Summary THIS IS A NATIONAL GUARD TITLE 32 EXCEPTED SERVICE POSITION. This National Guard position is for a IT SPECIALIST (INFOSEC), Position Description Number D2178P01 and is part of the ME 10st Communications Flight, National Guard. Responsibilities This position is located in the Plans and Resources Section of a Base Communications Unit. This is an Air National Guard (ANG) Dual Status Technician position requiring military membership, compatible military skill assignment, and classification. The purpose of this position is to serve as the Base Information Assurance Manager who is the wing commander's authority and focal point for Information Assurance. Manages the communication-computer security (COMPUSEC) program, Electronic Key Management System (EKMS), Emission Security, and Information Assurance Awareness Programs. MAJOR DUTIES: 1. Serves as the Wing Information Assurance Manager. Applies Information Technology (IT) security principles, methods, and security products to protect and maintain the availability, integrity, confidentiality, and accountability of information system resources and information processed throughout the system's life cycle. Establishes and publishes base-wide policy to manage the INFOSEC (also known as COMPUSEC) program and provides advice and guidance in its implementation and in procedures used in the development and operation of systems. Assists all base organizations in the development of their individual INFOSEC program. Disseminates information and ensures computer security practices are adhered to by all functional areas. Reviews, analyzes, and validates certification and accreditation (C&A) packages. Continuously identifies and analyzes threats and vulnerabilities to the information systems to maintain an appropriate level of protection. Ensures computer software designs address information system security requirements. Accomplishes risk analysis, security testing, and certification due to modifications or changes to computer systems. Evaluates, assesses, or locally tests and approves all hardware, software, and firmware products that provide security features prior to use on any accredited information system or network. Certifies all software prior to installation and use on communications and computer systems. Executes computer security plans and enforces mandatory access control techniques such as trusted routers, bastion hosts, gateways, firewalls, or other methods of information systems protection. (25%) 2. Manages the Network Security Program. Maintains required information assurance certification IAW DoD 8570.01-M, Federal Information Security Management Act of 2002, Clinger Cohen Act of 1996. Implements and advises on IT security policies and procedures to ensure protection of information transmitted to the installation, among organizations on the installation, and from the installation using Local Area Networks (LAN), Wide Area Networks (WAN), the World Wide Web, or other communications modes. Utilizes current and future multi-level security products collectively to provide data integrity, confidentiality, authentication, non-repudiation, and access control of the LAN. Reports to MAJCOM, Air Force Communications Agency, National Security Agency, and Air Force Computer Emergency Response Team all incidents involving viruses, tampering, or unauthorized system entry. Controls access to prevent unauthorized persons from using network facilities. Limits access to privileged programs (i.e., operating system, system parameter and configuration files, and databases), utilities, and security-relevant programs/data files to authorized personnel. Implements methods to prevent or minimize direct access, electronic or other forms of eavesdropping, interpreting electro-mechanical emanations, electronic intercept, telemetry interpretation, and other techniques designed to gain unauthorized access to IT information, equipment, or processes. Evaluates unusual circumstances to recognize and define potential vulnerabilities and selects and oversees the installation of physical and technical security barriers to prevent others from improperly obtaining such information. Conducts the Information Assurance Awareness Program which uses computer-based training for both initial and recurring information protection training. Maintains required course records. (25%) 3. Serves as the Communications Security (COMSEC) Manager for all cryptographic activities including managing the Cryptographic Access Program (CAP). Formulates and develops communications security criteria and requirements for inclusion in mobility, contingency, and exercise plans. Maintains accountability for sensitive cryptographic materials and related COMSEC information. Oversees issuance of COMSEC materials. Maintains COMSEC inventory. Prepares and evaluates written plans for emergency actions and ensures personnel are fully qualified in the execution of plans. Investigates COMSEC security incidents to determine the possibility of compromise to COMSEC materials and ensures documentation and reporting to appropriate channels. Requirements Conditions of Employment Qualifications Military Grades: E6 & Below Compatible Military Assignments: 3D1X1, 3D1X2, 3D1X3 GENERAL EXPERIENCE: Experience, education or training that has provided a basic knowledge of data processing functions and general management principles that enabled the applicant to understand the stages required to automate a work process. Experience may have been gained in work such as computer operator or assistant, computer sales representative, program analyst, or other positions that required the use or adaptation of computer programs and systems. SPECIALIZED EXPERIENCE: GS-09 Must have at least 1 year of specialized experience equivalent to the GS-07 that demonstrates knowledge of cybersecurity principles to include Risk Management Framework, COMSEC, INFOSEC, EMSEC, COMPUSEC, etc. Carry out assignments, develop plans to handle multiple tasks given by supervisors. GS-11 Must have at least 36 months experience, education, or training that approaches techniques and requirements appropriate to an assigned computer applications area or computer specialty area in an organization. Experience planning the sequence of actions necessary to accomplish the assignment where this entailed coordination with others outside the organizational unit and development of project controls. Experience that required adaptations of guidelines or precedents to meet the needs of the assignment. Experience preparing documentation on cost/benefit studies where is involved summarizing the material and organizing it in a logical fashion. Must have at least 1 year of specialized experience equivalent to the GS-09 that demonstrates accomplishment of tasks related to cybersecurity programs to include Risk Management Framework, COMSEC, INFOSEC, EMSEC, COMPUSEC, etc. The ability to run these programs with minimal direction, plan training, coordinate with others inside and outside the organization, and brief supervisors on status. Education If you are using Education to qualify for this position, You must provide transcripts or other documentation to support your Educational claims. To receive credit for Education, you must provide documentation of proof that you meet the Education requirements for this position. Additional Information If you are a male applicant who was born after 12/31/1959 and are required to register under the Military Selective Service Act, the Defense Authorization Act of 1986 requires that you be registered or you are not eligible for appointment in this agency (Register | Selective Service System : Selective Service System (sss.gov)).