Job opening: IT Specialist (INFOSEC)
Salary: $69 996 - 122 459 per year
Published at: Aug 18 2023
Employment Type: Full-time
NOTE: Based on current hiring restrictions, selectees may be subject to additional approvals prior to an offer being extended.
The position is located at the Bureau of the Fiscal Service (FS); Deputy Assistant Commissioner (DAC) for Security Services; Information Assurance Division, Security Assessment Branch, responsible for assessing the security of Fiscal Service and Franchise customer information systems by performing Security Assessment and Authorization (SA&A) IT security reviews.
Duties
The following are the duties of this position at the GS-12. If you are selected at a lower grade level, you will have the opportunity to learn to perform all these duties, and will receive training to help you grow in this position.
- Perform Security Assessment and Authorization (SA&A) IT security reviews and related activities for all Fiscal Service and customer organization systems in accordance with the organization's (includes FS and the customers internal guidance) SA&A process. Serve as project lead or a project team member, as appropriate. Assess IT system security against applicable Fiscal Service, Treasury, and Federal requirements (such as those from FISMA, NIST, OMB and other sources) for compliance. Review documentation, interview key personnel, conduct tests, and examine evidence of adherence to relevant policy and procedure.
- Perform in-depth analysis and/or security testing of information systems, using a wide variety of tools and techniques. Evaluate test results for accuracy, probability, and impact. Report issues to system owners and technical subject matter experts; retest as needed to validate corrective actions. Administer and monitor the implementation of corrective actions to ensure continued compliance and system security.
- Implement and maintain multiple IT security assessment software tools with little direct supervision. Review and recommend new or revised security authentication technology and/or software.
- Serve as a team member in designing and implementing IT initiatives, with a specific focus on the security implications of design or operational decisions. Develop recommendations to correct vulnerabilities identified by assessments. Furnish technical assistance and advice to ensure security is considered throughout the system's lifecycle.
- Develop solicitation documents, and the evaluation of vendor responses, to ensure appropriate security requirements are addressed.
Qualifications
You must meet the following requirements by the closing date of this announcement.
The experience may have been gained in either the public, private sector or volunteer service. One year of experience refers to full-time work; part-time work is considered on a prorated basis. To ensure full credit for your work experience, please indicate dates of employment by month/day/year, and indicate number of hours worked per week on your resume.
Specialized Experience:
For the GS-12, you must have one year of specialized experience at a level of difficulty and responsibility at the GS-11 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes experience performing IT security work sufficient to participate in identifying and writing specifications and assessments to meet IT security requirements regarding the testing need of the applications or network server levels per customer requirements.
Examples of such experience could include:
- Performing security assessments and Information Technology (IT) security reviews to ensure compliance; AND
- Leading IT security related projects.
AND
In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below:
- Attention to Detail, such as analyzing security testing of information systems.
- Customer Service, such as developing recommendations to correct vulnerabilities identified by assessments.
- Oral Communication, such as persuading officials to accept and implement recommendations on corrective actions for identified vulnerabilities.
- Problem Solving, such as developing documents to address evaluations of vendor responses.
For the GS-11, you must have one year of specialized experience at a level of difficulty and responsibility at the GS-09 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes experience performing structured IT security work using testing tools to develop more in-depth experience promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations visions and goals.
- Assisting with security assessments and IT security reviews; AND
- Participating on IT security-related projects.
AND
In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below in their IT-related experience:
- Attention to Detail, such as reviewing documentation, such as FISMA, NIST, OMB and other sources for changes and updates regarding IT security compliance
- Customer Service, such as communicating across division lines and also with external regarding IT security matters.
- Oral Communication, such as drafting comments for management response to proposed security rules and regulations.
- Problem Solving, such as serves on a team in designing and implementing IT initiatives, with a specific focus on the security implications.
OR
You may substitute education for specialized experience as follows: Ph.D. or equivalent doctoral degree, or 3 full years of progressively higher level graduate education leading to a Ph.D. or equivalent doctoral degree. Attach a copy of transcript or list of college courses designating semester or quarter hours earned to ensure proper credit. The degree is in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.
Education
This job does not have an education qualification requirement.