IT SPECIALIST (INFOSEC)
This position is located within the Office of Information and Technology Services and reports to the Information Systems Security Officer (ISSO). The incumbent serves as a technical professional and IT security analyst with responsibility for supporting the agency's cybersecurity program, with an emphasis on cloud initiatives. The incumbent will primarily be responsible for the security oversight of the agency's cloud environment and the development of system security and information assurance documentation, consistent with federal standards, to support the security assessment of agency cloud-based systems. The ideal candidate is capable of configuring and monitoring cloud security services, performing security audits and risk analyses of cloud environments, as well as application-level vulnerability testing and security code reviews. The candidate must be familiar with cloud-specific security principles and best practices (Federal information security policies, practices, and legal requirements including FISMA, RMF, NIST, and FedRAMP). The incumbent will work independently to:
Review proposed requirements, design, and architecture documents to identify potential security issues in agency cloud environments, information systems, and applications. Evaluate, install, configure, and manage cloud security tools and services that are employed to protect agency cloud environments. Monitor network activity and analyze evidence of suspicious behavior to identify and report events that occur or might occur within agency networks. Review data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze and respond to events that occur within the operating environment for the purpose of mitigating threats. Conduct assessments of threats and vulnerabilities, determine deviations from acceptable standards and best practices, asses the level of risk, and develop and/or recommend appropriate mitigation countermeasures in both operational systems and systems undergoing development. Review and asses system changes for security implications and impact to existing operations. Provide technical recommendations and guidance for corrective actions resulting from security audits and vulnerability assessments. Develop standard operating procedures to document routine work processes. All applicants must have 52 weeks of specialized experience equivalent to at least the next lower grade level in the Federal Service. Specialized experience is experience that has equipped the candidate with the particular knowledge, skills, and abilities to perform successfully the duties of the position. Applicants must meet the time-in-grade requirements of the position within thirty (30) days of the closing date of this announcement. Examples of qualifying specialized experience include:
GS-13:
1) knowledge of cloud security architectures and cloud service models; 2) knowledge of cloud security best practices, risk management, risk assessments, Federal Risk and Authorization Management Program (FedRAMP), the Federal Information Security Management Act (FISMA), and risk mitigation; 3) knowledge of computer networking concepts and protocols, and network security methodologies; 4) installing, configuring, and managing cloud security tools, such as data loss prevention (DLP), intrusion prevention, and malware detection; 5) assessing the adequacy of security controls in applications and systems prior to deployment; AND 6) communicating complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. In addition to the above specialized experience, applicants must also meet the IT-Related proficiency level for all four of the competencies listed below:
Attention to Detail:
Is thorough when performing work and conscientious about attending to detail. Customer Service:
Ability to coordinate cyber operations with other organization functions or support activities. Oral communication:
Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal means. Problem Solving:
Ability to interpret and understand complex and rapidly evolving concepts; ability to think critically. Evidence of the above specialized experience and IT-related proficiency must be supported by detailed documentation of duties performed in positions held. Your resume is the key means we have for evaluating your skills, knowledge, and abilities as they relate to this position. Therefore, we encourage you to be clear and specific when describing your experience. Evidence of the above specialized experience must be supported by detailed documentation of duties performed in positions held. Your resume is the key means we have for evaluating your skills, knowledge, and abilities as they relate to this position. Therefore, we encourage you to be clear and specific when describing your experience. We will not make assumptions regarding your experience or based on job titles alone. If your resume does not support your questionnaire answers, we will not allow credit for your response(s). Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Applicants must meet the qualifications for this position within thirty (30) days of the closing date of this announcement.
Estimated Salary: $20 to $28 per hour based on qualifications.
Review proposed requirements, design, and architecture documents to identify potential security issues in agency cloud environments, information systems, and applications. Evaluate, install, configure, and manage cloud security tools and services that are employed to protect agency cloud environments. Monitor network activity and analyze evidence of suspicious behavior to identify and report events that occur or might occur within agency networks. Review data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze and respond to events that occur within the operating environment for the purpose of mitigating threats. Conduct assessments of threats and vulnerabilities, determine deviations from acceptable standards and best practices, asses the level of risk, and develop and/or recommend appropriate mitigation countermeasures in both operational systems and systems undergoing development. Review and asses system changes for security implications and impact to existing operations. Provide technical recommendations and guidance for corrective actions resulting from security audits and vulnerability assessments. Develop standard operating procedures to document routine work processes. All applicants must have 52 weeks of specialized experience equivalent to at least the next lower grade level in the Federal Service. Specialized experience is experience that has equipped the candidate with the particular knowledge, skills, and abilities to perform successfully the duties of the position. Applicants must meet the time-in-grade requirements of the position within thirty (30) days of the closing date of this announcement. Examples of qualifying specialized experience include:
GS-13:
1) knowledge of cloud security architectures and cloud service models; 2) knowledge of cloud security best practices, risk management, risk assessments, Federal Risk and Authorization Management Program (FedRAMP), the Federal Information Security Management Act (FISMA), and risk mitigation; 3) knowledge of computer networking concepts and protocols, and network security methodologies; 4) installing, configuring, and managing cloud security tools, such as data loss prevention (DLP), intrusion prevention, and malware detection; 5) assessing the adequacy of security controls in applications and systems prior to deployment; AND 6) communicating complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. In addition to the above specialized experience, applicants must also meet the IT-Related proficiency level for all four of the competencies listed below:
Attention to Detail:
Is thorough when performing work and conscientious about attending to detail. Customer Service:
Ability to coordinate cyber operations with other organization functions or support activities. Oral communication:
Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal means. Problem Solving:
Ability to interpret and understand complex and rapidly evolving concepts; ability to think critically. Evidence of the above specialized experience and IT-related proficiency must be supported by detailed documentation of duties performed in positions held. Your resume is the key means we have for evaluating your skills, knowledge, and abilities as they relate to this position. Therefore, we encourage you to be clear and specific when describing your experience. Evidence of the above specialized experience must be supported by detailed documentation of duties performed in positions held. Your resume is the key means we have for evaluating your skills, knowledge, and abilities as they relate to this position. Therefore, we encourage you to be clear and specific when describing your experience. We will not make assumptions regarding your experience or based on job titles alone. If your resume does not support your questionnaire answers, we will not allow credit for your response(s). Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Applicants must meet the qualifications for this position within thirty (30) days of the closing date of this announcement.
- Department:
2210 Information Technology Management - Salary Range:
$102,663 to $133,465 per year
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
