INFORMATION TECHNOLOGY SPECIALIST (INFOSEC) (Title 5)

THIS IS A NATIONAL GUARD TITLE 5 EXCEPTED SERVICE POSITION

This National Guard position is for a INFORMATION TECHNOLOGY SPECIALIST (INFOSEC) (Title 5), Position Description Number T5807900/T5821400 and is part of the AR ANG 188 CMN FT, National Guard.

Qualifications

Education

GS-11 DUTIES CONTINUED:

4. Implements and manages the Air Force Electronic Key Management System program. This includes system configuration and operation of the Local Management Device, Data Transfer Device, and Key Processor. Initializes the system, performs system backups, determines operator access, and control functions (privilege management), reloads and configures the operating system's parameters. Installs or oversees installation of local COMSEC account hardware and software, including training alternates in the AFEKMS operations. Serves as secure telecommunications units/elements (STU-III) representative and Emissions Security Program (EMSEC) administrator. Develops, implements, and monitors security systems for the protection of controlled cryptographic cards, documents, ciphers, devices, communications centers, and equipment. Validates strapping and configuration options of cryptographic units.

5. Provides technical training and instruction on Computer Security Awareness Training and Education (SATE) program procedures to supervisors, employees, and/or unit security representatives. Utilizes computer-based training for both initial and recurring information protection training. Conveys the degree of reliance on information systems, the potential consequences arising from the lack of secure information systems, the organization's commitment to secure information systems, and the means by which users can protect information systems. Conducts annual COMSEC training for squadron COMSEC users. Uses a wide variety of formal training materials, such as outlines, handouts, publications, films, exhibits, protective devices, and visual aids to provide and/or reinforce information related to communications-computer systems security awareness practices. Promotes security campaigns through oral presentations at local security committee meetings; and extracts, compiles, and prepares security articles, bulletins, and pamphlets for local use by squadron personnel. Maintains required course records.

6. Assists unit personnel with duties involving a wide range of communications and information systems and telecommunications programs consisting of tactical communications equipment, LAN systems, information resource management, and information protection programs.

7. Performs other duties as assigned

GS-12 DUTIES:

1. Performs as the Team Technical Lead during vulnerability assessments of DoD information systems. Utilizes knowledge of systems security principles and concepts, of new Information Technology (IT) security developments, and of the infrastructure protection environment to select appropriate tools to be used by team members. Establishes methodology, and determines best techniques to penetrate computer systems and exploit information within these systems. Directs the team during actual assessments to find vulnerabilities due to improper configurations, missing or improperly applied patches, or procedural errors. Provides assistance to owners of assessed systems by providing recommendations pertaining to implementing security programs designed to anticipate, assess, and minimize system vulnerabilities, to correct deficiencies discovered, and to apply new IT security concepts. Briefs commanders and network administrators on the purpose and findings of the assessment, and prepares reports on the findings. Assists in developing security solutions to correct deficiencies that cannot be fixed with existing solutions.

2. Conducts extensive research of new vulnerabilities discovered in operating systems, application software, infrastructure and firewalls. Investigates, analyses, and develops methods that could be used to exploit those vulnerabilities. Conducts testing on training range to validate findings and to develop and refine methods and procedures to mitigate vulnerabilities.Conducts extensive research of tools currently being used to attack or gain unauthorized access to information networks. Analyzes and tests these tools on training range to determine effectiveness, stability, and scope of the tools. Modifies and refines tools for use in vulnerability assessments to provide the customer with the best possible evaluation of their security posture.

3. Performs information operations that protect and defend (or assess the capability to protect and defend) information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. Conducts risk and vulnerability assessments of DoD information systems to identify associated vulnerabilities, risks and protection needs. Performs OPFOR and other operational tasking. Operates fixed and deployed communications-computer systems. Performs activities such as configuring and monitoring hardware and software for system operation, processing and control of data flow, and client-server multi-user system support including network management or administration. Performs microcomputer fault isolation and restoration actions. Evaluates and assesses vulnerabilities of customer network and application server hardware, operating system software, and peripheral network equipment such as routers, bridges, switches, attached cabling system, network interface cards, modems, multiplexers, and concentrators. Conducts evaluations to ensure compliance with applicable standards. Ensures system backups are performed to ensure expedient restoration of the database for the respective network equipment. Evaluates effectiveness of customer network firewalls.

4. Performs other duties as assigned.

Additional information