In this position, you will serve as an IT Specialist (INFOSEC) in the IT Security Support Branch (ISS) of Information Services (I).Learn more about this agency
Whether you are new to the Federal Government or an experienced professional seeking a career change, you can make history at the National Archives. Our dedicated staff works across a variety of career fields to safeguard the records of the Federal Government - more than 10 billion of them.
Visit our Employee Gallery at www.archives.gov/careers to see the kinds of dynamic projects our staff are undertaking. If you want a career where you can see the difference your work makes, then join the National Archives!
For more information visit: http://archives.gov/dc-metro/college-park/
This position will be filled using the U.S. Office of Personnel Management (OPM) Government wide Direct Hire Authority for Information Technology Management (Information Security) positions. Under this authority, competitive rating, ranking, and veterans' preference procedures do not apply. Applicants who meet the basic qualification requirements may be forwarded to the Selecting Official for consideration. For more information on Direct-Hire Authority visit: https://www.opm.gov/policy-data-oversight/hiring-information/direct-hire-authority/#url=Fact-Sheet
-Create, update, and maintain all IT security documentation required to obtain NARA Authority to Operates (ATO's) for agency systems.
--FIPS 199 (Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information and Information Systems) form
--System Security Plan (SSP) completed in accordance with NIST Special Publication 800-18. Security plans are maintained in Xacta or on Shared Drives
--Contingency Plan in accordance with NIST Special Publication 800-34
--Annual Contingency Test Plan and Contingency Test report conducted in accordance with the NARA IT Security Requirements (security controls CP-2 and CP-4)
--Configuration Management Plan in accordance with NIST Special Publication 800-128
--Incident Response Plan in accordance with NIST Special Publication 800-61
--Annual Incident Response Plan Test conducted in accordance with NARA IT Security Requirements (security controls IR-3) and Incident Response Plan Test Report generated
--Plan of Actions & Milestones (POA&M) in accordance with the NARA IT Security Requirements, security control PM-4
---Where applicable, resolve and track vulnerabilities identified during security assessments within the timeframe indicated in the POA&M
--Business Impact Analysis (BIA) in agreement with NIST Special Publication 800-34
Initial Privacy Review (IPR) and Privacy Impact Assessment (PIA) in accordance with NIST 800-53 appendix J and the NARA IT Security Requirements, security control AR-2
System level Policy and Procedure documentation
System Component inventory
- Ensure NARA systems are accessed, integrated, accredited, operated, maintained and disposed of in accordance with applicable security policies and practices outlined in NIST Publication 800-53 (latest revision) Security and Privacy Controls for Federal Information Systems and Organizations, NARA Directive 202 NARA Classified Information Security Program and NARA Directive 804 Information Technology (IT) Systems Security.
- Coordinates with the System Owners to ensure that system accounts requests are for valid users, who are eligible for access to the information systems, have a valid need to access the systems, and that all requirements have been met before authorizing access to system(s).
- For all systems, review and validate (recertify) non-privileged user accounts annually and privileged user accounts and rights monthly in accordance with the NARA IT Security Requirements, to ensure the continued need for system access and that the assigned privileges for each user are the minimum required for current job functions.
- Perform Security Controls Testing to audit and inspect system security controls, processes and procedures
- Manage and track system security requirements during all phases of the systems life cycle for all operational and development projects.
- Create, update, and maintain all IT security documentation required to obtain NARA Authority to Operates (ATO's) for agency systems.
- Report, respond, and track security incidents in accordance with the NARA Computer Security Incident Handling Guide.
- Ensure that audit trails are reviewed weekly and retained for the period of time defined in the SSP.
- Respond to data calls (e.g. OIG datacalls, COR requests for system information) to provide security artifacts as requested.
- Develops and recommends NARA computer security policies, guidelines and/or procedures and standards that comply with Federal laws, guidelines and security management practices and which achieve appropriate levels of security for all NARA computer systems. Ranges include minicomputers, networks and stand-alone microcomputers. Policies and standards relate to hardware (including physical access), software (applications and operating systems), data, and communications resources. Policies, procedures and standards provide for protection from unauthorized or inadvertent use, modification, destruction and denial of use of the protected resources, disaster recovery and contingency planning, and personnel training in security awareness.
- Oversees and ensures the implementation of appropriate security controls throughout the system development lifecycle for all NARA IT systems, including National Security Systems, in accordance with the NARA IT Security Program Plan, National Institute of Science & Technology (NIST) standards and Committee on National Security Systems (CNSS) policies, standards and directives.
- Supports the Security Assessment & Authorization of all NARA IT systems, including National Security Systems. Liaises and coordinates with the Insider Threat Program Manager and the Intelligence Community in developing and implementing policies and procedures to support NARA IT systems, including National Security Systems. Works with system owners to resolve technical issues that impact the security of all NARA IT systems
Who May Apply
This job is open to…United States Citizens
This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/485665300. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.