IT Cybersecurity Specialist (INFOSEC)

This announcement is issued under the Direct Hire Authority (DHA) to recruit for positions for which there is a critical hiring need. Selectee(s) will receive a career or career-conditional appointment in the competitive service and may be required to serve a one-year probationary period.

Qualifications:

Do NOT copy and paste the duties, specialized experience, or occupational assessment questionnaire from this announcement into your resume as that will not be considered a demonstration of your qualifications for this position. Your resume must describe your work and experience, in your own words.

To be considered minimally qualified for this position, you must demonstrate that you have the required competencies and experience for the respective grade level in which you are applying:

BASIC REQUIREMENT:

REQUIRED COMPETENCIES: Experience must be Information Technology (IT)-related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate.

You must have IT-related experience demonstrating each of the 9 competencies listed below:

1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Minimum Proficiency Level: 4
2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Minimum Proficiency Level: 4
3. Decision Making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals; causes change. Minimum Proficiency Level: 4
4. Information Management - Identifies a need for and knows where or how to gather information; organizes and maintains information or information management systems. Minimum Proficiency Level: 4
5. Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations. Minimum Proficiency Level: 4
6. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Minimum Proficiency Level: 4
7. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Minimum Proficiency Level: 4
8. Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals. Minimum Proficiency Level: 4
9. Technical Competence - Uses knowledge that is acquired through formal training or on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues. Minimum Proficiency Level: 4

AND

SPECIALIZED EXPERIENCE: In addition to meeting the qualification requirement listed above, you must have at least one year of specialized experience at the next lower GS-grade level (or equivalent). Specialized experience is experience that has equipped you with the particular competencies/knowledge, skills, and abilities to successfully perform the duties of the position and is typically in or related to the work of the position to be filled. Such experience is typically gained in the IT field or through the performance of work where the primary concern is IT.

GS-13
I have at least one (1) year of specialized experience comparable in scope and responsibility to the GS-12 grade level in the Federal service (obtained in either the public or private sector). Experience includes performing the performing AT LEAST FOUR of the following duties:

1. Developing Cybersecurity plans, strategy and policies or
2. Developing methods to monitor and measure risk, compliance, and assurance efforts; or
3. Managing the underlying information technology operational processes; or
4. Advocating for changes in policy that will support new initiatives or required changes/enhancements; or
5. Assisting with recommending the appropriate measures to internal and/or external Information Technology (IT) and/or Operational Technology (OT); or
6. Conducting risk and vulnerability assessments to protect IT/OT infrastructure assets and mitigate network vulnerabilities; or
7. Consulting with customers to evaluate functional requirements and translate functional requirements into technical solutions; or
8. Assisting with conducting risk and vulnerability assessments to protect IT/OT infrastructure assets and mitigate network vulnerabilities; or
9. Overseeing the development, implementation and evaluation of solutions for cybersecurity tools integration based on systems requirements, capabilities, and constraints to ensure the design meets customers' satisfaction; or
10. Managing the Information Technology (IT) planning process to ensure that developed solutions meet customer requirements.

GS-14
I have at least one (1) year of specialized experience comparable in scope and responsibility to the GS-13 grade level in the Federal service (obtained in either the public or private sector). Experience includes performing the performing AT LEAST FOUR of the following duties:

1. Leading development of methods to monitor and measure risk, compliance, and assurance efforts; or
2. Reviewing needs analysis to determine opportunities for new and improved business process solutions are relevant to the organization; or
3. Reviewing data (cyber and IT) to ensure they meet customer requirements; or
4. Administering policy guidance to cyber management, staff and users; or
5. Recommending the appropriate measures to internal and/or external Information Technology (IT) and/or Operational Technology (OT); or
6. Conducting risk and vulnerability assessments to protect IT/OT infrastructure assets and mitigate network vulnerabilities; or
7. Providing advisory services to leadership to ensure the proper operation of IT/OT systems throughout an organization; or
8. Providing technical expertise of current and evolving best practices in cybersecurity and the broader IT industry; or
9. Leading partnership meetings with external stakeholders.

Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.

All qualification requirements must be met by the closing date of this announcement.

Responsibilities:

This is a shared job announcement across the Cybersecurity and Infrastructure Security Agency, with multiple participating divisions. Multiple positions may be filled from this announcement. These divisions include, but are not limited to:

• Cybersecurity Division (CSD)
• Emergency Communications Division (ECD)
• Infrastructure Security Division (ISD)
• Integrated Operations Division (IOD)
• National Risk Management Center (NRMC)
• Office of the Chief Information Officer (OCIO)
• Office of Strategy Policy and Plans (OSPP)
• Stakeholder Engagement Division (SED)

Typical work assignments include, but are not limited to:

• Develop, review and recommend methods to monitor and measure risk, compliance, and
  assurance efforts.
• Conduct needs analysis to determine opportunities for new and improved business process
  solutions.
• Conduct risk analysis, feasibility study, and/or trade-off analysis to develop, document, and refine functional requirements and specifications.
• Develop and document User Experience (UX) requirements including information architecture and user interface requirements.
• Develop organizational cyber policy, programs, and guidelines for implementation.
• Responsible for ensuring the confidentiality, integrity, and availability of systems,
  networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.

Salary : $90,925