Information Systems Security Professional

Responsibilities Information System Security Professionals at NSA play a vital role in Security Architecture and Engineering, Communication and Network Security, Software Development Security, Security Operations, Identity and Access Management, Asset Security, and Security and Risk Management: Defining information system security requirements and functionality Designing system architectures, modeling, and network designs Ability to implement systems engineering principles/methodology Assessing the effectiveness of security solutions against present and projected threats Producing formal and informal reports, briefings, and direct input to the customer regarding security and functionality of requirements, system architecture, application security, and security planning Understanding concepts, principles, structure and standards used to design, implement, monitor and secure operating systems, equipment, networks, applications and controls to enforce levels of confidentiality, integrity and availability Conducting security engineering/hardening of the latest operating systems, tailoring them for use in the specific mission area Reviewing requests for security relevant changes on the mission infrastructures, ensuring risk is adequately mitigated Understanding of cryptography, cloud technologies, and ability to program (Python, Java, etc.) Knowledge of Systems Lifecycle Development, Threat Intelligence, and Incident Management Ensuring appropriate operational security posture is maintained for a system or program; assessing compliance with the Federal Government's Risk Management Framework (RMF), as maintained by the National Institute of Standards and Technology (NIST) Providing recommendations on Plan of Action & Milestones (POA&M) Working with system owners to accredit/re-accredit critical mission systems Depending on their experience and preferences, Information System Security Professionals are hired into positions directly supporting a technical mission office or into the Cybersecurity Engineering Development Program (CSEDP). The development program is 3 years in length and combines formal training and diverse work assignments. Job Summary Are you a cyber professional with the drive and expertise to be on the forefront of the cyber fight; tackling NSA's complex mission to defend against cyber threats of today and tomorrow? NSA, the nation's leading cyber agency, has exciting and challenging positions in Cyber Security Engineering and Cyber and TEMPEST vulnerability analysis/mitigation. Are you ready to help secure our Nation's critical Infrastructure? If so, NSA is the place for you Qualifications THIS JOB OPENING ENCOMPASSES MULTIPLE POSITIONS. THE MINIMUM QUALIFICATIONS FOR EACH ARE BELOW: The qualifications listed are the minimum acceptable to be considered for the position. INFORMATION SYSTEMS SECURITY DESIGNER: Degree must be in Computer Science or a related field (for example General Engineering, Computer Engineering, Electrical Engineering, Systems Engineering, Mathematics, Computer Forensics, Cybersecurity, Information Technology, Information Assurance, Information Security, and Information Systems). Relevant experience applying to all work levels: Completion of military training in a relevant area such as JCAC (Joint Cyber Analysis course), Undergraduate Cyber Training (UCT), Network Warfare Bridge Course (NWBC)/Intermediate Network Warfare Training (INWT), Cyber Defense Operations will be considered towards the relevant experience requirement (i.e., 20-24 weeks course will count as 6 months of experience, 10-14 weeks will count as 3 months of experience). ENTRY/DEVELOPMENTAL Entry is with a Bachelor's degree and no experience. An Associate's degree plus 2 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. Relevant experience must be in one or more of the following areas: computer or information systems design/development, programming, information/cyber/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, or systems engineering. Network and system administration may account for some, but not all, of the experience. FULL PERFORMANCE Entry is with a Bachelor's degree plus 3 years of relevant experience, or a Master's degree plus 1 year of relevant experience, or a Doctoral degree and no experience. An Associate's degree plus 5 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. Relevant experience must be in one or more of the following areas: computer or information systems design/development. In addition, may include programming, information/cyber/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, systems engineering, network and system administration. SENIOR Entry is with a Bachelor's degree plus 6 years of relevant experience, or a Master's degree plus 4 years of relevant experience, or a Doctoral degree plus 2 years of relevant experience. An Associate's degree plus 8 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. Relevant experience must be in one or more of the following areas: computer or information systems design/development. In addition, may include programming, information/cyber/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, systems engineering, network and system administration. EXPERT Entry is with a Bachelor's degree plus 9 years of relevant experience, or a Master's degree plus 7 years of relevant experience, or a Doctoral degree plus 5 years of relevant experience. An Associate's degree plus 11 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. Relevant