Eligibility Requirements
US Citizenship
Career Category
IT/Computer Science
Job Summary
This job is a civilian position and does not require military service (including commission and enlistment)
WHAT IS ATEC?
ATEC is the Army’s independent test and evaluation organization. We are a team of Civilian and Military personnel working together to provide America’s Military with the best equipment to win and return home safely. At ATEC, we have a saying: If a Soldier rides, wears, shoots, or deploys it, we test it. ATEC is at the forefront of testing and evaluating technologies of the future from autonomous aerial/ground vehicles to hypersonic weapons. Each day, top scientists and engineers test and evaluate cutting-edge equipment. Our workforce is highly technical and skilled, comprised of more than 8,500 military, civilian, and contract personnel. Engineers, scientists, technicians, researchers, and evaluators work with innovative, advanced technologies in 24 testing and research locations across the U.S. States and around the world. If you are a civilian who wants their work to make a difference, we look forward to hearing from you. For more information on ATEC, salary, benefits, etc., see: https://www.atecciviliancareers.com.
This announcement uses the DHA for Certain Personnel of the DoD Workforce direct hire authority to recruit and appoint qualified candidates to certain positions in the competitiveservice.
Job Responsibilities
|
POSITION DUTIES:
|
|
Serves as Information Technology (IT) Specialist Policy Planning/Information Security in the G-6 Directorate, U.S. Army Test and Evaluation Command (ATEC) supporting the Program Information Systems Security Manager (P-ISSM). Performs as a key team member of the Division formulating, interpreting, disseminating, and enforcing cybersecurity policies and procedures. Executes selected tasks and functions within the cybersecurity mission area. Maintains a specialized knowledge and familiarization with all aspects of cybersecurity (e.g. network security, endpoint security, configuration management, incident response, contingency planning, security assessments, etc.).
Serves as an ISSM with organization-wide authority to protect all Information Technology (IT) assets, systems, networks, data and information. Formulates Cybersecurity policy, guidance, and establishes appropriate organization-wide Cybersecurity management structure and Cybersecurity business processes, procedures and practices. Sets Cybersecurity goals and objectives, writes the Systems Security Plans to meet public law, Office of Management and Budget (OMB), Department of Defense (DoD) and Army information security requirements, and evaluates the effectiveness of IT policy and security measures. Oversees and manages the Risk Management Framework (RMF) for organization-wide systems (business & combat/weapon). Implements the organization’s vulnerability management program and reports compliance to Headquarters Department of the Army (HQDA). Prepares and briefs Cybersecurity status/security conditions to the organization Chief Information Officer (CIO) and other senior managers as necessary.
MAJOR DUTIES:
1. Establishes and manages portions of the organization Cybersecurity Program. Will for the command. Promulgates Cybersecurity policy and guidance throughout the organization. Responsible for . Establishes procedures within the command to document status of business information system and weapons/combat information system accreditation. Ensures that DoD and Army Cybersecurity training requirements are met. Responsible for determining, formulating, and writing policy, guidelines and procedures to oversee the Cybersecurity Assessment and Vulnerability Program and ensure it is implemented and effective in all associated commands/locations. Responsible for writing and interpreting regulations to establish and manage Cybersecurity incident reporting and compliance, to include procedures for vulnerability management. Ensures that Cybersecurity standards are enforced. Responsible for interpreting regulations and writing alert procedures to notify Cybersecurity personnel, system and network administrators, and command operations personnel of incidents that affect Computer Network Defense (CND). Ensures that the Cyberspace Protection Condition (CPCON) program is implemented and executed in accordance with Joint Chiefs of Staff (JCS) and Army policy. Assesses Cybersecurity posture and provides management reports. Has authority to commit organization to specific courses of action to ensure the integrity of information assurance and protect systems and networks against denial of service and interruption. Responsibilities also may include: assessment and authorization of systems and networks; vulnerability management, to include scanning and analysis of results; incident response; information technology contingency planning / disaster recovery planning; POA&M completion and analysis; and ensuring compliance with Security Technical Implementation Guides; reviews and advises P-ISSM on correctness and completeness of inter-organization agreements, such as MOAs, MOUs, and ISAs; and identification and protection of Mission Relevant Terrain – Cyberspace.
