This position is location in the Office of Information Technology in Washington DC.

Duties

At the Securities and Exchange Commission (SEC), we are committed to diversity, equity, inclusion and accessibility (DEIA) and value a workforce that reflects the diverse experiences and perspectives of the communities we serve. As such, we welcome applications from qualified individuals of all backgrounds who share our commitment to public service. Creating new intrusion detection mechanisms that identify cybersecurity incidents, and automating common incident response activities using Splunk Search Processing Language (SPL) with a high degree of proficiency. Leveraging data extraction and analysis tools, with a high degree of proficiency, to include but not limited to: Perl Compatible Expressions (PCRE), GNU Coreutils, CyberChef, Python modules, Microsoft Excel/Splunk Pivot Tables, SPL, etc. Proficiency with Python 3.x and/or PowerShell for automating multi-platform enterprise infrastructure tasks associated with cybersecurity analysis and incident response. Forming sound analytical assessments by systematically applying the Lockheed Martin Cyber Kill Chain?, the "The Diamond Model of Intrusion Analysis", and MITRE ATT&CK framework against all available data during the course of analysis. Conducting static and dynamic malware analysis, evaluating network packet captures (PCAP), and analyzing log of multi- platform/multi-cloud enterprise environments. Evaluating, generating, and applying detections associated with cyber threat intelligence with a high degree of proficiency. Coordinating a team of analysts during complex incident response activities. Communicating effectively with colleagues and senior leadership from technical and non-technical backgrounds on the status of ongoing incident response efforts.

Requirements

• You must be a US Citizen.
• Application procedures are specific to this vacancy announcement. Please read all the instructions carefully. Failure to follow the instructions may result in you not being considered for this position.
• Supplementary vacancies may be filled in addition to the number stated in this announcement.
• This position has promotion potential to the SK-14.
• PROBATIONARY PERIOD: This appointment may require completion of a one-year probationary period.
• SECURITY CLEARANCE: Entrance on duty is contingent upon completion of a pre-employment security investigation. Favorable results on a Background Investigation may be a condition of employment or selection to another position.
• PERMANENT CHANGE OF STATION (PCS): Moving/Relocation expenses are not authorized.
• DIRECT DEPOSIT: All Federal employees are required to have Federal salary payments made by direct deposit to a financial institution of their choosing.
• This position is in the collective bargaining unit.
• This position is eligible to request telework in accordance with the SEC 's telework policy.
• Existing Participants in the SEC?s Remote Telework Program are eligible to apply for this position. If selected, management will evaluate and communicate whether the position will allow for continued participation in Remote Telework.

Qualifications

All qualification requirements must be met by the closing date of this announcement. Qualifying experience may be obtained in the private or public sector. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. BASIC REQUIREMENT: Possess IT related experience demonstrating each of the four competencies: Attention to Detail - Is thorough when performing work and conscientious about attending to detail; Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services; Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately; Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. MINIMUM QUALIFICATION REQUIREMENT: In addition to meeting the basic requirement, applicants must also meet the minimum qualification requirement. SK-14: Applicant must have at least one year of specialized experience equivalent to the GS/SK-13 level: 1) Performing historical and near real-time network traffic and log analysis; 2) Performing static and dynamic analysis of suspect websites, documents, binaries, or other artifacts; AND 3) Automating analytical tasks related to network defense and incident response

Contacts

• Address Office of Information Technology 100 F Street NE Washington, DC 20549 US
• Name: ask HR
• Email: [email protected]