Job opening: IT Specialist (INFOSEC)
Salary: $98 496 - 145 617 per year
Published at: Aug 01 2023
Employment Type: Full-time
The position is at the Bureau of the Fiscal Service (FS), Information & Security Services, Information Assurance Division (IAD), Oversight & Compliance Branch (OCB), serving as an Information Assurance (IA) Security Specialist responsible for developing, implementing, and maintaining IT security information assurance initiatives, focusing on providing security expertise throughout the system development lifecycle, regarding IT security legislation, policy, procedures, guidance, and/or concepts.
Duties
NOTE: Based on current hiring restrictions, selectees may be subject to additional approvals prior to an offer being extended.
As an IT Specialist (INFOSEC), you will:
- Serve as the primary point of contact representing the OCB Manager, IAD Director, Chief Information Security Officer (CISO), and/or Chief Security Officer (CSO) on matters related to the effective implementation and administration of the IT security program across the bureau.
- Work closely with ISS management, program office management, Information System Security Officers (ISSOs), ISSO liaisons, security assessors, IT security audit coordinators, and specialists within the areas of policy, risk management, privacy, records management, enterprise architecture, configuration management, development, etc. in efforts to build and maintain secure information systems.
- Assist the IT and program areas on projects by ensuring that IT security requirements are followed to develop or procure secure technology for new or enhanced systems or services. Provide expert knowledge and support throughout the development and maintenance of security and privacy related documentation.
- Facilitate the Security Assessment and Authorization (SA&A) process to ensure assessments are conducted on schedule and within scope according to the established processes.
- Provide oversight, analysis, and reporting on information security continuous monitoring activities to key cyber security officials and senior management.
Qualifications
You must meet the following requirements by the closing date of this announcement.
The experience may have been gained in either the public, private sector or volunteer service. One year of experience refers to full-time work; part-time work is considered on a prorated basis. To ensure full credit for your work experience, please indicate dates of employment by month/day/year, and indicate number of hours worked per week on your resume.
Specialized Experience:
For the GS-13, you must have one year of specialized experience at a level of difficulty and responsibility at the GS-12 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes experience performing IT security work within the areas of policy, risk management, security controls assessment, privacy, records management, enterprise architecture, configuration management, development, etc. in efforts to help build, maintain, plan, and deliver secure information systems for customer requirements.
Examples of such experience could include the following:
- Participating in or conducting risk assessment activities for planned or existing information systems or services to identify applicable security threats, risks, and controls; OR
- Assisting, developing, or reviewing security documentation such as system security plans to ensure compliance with regulations; OR
- Participating in or conducting security control assessment activities to include the development or review of security assessment plans and reports; OR
- Analyzing and/or writing security findings and recommendations which may include providing guidance to information system owners or security officers on appropriate disposition (e.g., risk acceptances / policy exceptions, plan of actions and milestones, false positives, etc.); OR
- Monitoring compliance of information systems through continuous monitoring activities such as vulnerability scanning, analysis, and remediation; security impact analysis of changes; user re-certifications; audit log review, analysis, and reporting; etc.
AND
In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below:
- Attention to Detail, such as assisting in the development and/or review of security documentation to ensure compliance.
- Customer Service, such as develop, present, and influence management officials to accept and implement findings and recommendations that would improve the organizations IT security program.
- Oral Communication, such as provide oversight, analysis, and reporting on information security continuous monitoring activities to key cyber security officials and senior management.
- Problem Solving, such as recommending changes to information assurance processes, system boundaries, and/or appropriate disposition of findings in support of supporting information system authorization decisions.
Education
This job does not have an education qualification requirement.