2. Administers and monitors implementation of the Risk Management Framework (RMF). Provides advice and guidance to the P-ISSM pertinent to compliance with the Assess and Authorize (A&A) process throughout all stages of system acquisition, development, and maintenance. Reviews Assess and Authorize (A&A) documentation to ensure that it is compliant with RMF standards. Reviews risk assessments and analyze impact of potential vulnerabilities. Independently develops procedures to generate and maintain required documentation to include the System Security Plan, the RMF Package documents, and Plan of Action and Milestones (POA&M). Independently develops guidance and assists subordinates through the Categorize, Selection, Implementation, Assessment, Authorization and Monitoring phases. Works closely with the NETCOM Security Controls Assessor Army and other ATEC ISSMs to ensure timely certification testing of systems being accredited, identification of system security shortcomings residual risks, and coordinate with the system certification team to resolve issues and mitigate residual risk. Keeps ATEC Authorizing Official (AO) and P-ISSM briefed on systems accreditation status and provide necessary coordination to acquire the Approval to Operate (ATO) for systems. Takes any other steps that may be necessary to ensure timely accreditation, review and reaccreditation of weapons/combat systems developed under the appropriate authority. Maintains database of system accreditation status, develops reports, and alerts system proponents when accreditation documentation must be updated.
3. Conducts assessments for Cybersecurity as part of the Organization Inspection Program and as a member of the Security Control Assessor – Organization (SCA-O) team to determine compliance with applicable regulations and policies, security controls, and reviews and evaluates the security impact of system changes. Participates in meetings and workgroups addressing Cybersecurity issues. Coordinates with Cybersecurity managers, to include DoD, HQDA, and other Army Commands and subordinate commands to discuss and resolve Cybersecurity issues and requirements. Actively participates in influencing and determining policies to resolve Cybersecurity issues and requirements. This will require the incumbent to determine, formulate, and effectively make policy. Represents the command position on Cybersecurity issues in decision meetings with the HQDA G6/Chief Information Officer (CIO) staff and other Army Commands involved in Cybersecurity oversight and management.
4. Maintains a cognizance of Army Cybersecurity policy and develops organization policy and procedures that implement initiatives to include Remote Access, Cybersecurity Tools, Web Cache, Network DMZ, Connection Approval Process, and Defense Research and Engineering Network (DREN)/NIPRNET/SIPRNET security. Sets and establishes the different requirements to develop and implement information systems security technology and procedures, to include Public Key Infrastructure (PKI) and multi-factor authentication technologies that address access control and authentication of users and transmitted information. Determines what the specifications and standards should be for any procured Cybersecurity software, hardware, or services and decides or directs the procurements of Cybersecurity software, hardware or services needed to protect organization systems and networks. Coordinates with subordinates, Director(s) of Network Enterprise Center (NEC's), HQDA, DREN and Defense Information Systems Agency (DISA) Point of Contact to ensure that Connection Approval Process requirements are met where applicable and submitted in accordance with DoD and Army policy.
5. Represents ATEC at meetings and working groups to present the command’s position and posture. Conducts or chairs meetings and seminars to collaborate and exchange related IM, IT, and Cybersecurity policies, procedures, and standards. Coordinates final agreements on matters within the incumbent's subject matter expertise.
6. Independently set priorities, plans work, and presents completed work to supervisor. Provides advice to peers on both administrative and technical matters within their scope. Identifies developmental training requirements annually; and plans schedule accordingly. Establishes and monitors internal controls, as necessary to safeguard government resources from fraud, waste, abuse, or misappropriation. Researches and composes a wide-range of informational memorandums, administrative and technical correspondence, for supervisor’s signature and distribution.
