This position is part of the Defense Threat Reduction Agency. The incumbent will support the creation and/or approval oversight of operational code, software, and exploits used in red cyber operations enabling mitigation strategies for securing the most critical U.S. Government networks. Incumbent will either oversee the development of tools/code prior to review and use, or oversee the Development, Operations, & Security (DevSecOps) process for tool/code review once developed and prior to use.

Duties

This position is being filled under the memorandum from the Under Secretary of Defense for Personnel and Readiness (USD(P&R)) "Expansion of Direct Hire Authority for Certain Personnel of the Department of Defense," dated October 15, 2021. As a Information Technology Specialist (NETWORK/INFOSEC) Red Cyber Development Specialist at the GS-2210-13/14 some of your typical work assignments may include: Serves as a Development Specialist providing government oversight for either the development or the approval for software tools, exploits, and any other code planned for use on cyber red team vulnerability assessments. This is a technical, hands-on role requiring the incumbent to either oversee the development of and provide recommendations on the employment of modified or bespoke tools, code, or exploits, OR conduct systematic analyses of software programs and offensive cyber techniques such that they may provide recommendations for or against the controlled use of those programs/techniques on operational networks. Develop, modify, or analyze software programs of varied provenance including Government-Off-The-Shelf (GOTS), Commercial-Off-The-Shelf (COTS), and Free-and-Open-Source-Software (FOSS) applications via methods including source code review, binary disassembly/decompilation, and dynamic/runtime testing. As appropriate, document operator requirements for code development and oversee the development/acquisition plan to meet these development needs, or document code review findings of software analysis and translate into authoritative recommendations for/against employment that can be communicated to team operators, internal leadership, and external partners. Operate, maintain, and improve upon infrastructure and tooling used to conduct test and evaluation activities including virtual lab environment(s), runtime data collection utilities, network capture software, protocol analyzers, binary disassemblers/decompilers, and software scanning applications. Provide subject matter expertise on software modification or secure software development, either providing technical guidance and review to internal and external developer teams, or support the internal and external development teams through source code reviews, algorithmic/logic optimization, and vulnerability identification/elimination. Be a technical authority for the team, facilitating red cyber operations via technically sophisticated or via preventing unintended destructive effects on target systems by identifying unsafe or malicious software routines in proposed capabilities. Additional duties may include: establishing and maintaining relationships with external entities including DoD cyber red teams, FFRDCs, etc.; developing and delivering trainings, briefings, and other presentations on state-of-the-art T&E practices; and evaluating guidance from NSA, USCYBERCOM, and additional higher authorities for applicable regulations and applying them to the established DCART processes.

Requirements

• Must be a U.S. Citizen
• Occasional Travel may be required, at the convenience of the government, to perform recurring temporary duty travel (25%), both within and outside of the Continental United States
• Work Schedule: Full-time
• Males born after 12-31-59 must be registered for Selective Service
• Suitable for Federal employment, determined by a background investigation
• May be required to successfully complete a probationary period
• Overtime: required, 10%
• Tour of Duty: Other, must be able to work odd/extended hours as directed by the program environment
• Recruitment Incentives: May be Authorized, See link for more information: https://www.dtra.mil/Business/DTRA-Opportunities/
• Fair Labor Standards Act (FLSA): Exempt
• Financial Disclosure: Not Required
• Telework Eligibility: This position is telework eligible, on a situational basis
• Must be able to obtain and maintain a TOP SECRET/SCI security clearance
• Subject to pre-employment drug testing and periodic random drug testing thereafter

Qualifications

You may qualify at the GS-13 , if you fulfill the following qualifications: A. One year of specialized experience equivalent to the GS-12 grade level in the Federal service as listed below: Designing, writing, reviewing, documenting, optimizing software applications/programs, or other activities contributing to a Development, Security, and Operations (DevSecOps) process, in modern programming languages (i.e., C, C++, C#, Java, Python, or Rust), OR experience writing, reviewing and approving code for use in cyber operations in modern programming languages (i.e., C, C++, C#, Java, Python, or Rust) Characterizing, profiling, and/or validating software such as source code review/analysis, dynamic/performance testing and evaluation, algorithm assessment, or open source research on cyber-related vulnerabilities and exploitation development Developing, identifying, exploiting, and/or eliminating software vulnerabilities Ideal but not required: Host-based computer forensics, network-based forensics, cyber incident response, cyber criminal investigation, intrusion detection/analysis, designing countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities, cyber red teaming, network penetration testing, security operations center analysis, defensive cyber operations, or offensive cyber operations Malware development, analysis, binary disassembly, binary decompilation, network/communication protocol analysis, software vulnerability research, or software exploit development. You may qualify at the GS-14 , if you fulfill the following qualifications: A. One year of specialized experience equivalent to the GS-13 grade level in the Federal service as listed below: Designing, writing, reviewing, documenting, optimizing software applications/programs, or other activities contributing to a DevSecOps process, in any combination of modern programming languages such as: C, C++, C#, Java, Python, or Rust OR experience writing, reviewing and approving code for use in cyber operations in modern programming languages (i.e., C, C++, C#, Java, Python, or Rust) Software analysis, test, and evaluation may be described as any activities to characterize, profile, and/or validate software such as: source code review/analysis, dynamic/performance testing and evaluation, algorithm assessment, or open source research on cyber-related vulnerabilities and exploitation development Developing, identifying, exploiting, and/or eliminating software vulnerabilities Ideal but not required: Host-based computer forensics, network-based forensics, cyber incident response, cyber criminal investigation, intrusion detection/analysis, designing countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities, cyber red teaming, network penetration testing, security operations center analysis, defensive cyber operations, or offensive cyber operations Malware development, analysis, binary disassembly, binary decompilation, network/communication protocol analysis, software vulnerability research, or software exploit development. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. In addition to meeting qualifications, your application package must reflect the applicable experience to meet the Individual Occupational Requirements for the 2210, series as listed below: For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

Education

Substitution of education may not be used in lieu of specialized experience for this grade level.

Contacts

• Address Defense Threat Reduction Agency 8725 JOHN J KINGMAN ROAD MSC 6201 FT BELVOIR, VA 22060-6201 US
• Name: DTRA Servicing Team
• Phone: 614-692-0259
• Email: [email protected]