experience must be in one or more of the following areas: computer or information systems design/development. In addition, may include programming, information/cyber/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, systems engineering, network and system administration. INFORMATION SYSTEMS SECURITY ENGINEER: Degree must be in Computer Science or a related field (for example General Engineering, Computer Engineering, Electrical Engineering, Systems Engineering, Mathematics, Computer Forensics, Cybersecurity, Information Technology, Information Assurance, Information Security, and Information Systems). Relevant experience applying to all work levels: Completion of military training in a relevant area such as JCAC (Joint Cyber Analysis course), Undergraduate Cyber Training (UCT), Network Warfare Bridge Course (NWBC)/Intermediate Network Warfare Training (INWT), Cyber Defense Operations will be considered towards the relevant experience requirement (i.e., 20-24 weeks course will count as 6 months of experience, 10-14 weeks will count as 3 months of experience). ENTRY/DEVELOPMENTAL Entry is with a Bachelor's degree and no experience. An Associate's degree plus 2 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. Relevant experience must be in one or more of the following areas: computer or information systems design/development, programming, information/cyber/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, systems engineering, or updating information assurance documentation (for example System Security Plans, Risk Assessment Reports, Certification and Accreditation packages, and System Requirements Traceability Matrices). Network and system administration may account for some, but not all, of the experience. FULL PERFORMANCE Entry is with a Bachelor's degree plus 3 years of relevant experience, or a Master's degree plus 1 year of relevant experience, or a Doctoral degree and no experience. An Associate's degree plus 5 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. Relevant experience must be in one or more of the following areas: computer or information systems design/development and with information assurance and accreditation processes (e.g., System Security Plans, Risk Assessment Reports, Certification and Accreditation Packages, and System Requirements Traceability Matrices). In addition, experience may include programming, information/cyber/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, systems engineering, or network and system administration. SENIOR Entry is with a Bachelor's degree plus 6 years of relevant experience, or a Master's degree plus 4 years of relevant experience, or a Doctoral degree plus 2 years of relevant experience. An Associate's degree plus 8 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. Relevant experience must be in one or more of the following areas: computer or information systems design/development and with information assurance and accreditation processes (e.g., System Security Plans, Risk Assessment Reports, Certification and Accreditation Packages, and System Requirements Traceability Matrices). In addition, experience may include programming, information/cyber/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, systems engineering, or network and system administration. EXPERT Entry is with a Bachelor's degree plus 9 years of relevant experience, or a Master's degree plus 7 years of relevant experience, or a Doctoral degree plus 5 years of relevant experience. An Associate's degree plus 11 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. Relevant experience must be in one or more of the following areas: computer or information systems design/development and with information assurance and accreditation processes (e.g., System Security Plans, Risk Assessment Reports, Certification and Accreditation Packages, and System Requirements Traceability Matrices). In addition, experience may include programming, information/cyber/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, systems engineering, or network and system administration. INFORMATION SYSTEMS SECURITY OFFICER: Degree must be in Information Assurance, Information Security, Information Systems, Information Technology, Computer Networking, Information Science, Cybersecurity, or any related field. ENTRY/DEVELOPMENTAL Entry is with a Bachelor's degree and no experience. A high school diploma or GED plus 4 years of relevant experience; or an Associate's degree or 18 semester hours of military coursework/training in a computer-related field plus 2 years of relevant experience may be considered. Experience must be in one or more of the following areas: information systems design, development, programming, information/computer/cyber/network security, vulnerability analysis, system auditing, penetration testing, computer forensics, computer systems research, reverse engineering, systems engineering, or network and system administration. Relevant experience may also include experience with Risk Management Framework (RMF), Information Systems Security technologies, or IT policies. FULL PERFORMANCE Entry is with a Bachelor's degree plus 3 years of relevant experience, or a Master's degree plus 1 year of relevant experience or a Doctoral degree and no experience. A high school diploma or GED plus 7 years of relevant experience, or an Associate's degree or 18 semester hours of military coursework/training in a computer-related field plus 5 years of relevant experience may be considered. Experience must