Performs other duties as assigned.
|
Job Qualification
In order to qualify, you must meet the experience requirements described below. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., PeaceCorps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual;community; student; social). You will receive credit for all qualifying experience, including volunteerexperience. Your resume must clearly describe your relevant experience; if qualifying based on education,your transcripts will be required as part of your application. Additional information about transcripts is
inthis document
Basic Requirement for Information Technology Management - 2210 series: IT-related experience is required demonstrating each of the four competencies listed below:
1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
2. Customer Service - Works with clients and customers (that is, any individuals who use or receive theservices or products that your work unit produces, including the general public, individuals who work in
the agency, other agencies, or organizations outside the Government) to assess their needs, provideinformation or assistance, resolve their problems, or satisfy their expectations; knows about availableproducts and services; is committed to providing quality products and services.
3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groupseff ectively, taking into account the audience and nature of the information (for example, technical,sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends tononverbal cues, and responds appropriately.
4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses soundjudgment to generate and evaluate alternatives, and to make recommendations.
In addition to meeting the basic requirement above, to qualify for this position you must also meet thequalification requirements listed below:
Specialized Experience
In addition to meeting the basic requirement above, to qualify for this position you must also meet the qualification requirements listed below:
Specialized Experience: One year of specialized experience which includes:
1) Independent interpreting of public laws, Cybersecurity policy and guidance and writing Cybersecurity regulations, pamphlets, and technical/operational memoranda
2) Utilizing database administration tools, soft ware, applications, and/or systems; and
3) Performing studies, analyzing data, weighing cost/benefits, formulating options, and/or making recommendations to improve cybersecurity policy and practices.
This definition of specialized experience is typical of work performed at the next lower grade/level positionin the federal service (NH-02 or GS-11).
Some federal jobs allow you to substitute your education for the required specialized experience in orderto qualify. For this job, you must meet the qualification requirement using specialized experience alone--nosubstitution of education for experience is permitted.
Education
FOREIGN EDUCATION:
If you are using education completed in foreign colleges or universities to meet thequalification requirements, you must show the education credentials have been evaluated by a privateorganization that specializes in interpretation of foreign education programs and such education has beendeemed equivalent to that gained in an accredited U.S. education program; or full credit has been given forthe courses at a U.S. accredited college or university. For further information, visit:
http://www.ed.gov/about/off ices/list/ous/international/usnei/us/edlite-visitus-forrecog.html
HOW YOU WILL BE EVALUATED. You will be evaluated based on your level of competency in the following areas:
1. Knowledge of the interrelationships of multiple IT specialties, project management principles, emerging technologies, and IT architecture in order to provide solutions to key issues concerning integration and interoperability, to manage projects, and to develop system improvements and refinements that will address current and future requirements.
2. Knowledge of IT systems and processes, specifically the application of cybersecurity principles to the information management discipline.
3. Knowledge of IT vulnerabilities, which can be exploited and develops new standards and methodologies to identify and report their presence.
4. Knowledge of DoD, Army, and higher headquarters directives and regulations governing all of the above areas.
5. Mastery of and skill in applying, Cybersecurity policy, techniques, and technologies is required to develop and enhance the Cybersecurity program.
6. Mastery of and skill in applying systems security and RMF requirements and processes.
7. Skill in oral and written communication to prepare and present briefings to senior management officials on complex and controversial IT issues and to explain complicated technical requirements.
8. Ability to advise management at all levels and other Cybersecurity specialists with Cybersecurity analysis techniques.
Conditions of Employment
1. This position requires a Secret security clearance or the incumbent must be able to obtain and maintain a Secret security clearance. Note: Some positions can require a Top Secret security clearance or Top Secret security clearance with Sensitive Compartmented Access (SCI) and personnel must pass drug screening prior to hiring and will be subject to periodic and random drug testing thereafter in accordance with AR 600-85 and Department of Defense Directive 2010.9.
2. Must obtain and maintain Information Assurance (IA) certification and computing environment, certifications per Army policy and DoD directive.
3. Incumbent may spend up to 25% of the time in travel or TDY status.
4. This acquisition position requires LEVEL III certification in the acquisition career field of Information Technology (R); or, incumbent must be able to obtain certification within 24 months of appointment.
Travel Requirements
Greater than 20% Travel
QUESTIONS or issues please send us a message with the vacancy announcement URL, position title, and location to:
Kimberly.s.broadwater2.civ@army.mil
