Specialty Summary. Supervises or operates fixed and deployed information technology (IT) and telecommunications resources to monitor, evaluate and maintain systems, policy and procedures to protect clients, networks, data/voice systems and databases from unauthorized activity. Identifies potential threats and manages resolution of security violations. Enforces national, DoD and Air Force security policies and directives; employs hardware and software tools to enhance the security by installing, monitoring and directing proactive and reactive information protection and defensive measures to ensure Confidentiality, Integrity and Availability (CIA) of IT resources. Administers and manages the overall Information Assurance (IA) program to include Communications Security (COMSEC), Emissions Security (EMSEC) and Computer Security (COMPUSEC) programs.
Duties and Responsibilities:
Conducts IA risk and vulnerability assessments; ensures enterprise IA policies fully support all legal and regulatory requirements and ensures IA policies are applied in new and existing IT resources. Identifies IA weaknesses and provides recommendations for improvement. Monitors enterprise IA policy compliance and provides recommendations for effective implementation of IT security controls.
Evaluates and assists IT activities. Makes periodic evaluation and assistance visits, notes discrepancies, and recommends corrective actions. Audits and enforces the compliance of IA procedures and investigates security-related incidents. Assists in conducting IT forensic investigations. Manages the IA program and monitors emerging security technologies and industry best practices.
Performs or supervises detection and protection activities using IA and IA-enabled tools and provides real-time intrusion detection and firewall protection for all IT resources. Responsible for IA oversight or management of national security systems during all phases of the IT life cycles. Ensures CIA of IT resources.
Operates and manages IA tools and IA-enabled tools. Integrates tools with other IT functions to protect and defend IT resources. Provides CIA by verifying IA controls are implemented in accordance with DoD and Air Force IA standards. Analyzes risks and/or vulnerabilities and takes corrective action to mitigate or remove them. Ensures appropriate administrative, physical, and technical safeguards are incorporated into all new IT resources through certification and accreditation and protects IT resources from malicious activity.
Installs, upgrades, configures and maintains IA tools and IA-enabled tools; develops scripts and macros to automate tedious tasks and ensure data survivability through IA controls.
Performs COMSEC management duties in accordance with national and DoD directives.
Manages, supervises, and performs planning and implementation activities. Manages implementation and project installation and ensures architecture, configuration, and integration conformity. Develops, plans, and integrates base communications systems. Serves as advisor at meetings for facility design, military construction programs and minor construction planning. Evaluates base comprehensive plan and civil engineering projects. Monitors status of base civil engineer work requests. Performs mission review with customers. Controls, manages, and monitors project milestones and funding from inception to completion. Determines adequacy and correctness of project packages and amendments. Monitors project status and completion actions. Manages and maintains system installation records, files, and indexes. Evaluates contracts, wartime, support, contingency and exercise plans to determine impact on manpower, equipment, and systems.
Specialty Qualifications:
Knowledge. Knowledge is mandatory of: IT resources; capabilities, functions and technical methods for IT operations; organization and functions of networked IT resources; communications-computer flows, operations and logic of electromechanical and electronics IT and their components, techniques for solving IT operations problems; and IT resources security procedures and programs including Internet Protocol and basic software scripting.
Education. For entry into this specialty, completion of high school is mandatory. Additional courses in advanced mathematics, computer science and networking is desirable. Experience in systems administration in an UNIX, Linux/MacOS, or Windows environment and/or software development, testing, and quality assurance is desired. Network+ certification is desirable.
Training. For award of AFSC 3D033, completion of Cyber Surety initial skills course is mandatory.
Experience. The following experience is mandatory for award of the AFSC indicated:
3D053. Qualification in and possession of AFSC 3D033. Experience performing IA functions and/or activities.
3D073. Qualification and possession of AFSC 3D053. Experience supervising IA functions and/or activities.
Other. The following are mandatory for entry into this specialty: Specialty requires routine access to Top Secret material or similar environment. For award and retention of AFSCs 3D033/53/73, completion of a current Single Scope Background Investigation (SSBI) according to AFI 31-501, Personnel Security Program Management is mandatory. NOTE: Award of the 3-skill level without a completed SSBI is authorized provided an interim Top Secret security clearance has been granted according to AFI 31-501.