be in one or more of the following areas: Risk Management Framework (RMF), Information Systems Security technologies, or IT policies. Relevant experience may also include information systems design, development, programming, information/computer/cyber/network security, vulnerability analysis, system auditing, penetration testing, computer forensics, computer systems research, reverse engineering, systems engineering, or network and system administration. SENIOR Entry is with a Bachelor's degree plus 6 years of relevant experience, or a Master's degree plus 4 year of relevant experience or a Doctoral degree plus 2 years of relevant experience. A high school diploma or GED plus 10 years of relevant experience, or an Associate's degree or 18 semester hours of military coursework/training in a computer-related field plus 8 years of relevant experience may be considered. Experience must be in one or more of the following areas: Risk Management Framework (RMF), Information Systems Security technologies, or IT policies. Relevant experience may also include information systems design, development, programming, information/computer/cyber/network security, vulnerability analysis, system auditing, penetration testing, computer forensics, computer systems research, reverse engineering, systems engineering, or network and system administration. EXPERT Not applicable for Information Systems Security Officer. Competencies Excellent problem-solving, communication and interpersonal skills Is motivated Works creatively and effectively in diverse environments Can juggle multiple priorities and assignments Applies standards, policies, procedures and requirements for ensuring information security Possesses specialized skills that prevent, assess, and/or mitigate threats to information systems and infrastructures and the information contained in or transmitted by these systems. This may encompass: threat and vulnerability analysis risk mitigation incident response information assurance risk management framework configuration management monitor/define system security plans penetration testing preparing accreditation documentation Pay, Benefits, & Work Schedule Pay: Salary offers are based on candidates' education level and years of experience relevant to the position and also take into account information provided by the hiring manager/organization regarding the work level for the position. Salary Range: $79,735 - $191,900 (Entry/Developmental, Full Performance, Senior, Expert) Salary range varies by location, work level, and relevant experience to the position. On the job training, internal NSA courses, and external training will be made available based on the need and experience of the selectee. Benefits: NSA offers excellent benefits to include relocation assistance, flexible work schedules, generous leave programs, paid personal fitness time, training and continuing education classes, health and life insurance, Federal Thrift Savings Plan (TSP), and a Federal retirement plan. Work Schedule: This is a full-time position, Monday - Friday, with basic 8hr/day work requirement between 6:00 a.m. and 6:00 p.m. (flexible). How to apply Apply soonest, as job postings can close earlier than stated end dates due to changes in requirements. It is important to review and note the minimum qualifications, as only those applicants who meet the required qualifications will be contacted to continue the employment process. Please populate the resume tool to showcase any relevant work experience and education related to the position and answer any applicable screening questions. Information collected will be used to determine eligibility, and failure to provide accurate information may result in disqualification for this position. A confirmation email will be sent after submission of the first application and also after any future updates to submitted applications. Due to time sensitive communications regarding applications, please ensure your spam filters are configured to accept email from noreplyintelligencecareers.gov. For job vacancies that include stated testing requirements, also include the following: uwe.nsa.gov, nsa.gov, and pearson.com U.S. Citizenship is required for all applicants. NSA is an equal opportunity employer and abides by applicable employment laws and regulations. NSA is also committed to the promotion of diversity within its workforce. All applicants and employees are subject to random drug testing in accordance with Executive Order 12564. Employment is contingent upon successful completion of a security background investigation and polygraph. Reasonable accommodations may be provided to applicants with disabilities during the application and hiring process where appropriate. Please visit our Diversity link for more information https://www.intelligencecareers.gov/NSA/diversity-and-inclusion . DCIPS Disclaimer The National Security Agency (NSA) is part of the DoD Intelligence Community Defense Civilian Intelligence Personnel System (DCIPS). All positions in the NSA are in the Excepted Services under 10 United States Codes (USC) 1601 appointment authority. DoD Components with DCIPS positions apply Veterans' Preference to eligible candidates as defined by Section 2108 of Title 5 USC, in accordance with the procedures provided in DoD Instruction 1400.25, Volume 2005, DCIPS Employment and Placement. If you are a veteran claiming veterans' preference, as defined by Section 2108 of Title 5 U.S.C., you may be asked to submit documents verifying your eligibility.