IT Specialist (Security) administer, develop, deliver, and support information technology (IT) systems and services. The paramount requirement is knowledge of IT principles, concepts, and methods; e.g. data, storage, software applications, and networking.Learn more about this agency
Work in the Technical Category at this pay band is characterized by such assignments as:
- Collects, records and analyzes data/information: identifies problems: performing limited analyses.
- Coordinates with a manger project/program manager, team leader, or more experienced specialist to plan time and use assigned resources to accomplish assignments.
Characteristic information technology assignments in the Security Specialization after completion of developmental assignments at this pay band include:
- Carries out activities leading to security certification or accreditation.
- Conducts integrated analysis of multiple audit logs (e.g. firewall. Web server).
- Identifies violations and recommend corrective actions.
- Provides input in drafting information systems security documentation (e.g. systems security plans, risk assessments, disaster recovery plans, business continuity plans and user security guides).
Plans security projects, reports progress to the Manager and ensures other personnel supporting the projects produce quality work products. May be required to lead other employees in conducting and documenting results of security audits to assess compliance to the Federal Information Security Management Act (FISMA), which requires the use of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800 series, specifically NIST SP 800-53 and Federal Information Processing Standards (FIPS).
Applies basic technical knowledge to evaluate and document security controls on a variety of information system platforms (Windows, UNIX, Linux, etc.) and databases (Oracle, MS-SOL, MySQL, etc.), networks and cloud environments. Collects, verifies, compiles and summarizes assessment results using Microsoft's Word and Excel, which includes: evaluating System Security Plans (SSP), Information System Contingency Plans (ISCP), Risk Assessment Reports (RAR), Security Assessment Reports (SAR) and Executive Summary documents (based on SAR).
Creates and maintains records and supports higher level employees in research, examinations, investigations, audits, or inspections of security controls for compliance to NIST SP 800 series of documents. Assists in developing and presenting training on NIST and other Departmental/Agency specific policies, guidance, and orders.
Work is reviewed regularly by peers during assigned tasks and at completion to ensure timeliness and all aspects of quality. Work activities typically support the work of other employees and contribute to activities of the organization. Contacts are internal and external to the organizational unit, to include interactions with mid-level personnel.
Regularly coordinates with a Manager or Project Lead to plan time, prioritize tasks and use assigned resources. Established policies/procedures/instructions provide detailed guidance for almost all tasks, with little or no room for discretion.
This position may require extensive or frequent travel up to 2 weeks per month.
50% or less - The job may require up to 50% travel.
Job family (Series)
This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/557143800. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.