This announcement is issued under the Direct Hire Authority (DHA) to recruit for positions for which there is a critical hiring need. Selectee(s) will receive a career or career-conditional appointment in the competitive service and may be required to serve a one-year probationary period. Who May Be Considered: U.S. Citizens View common definitions of terms found in this announcement.

Duties

The incumbent will serve as an Analyst / Engagement Lead within a 24x7x365 cyber incident response team that is responsible for performing the following tasks: Oversees and coordinates response to cyber incidents of national significance. Performs analysis that involves advising customers on strategies to protect and secure sensitive information and systems. Performs real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams. Performs incident triage by recommending scope, urgency, and potential impact, and collaborating with other reporting agencies/system owners. Perform command and control functions in response to incidents. Using security monitoring tools to capture real-time traffic spawned by any running malicious code. Collects, analyzes, and correlates events and alerts from multiple enterprise systems (e.g., IDS, security event logs, and operating system event logs, etc.) to investigate and/or research cyber security incidents. Making recommendations to achieve a sound information assurance and security environment is fully integrated within CISA strategy. Communicates information relevant to cyber defense for reporting and awareness. Correlates incident data to identify exploited vulnerabilities and makes recommendations that enable expeditious remediation. Provides technical summaries of findings in accordance with established reporting procedures. Performs modeling, detection, and hunting for indications of threat actor activity in managed services, such as IaaS, PaaS, and SaaS architectures and maintains expertise on standard and cloud security architectures, technology landscapes, and the incident response nexus for hosted environments. Seeks and develops solutions for effective modernization of threat hunting techniques using cloud technologies and harmonizes techniques and technology with cloud technologies in adjacent divisions to maximize cost savings and efficiencies to CISA. Maintains proficiency in forensic investigation of threat actor activity as it relates to endpoint and host forensic technologies. Leaders will be considered subject matter experts in investigating memory, disk, and Endpoint Detection and Response (EDR) platforms to discover intrusion artifacts on live systems as well as historic artifacts. Maintains rich expertise in developing tradecraft to identify attackers living off the land, obscuring artifacts with anti-forensics techniques, and the challenges around the use of modern encryption and distributed data platforms. Hunt leaders will maintain proficiency in the general structures and methodologies found in the 16 critical infrastructure sectors. Represents the agency at conferences, meetings, and interagency working groups in order to discuss new technologies that may be presented at an advanced technical level, for the purpose of assisting in the implementation of technologies deemed useful to the program. Other duties as assigned.

Requirements

Qualifications

You qualify for the GS-13 and GS-14 grade levels if you possess information technology related experience demonstrating each of the four required competencies: Attention to Detail: Is through when performing work and conscientious about attending to detail. Customer Service: Works with clients and customers to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication: Expresses information to individuals or groups effectively, taking into account the audience and nature of the information; makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving: identifies problems; determines accuracy and relevance of information; uses sound judgement to generate and evaluate alternatives, and to make recommendations. GS-13: In addition to the above requirement you must have at least one year of specialized experience at the GS-12 grade level performing the following duties: 1) planning and implementing cyber operations related to areas that may need support; 2) managing cyber incidents and cyber incident responses of organization significance; and 3) utilizing cyber intrusion detection technologies (i.e. intrusion detection systems (IDS)/ Intrusion Prevention Systems (IPS) tools and applications to identify intrusions. GS-14: In addition to the above requirement you must have at least one year of specialized experience at the GS-13 grade level performing the following duties: 1) evaluating cyber operations to determine areas that need support; 2) developing crisis action plans for cybersecurity operations; 3) analyzing cyber threats and vulnerabilities; and 4) managing Network security applications, devices and software such as, encryption, firewalls, demilitarized zones, etc. National Service Experience (i.e., volunteer experience): Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. All qualification requirements must be met by the closing date of this announcement.

Education

Some federal jobs allow you to substitute your education for the required experience in order to qualify. For this job, you must meet the qualification requirement using experience alone--no substitution of education for experience is permitted.

Contacts

• Address Cybersecurity and Infrastructure Security Agency 1616 N. Fort Myer Dr. CISA-FMD Stop 0380 Arlington, VA 20598-0380 US
• Name: Leah Ellis
• Phone: 202-725-8026
• Email: [email protected]