25 % RECRUITMENT INCENTIVE

Official Position Title: IT Specialist, GS 2210-13/14

Division: Operational Technology Division

Unit: Special Projects Technology Unit

Location: Quantico, Virginia (No public transportation)

Working Hours: 8:15 a.m. to 5:00 p.m. (Flexible; hours may fluctuate around core hours)

Salary: GS-13: $112,015.00 - $145,617.00 GS-14: $132,368.00 - $172,075.00

Full Performance Level: GS-14

Number of Positions Available: 1

Duration: Full Time

Additional selections may be made from this announcement to fill positions within the same division when the position includes substantially the same duties, responsibilities, and qualifications.

Key Requirements

• Must be a U.S. citizen
• Must be able to obtain a Top Secret-SCI clearance
• Travel is required 5 to 10% of the time

Mission Statement:

The mission of the FBI is to protect the American People and uphold the Constitution of the United States.

Major Duties:

GS 13:

• Serve as Computer Network Exploitation (CNE) operator; conduct Computer Network Operations (CNO) to exploit, and gain access to remote targets to enable advanced electronic surveillance (ELSUR) and collect intelligence.
• Conduct reconnaissance of target devices and infrastructure utilizing various tools (including custom, public native, etc.) to gather assessment data (e.g., hostnames, IP addresses, directory walks, etc.); utilize new and existing intelligence to assess feasibility of, and initiate/maintain, surreptitious remote access; etc.
• Understand and circumvent limitations of target networks (e.g., IDS, host-based monitoring, etc.) to conduct CNO in a stealthy manner; cleanup CNE artifacts (e.g., logging, staged files, implants, etc.) to evade detection; etc.
• Operate covert infrastructure and coordinate its maintenance; gather intelligence/evidence and facilitate transfer to appropriate mission management data systems; document operations and reconnaissance information in targeting packages; etc.
• Utilize open source and custom exploitation frameworks, tools, n-days/backdoors, and rootkits; craft limited scripts to execute CNE tools, C2, and data parsing; etc.

GS 14:

• Serve as senior CNE operator; mentor a team of junior CNE operators; execute operations solo or lead operations and provide over watch of critical developments.
• Compromise known vulnerabilities in, or work with exploit developers to realize new capabilities to access, target systems; utilize tradecraft to defeat protection mechanisms (e.g., encryption, VPNs, etc.) to extract intelligence; etc.
• Work with investigators, analysts, and other technical personnel to ascertain investigative intelligence goals vs. level of access, develop new capabilities/vectors, and execute operations; document findings in operational after action reports (AARs) and hot washes; provide updates to management; conduct operational briefings as required; etc.
• Coordinates complex multi-faceted mission critical technical operations with entities both internal/external to the FBI, industry, etc. and briefs partners, management, and investigative/operational personnel on key decision points, risks, mitigating factors, etc.
• May serve as a Technical Point of Contact (TPOC) for mission contracts as needed; evaluate technical proposals for CNO viability; identify, and develop expertise in, current industry and government best practices; coordinate multidisciplinary groups for developing and deploying CNE/CNO solutions; perform project briefings as required; etc.

Qualifications and Evaluations

Please make sure your specialized experience/requirement(s) can be identified in your resume. Applicants must meet the qualification requirements by the closing date of this announcement.

Your application will be evaluated and rated under the FBI’s Candidate Rating Procedures. Your resume and supporting documentation will be used to determine whether you meet the job qualifications listed in this announcement and will be compared to your responses to the online assessment questionnaire. High self-assessment in the vacancy questions that is not supported by information in your resume, and/or supporting documents may eliminate you from Most Competitive status.

Your application will then be placed in one of three categories: Most Competitive, Competitive, or Least Competitive. Names of candidates in the Most Competitive category will be sent to the hiring official for employment consideration. Veterans’ preference will be applied.

All applicants will be rated on the following Competencies:

• Customer Service
• Information Management
• Technology Awareness

Specialized Experience (SE):

GS-13: Applicant must possess at least one (1) year of specialized experience equivalent to the GS-12 grade level. SE is defined as follows:

• Strong understanding of cybersecurity fundamentals, to include: IT/computing systems, networking, various operating systems/programming languages, network defense, vulnerabilities, etc.
• Experience conducting CNE operations and utilizing tradecraft to enable surreptitious access to remote targets; identifying or creating vulnerabilities/backdoors to access target infrastructure; conducting cybersecurity, vulnerability, and/or pen testing analysis on remote targets; mapping network architecture; establishing and maintaining persistence; etc.
• Experience testing tools in model environments; using publicly available exploitation frameworks (e.g., Metasploit, SQLNinja, Kali, etc.) and analysis tools (e.g., Wireshark, Maltego, Nmap, Aircrack, etc.); with multiple operating systems, system administration, and/or native tools; utilizing cybersecurity intelligence and/or the kill chain model; etc.
• Experience utilizing open source tools, techniques, n-days, etc. to conduct reconnaissance and CNE; backdoors and rootkits; scripting or programming languages (e.g., Python, PERL, PowerShell, etc.) to support development operations; etc.
• Experience with penetration testing; intrusion detection; supporting CNE operations; analyzing network traffic (e.g., Wireshark, TCPDUMP, Omnipeek, etc.); cyber planning and operations; developing/deploying operational infrastructure; etc.

GS 14: Applicant must possess at least one (1) year of specialized experience equivalent to the GS-13 grade level. SE is defined as follows

• Experience compromising various hardware/software platforms and infrastructure in target environments; utilizing out-of-band communications and/or covert infrastructure; developing and/or participating in remote- or close-access operations; etc.
• Experience in malware or binary reverse engineering; identifying vulnerabilities in software and firmware; developing reconnaissance and targeting packages; repurposing target tool;, privilege escalation; masquerade operations; etc.
• Experience maintaining awareness of technology/security trends and current state of the art in computer/network protection; developing, honing, and maintaining TTPs for hacking/CNE/CNO; training other technical personnel; briefing operational teams/management; etc.
• Experience leading a team-based environment of technical personnel in complex and mission critical project management and R&D efforts; prioritizing tasks and meeting deadlines in rapidly evolving, high-pressure situations; translating conceptual designs and complex mission requirements to implement new solutions or development projects; providing advice and guidance to management on critical issues; etc.
• Strong interpersonal, presentation, and communication skills; ability to relay complex technical information clearly and concisely to personnel at varying levels of technical competency, both orally and in writing; and demonstrable success mentoring junior technical staff.

Preferred Qualifications:

Current or previous certification as a CNE / interactive operator from another USIC agency or DoD element (e.g., Network Warfare, JCAC, etc.), or current relevant training certification(s) such as: Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN), SANS SEC560, PenTest , etc.

Selective Placement Factors (All Grades):

• Recent (within 3 years) experience developing and executing relevant operations (i.e., CNO/CNE, penetration testing, red team, etc.).
• Because of the mission critical nature of this position experience in the following diversified areas are preferable, can enhance an applicant’s competitiveness, and may be used to differentiate between otherwise qualified candidates: malware and binary reverse engineering, device cracking, exploit development/frameworks, field access operations, current or previous CNE operator certification(s) or experience, relevant industry certification(s), and/or current or recently adjudicated security clearance.

For detailed instructions related to applying, uploading documents, withdrawing an application or updating your application, please review instructions on