Job posting 13-07
Opening date: January 31, 2013
Closing date: February 15, 2013
TITLE: IT Specialist (INFOSEC), IS-2210, Grade 12; $75,222 to
TYPE OF POSITION: Trust Fund (non-federal) Indefinite
DIVISION: - Computation Facility
LOCATION: Cambridge, Massachusetts
AREA OF CONSIDERATION: This position is open to all qualified candidates eligible to work in the United States.
Reviews assigned log files for core/critical systems in order to identify potentially suspicious activity including but not limited
to inappropriate and failed logins, security compromises to any SAO servers or desktops, etc.
Supports Plan of Action and Milestones (POA&Ms) and helps coordinate involvement and efforts to remediate security issues.
Follows up with SAO-SCI and HEA IT staff so that POA&Ms are worked and closed in a timely manner with an emphasis on
closing any Smithsonian OIG IT security findings. Keeps SAO management briefed on POA&M remediation status and
Reviews system and web applications for security vulnerabilities. Works with the IT and web application staff to fix IT
security weaknesses. Keeps SAO management briefed on the risks associated with high impact security vulnerabilities.
Reviews SAO critical core devices (network switches, Solaris and Linux servers, Windows servers, web servers and
applications, etc.) against vendor product documentation and/or vendor websites in order to optimize defenses or deterrents to
high impact vulnerabilities based on timely patching of US-CERT and industry flagged security issues, etc.
Supports federal government requirements for FISMA assessments and authorizations as implemented at the Smithsonian, by
supporting annual IT Security risk assessments on the SAO-SCI and HEA Automated Information Systems (AIS).
Reviews and updates FISMA documents and artifacts as required for SAO to follow Smithsonian best practice
recommendations based on:
FIPS 140-2, Security Requirements for Cryptographic Modules
FIPS 200, Minimum Security Requirements for Federal Information and Information Systems
System Categorization (FIPS 199)
System Security Plan (SSP) and Annual Validated User List
Configuration Management Plan (CMP)
Configuration Management Compliance Reports
System Test & Evaluation Plan (ST&E) and the annual test results and Security
Assessment Report (SAR) Summary
Contingency Plan (CP) Annual Test Results
Disaster Recovery Plan (DRP) Tabletop Test Results
Risk Assessment (RA)
Plan of Action and Milestones (POA&M) Workbook
Authorization “Authority to Operate” Letter
Quarterly Account Management Reports for core/critical systems
Quarterly Log Review, Patch reports for core/critical systems
Vulnerability Scan Results
To meet the basic requirement, individuals must have IT-related experience demonstrating each of the four
competencies listed below:
1. Attention to detail - Is thorough when performing work and conscientious about attending to detail.
2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services
or products that your work unit produces, including the general public, individuals who work in the agency,
other agencies, or organizations outside the Government) to assess their needs, provide information or
assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is
committed to providing quality products and services.
3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively,
taking into account the audience and nature of the information (for example, technical, sensitive,
controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and
4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment
to generate and evaluate alternatives, and to make recommendations. Applicants must demonstrate possession of these competencies within the application package.
In addition to the basic education requirements, you must have 1 year of specialized experience equivalent to at least
the next lower grade level (11). Specialized experience is experience that has equipped the candidate with the particular
knowledge, skills, and abilities to perform successfully the duties of the position. Examples of qualifying specialized
experience include: providing analysis of IT security in infrastructure operations, server management, COTS and web
applications in conformance with the National Institute of Standards (NIST) guidelines and industry recommended best
APPLICATION PROCEDURE: We will only accept applications on line for this position. or complete information about this position
and the online application procedures, please visit:
The Smithsonian Astrophysical Observatory is an equal opportunity employer committed to diversity in our workplace.
Visit our SAO website.