Applicants who have not submitted a resume in the USAjobs system and/or have not answered all of the vacancy questions will not be considered for this position.  

Important Note:
The review of your resume will determine your final rating and should provide sufficient information regarding how your education and experience relate to this position, including the major duties and qualifications criteria listed.

To preview questions please click here.


Back to top
Click on the "Apply Online" button on the upper right side of the page.

Please Note:
  • You must apply for this position online through the 'Apply Online' button and submit required supplemental documents (if they are relevant to you).
  • You may submit required documents by uploading them online during the application process;
    You may manually fax required documents.  Faxes are received by an automated system, not a physical fax machine.  Documents that are faxed as part of the application process must be sent with the system generated cover sheet by the closing date.  Documents faxed without the system generated coversheet are not retrievable and cannot be considered as part of the application package.  
  • The complete application package, including any required documents, is due in the Smithsonian Office of Human Resources on the closing date of the announcement by 11:59 PM Eastern Time.
  • If you are unable to apply online, paper applications may be accepted with prior approval of the Contact Person listed below.


Your application package should include the following documents:
  • Detailed resume created in the USAJOBS Resume Builder.
  • Unofficial school transcripts, if the position has an education requirement or if you are using education to qualify.  If selected for the position, you must provide an official transcript before appointment.
  • Proof of U.S. accreditation for foreign study, if applicable.


Judy Gallagher
Phone: 617-495-7374
Fax: 617-495-7263
Agency Information:
Human Resources
60 Garden Street Cambridge, MA 02138
Mail Stop 17
Cambridge, MA
Fax: 617-495-7263


At the end of the application process you will be able to create and save a PDF file that contains your responses to the assessment questions.  You may save this file as receipt of your application.      

The Smithsonian receives many applications for each job.  Each application is reviewed carefully which may take a few weeks.  We will send you an e-mail to update you as we go through phases of the application review process.  You may also check your application status by logging into and selecting the tab "My USAJOBS;" e-mailing; or by contacting the Office of Human Resources Representative listed.

Additional Information:
  • The Smithsonian does not pay relocation expenses.
  • The Smithsonian embraces diversity and equal employment opportunity (

Back to top
EEO Policy Statement | Reasonable Accommodation Policy Statement | Veterans Information | Legal and Regulatory Guidance