Clarification from the agency

Open to current Airmen of the Rhode Island Air National Guard (RIANG), or current military members willing/eligible to transfer to RIANG

Serves as the Wing Information Assurance Manager. Applies Information Technology (IT) security principles, methods, and security products to protect and maintain the availability, integrity, confidentiality, and accountability of information system resources and information processed throughout the system's life cycle. Establishes and publishes base-wide policy to manage the INFOSEC (also known as COMPUSEC) program and provides advice and guidance in its implementation and in procedures used in the development and operation of systems. Assists all base organizations in the development of their individual INFOSEC program. Disseminates information and ensures computer security practices are adhered to by all functional areas. Reviews, analyzes, and validates certification and accreditation (C&A) packages. Continuously identifies and analyzes threats and vulnerabilities to the information systems to maintain an appropriate level of protection. Ensures computer software designs address information system security requirements. Accomplishes risk analysis, security testing, and certification due to modifications or changes to computer systems. Evaluates, assesses, or locally tests and approves all hardware, software, and firmware products that provide security features prior to use on any accredited information system or network. Certifies all software prior to installation and use on communications and computer systems. Executes computer security plans and enforces mandatory access control techniques such as trusted routers, bastion hosts, gateways, firewalls, or other methods of information systems protection. Manages the Network Security Program. Maintains required information assurance certification IAW DoD 8570.01-M, Federal Information Security Management Act of 2002, Clinger Cohen Act of 1996. Implements and advises on IT security policies and procedures to ensure protection of information transmitted to the installation, among organizations on the installation, and from the installation using Local Area Networks (LAN), Wide Area Networks (WAN), the World Wide Web, or other communications modes. Utilizes current and future multi-level security products collectively to provide data integrity, confidentiality, authentication, non-repudiation, and access control of the LAN. Reports to MAJCOM, Air Force Communications Agency, National Security Agency, and Air Force Computer Emergency Response Team all incidents involving viruses, tampering, or unauthorized system entry. Controls access to prevent unauthorized persons from using network facilities. Limits access to privileged programs (i.e., operating system, system parameter and configuration files, and databases), utilities, and security-relevant programs/data files to authorized personnel. Implements methods to prevent or minimize direct access, electronic or other forms of eavesdropping, interpreting electro-mechanical emanations, electronic intercept, telemetry interpretation, and other techniques designed to gain unauthorized access to IT information, equipment, or processes. Evaluates unusual circumstances to recognize and define potential vulnerabilities and selects and oversees the installation of physical and technical security barriers to prevent others from improperly obtaining such information. Conducts the Information Assurance Awareness Program which uses computer-based training for both initial and recurring information protection training. Maintains required course records. Serves as the Communications Security (COMSEC) Manager for all cryptographic activities including managing the Cryptographic Access Program (CAP). Formulates and develops communications security criteria and requirements for inclusion in mobility, contingency, and exercise plans. Maintains accountability for sensitive cryptographic materials and related COMSEC information. Oversees issuance of COMSEC materials. Maintains COMSEC inventory. Prepares and evaluates written plans for emergency actions and ensures personnel are fully qualified in the execution of plans. Investigates COMSEC security incidents to determine the possibility of compromise to COMSEC materials and ensures documentation and reporting to appropriate channels. Performs destruction, receiving, issuing transferring and inspecting COMSEC material within the most stringent timelines. Furnishes written guidance to user accounts concurring effective dates, accounting procedures, destruction requirements, and physical security of COMSEC materials including key. Performs semi-annual functional reviews of all COMSEC user accounts, physically inspecting the user's COMSEC facilities, reviewing procedures, and audit of all cryptographic holdings. Manages the Certification Authority Workstation. Performs other duties as assigned.

