TITLE: IT Specialist (INFOSEC), IS-2210, Grade 12; $75,222 to $97,787/yr
TYPE OF POSITION: Trust Fund (non-federal) Indefinite
DIVISION: - Computation Facility
LOCATION: Cambridge, Massachusetts
AREA OF CONSIDERATION: This position is open to all qualified candidates eligible to work in the United States.

DUTIES: Reviews assigned log files for core/critical systems in order to identify potentially suspicious activity including but not limited to inappropriate and failed logins, security compromises to any SAO servers or desktops, etc.

Supports Plan of Action and Milestones (POA&Ms) and helps coordinate involvement and efforts to remediate security issues. Follows up with SAO-SCI and HEA IT staff so that POA&Ms are worked and closed in a timely manner with an emphasis on closing any Smithsonian OIG IT security findings. Keeps SAO management briefed on POA&M remediation status and closures.

Reviews system and web applications for security vulnerabilities. Works with the IT and web application staff to fix IT security weaknesses. Keeps SAO management briefed on the risks associated with high impact security vulnerabilities.

Reviews SAO critical core devices (network switches, Solaris and Linux servers, Windows servers, web servers and applications, etc.) against vendor product documentation and/or vendor websites in order to optimize defenses or deterrents to high impact vulnerabilities based on timely patching of US-CERT and industry flagged security issues, etc.

Supports federal government requirements for FISMA assessments and authorizations as implemented at the Smithsonian, by supporting annual IT Security risk assessments on the SAO-SCI and HEA Automated Information Systems (AIS). Reviews and updates FISMA documents and artifacts as required for SAO to follow Smithsonian best practice recommendations based on:

FIPS 140-2, Security Requirements for Cryptographic Modules

FIPS 200, Minimum Security Requirements for Federal Information and Information Systems

System Categorization (FIPS 199)

System Security Plan (SSP) and Annual Validated User List

Configuration Management Plan (CMP)

Configuration Management Compliance Reports

System Test & Evaluation Plan (ST&E) and the annual test results and Security

Assessment Report (SAR) Summary

Contingency Plan (CP) Annual Test Results

Disaster Recovery Plan (DRP) Tabletop Test Results

Risk Assessment (RA)

Plan of Action and Milestones (POA&M) Workbook

Authorization “Authority to Operate” Letter

Quarterly Account Management Reports for core/critical systems

Quarterly Log Review, Patch reports for core/critical systems

Vulnerability Scan Results

QUALIFICATIONS :

Basic Requirements:

To meet the basic requirement, individuals must have IT-related experience demonstrating each of the four competencies listed below:

1. Attention to detail - Is thorough when performing work and conscientious about attending to detail.

2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Applicants must demonstrate possession of these competencies within the application package.

In addition to the basic education requirements, you must have 1 year of specialized experience equivalent to at least the next lower grade level (11). Specialized experience is experience that has equipped the candidate with the particular knowledge, skills, and abilities to perform successfully the duties of the position. Examples of qualifying specialized experience include: providing analysis of IT security in infrastructure operations, server management, COTS and web applications in conformance with the National Institute of Standards (NIST) guidelines and industry recommended best practices. .

APPLICATION PROCEDURE: We will only accept applications on line for this position. or complete information about this position and the online application procedures, please visit: USAJOBS

The Smithsonian Astrophysical Observatory is an equal opportunity employer committed to diversity in our workplace.

Visit our SAO website.