Conditions of employment

• NATIONAL GUARD MEMBERSHIP IS REQUIRED. This is an excepted service position that requires membership in the Rhode Island Air National Guard, required prior to the effective date of placement.
• To qualify for this position, you must be a current member of the Rhode Island Air National Guard (RIANG) or a current military member willing/eligible to transfer to RIANG.
• Selectee will be required to wear the military uniform.
• Acceptance of an excepted service position constitutes concurrence with these requirements as a condition of employment.
• Males born after 31 December 1959 must be registered for Selective Service.
• Federal employment suitability as determined by a background investigation.
• May be required to successfully complete a probationary period.
• Participation in direct deposit is mandatory.
• Maintains required information assurance certification IAW DoD 8570.01-M, Federal Information Security Management Act of 2002, Clinger Cohen Act of 1996, and current AF directives.
• Conducts travel to/ from offsite worksite(s) to perform assigned duties. This may include Operating Locations (OL) and/or Geographically Separated Units (GSU). Due to distances involved, travel may involve one or more overnight stays.

Qualifications

Military Grades: E-1 through E-6

GENERAL EXPERIENCE: Experience, education or training that has provided a basic knowledge of data processing functions and general management principles that enabled the applicant to understand the stages required to automate a work process. Experience may have been gained in work such as computer operator or assistant, computer sales representative, program analyst, or other positions that required the use or adaptation of computer programs and systems.

SPECIALIZED EXPERIENCE: Must have at least 1-year specialized experience equivalent to at least the next lower grade; Experience, education, or training that approaches techniques and requirements appropriate to an assigned computer applications area or computer specialty area in an organization. Experience planning the sequence of actions necessary to accomplish the assignment where this entailed coordination with others outside the organizational unit and development of project controls. Experience that required adaptations of guidelines or precedents to meet the needs of the assignment. Experience preparing documentation on cost/benefit studies where is involved summarizing the material and organizing it in a logical fashion.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Once the announcement has closed, your resume and supporting documentation will be used to determine if you meet the qualifications listed on this announcement. If you are minimally qualified, your resume and supporting documentation will be compared to your responses on the assessment questionnaire to determine your level of experience. If you rate yourself higher than is supported by your application package, your responses may be adjusted and/or you may be excluded from consideration for this position. If you are found to be among the top qualified candidates, you will be referred to the selecting official for employment consideration.

Your qualifications will be evaluated on the following competencies (knowledge, skills, abilities and other characteristics):

• Knowledge of a full range of IT security principles, methods, regulations, policies, products and services sufficient to develop specifications to ensure compliance with security requirements at the LAN level and to plan and coordinate the delivery of an IT security awareness training program for end users at all levels at the installation.
• Knowledge of a full range of IT security requirements for certification and accreditation; network operations and protocols; systems testing and evaluation; and performance management methods sufficient to implement and coordinate activities designed to ensure, protect, and restore IT systems, services, and capabilities; to monitor and evaluate systems compliance with IT security requirements; provide advice and guidance in implementing IT security policies and procedures in the development and operation of network systems; to plan and conduct security accreditation reviews for installed systems or networks; and to recommend new or revised security measures and countermeasures based on the results of accreditation reviews.
• Knowledge of a wide range of IT and communication computer security techniques, requirements, methods, sources, and procedures in INFOSEC, EKMS, EMSEC, and secure voice (e.g., STE, Secure VoIP) Automated Software security.
• Knowledge of the EKMS program and related hardware and software, including knowledge of operating systems, local COMSEC Management Software, relational data base management systems, computer-communications software.
• Knowledge of a broad range of telecommunications equipment, operating techniques, concepts, principles, practices, requirements, methods, sources, and procedures (including familiarity with approaches used by telecommunications organizations in other agencies and/or the private sector) sufficient to manage the Communications Security (COMSEC) program, and the Cryptographic Access Program to interpret policy originating from higher organizational levels and to analyze and resolve difficult and complex telecommunications security problems where telecommunications knowledge is paramount.
• Knowledge of system software and systems development life cycles including systems documentation, design development, configuration management, cost analysis, data administration, systems integration, and testing.
• Knowledge of IT security requirements sufficient to develop and evaluate program documentation to include: mission needs statements, operational requirements documents and support plans, specifications, and proposals. Etc.