Job opening: IT Specialist (Security)
Salary: $112 015 - 172 075 per year
Published at: Oct 31 2023
Employment Type: Full-time
NIST works with industry and science to advance innovation and improve quality of life. We're looking for a IT Specialist (Security) to join our team!
This notice is issued under direct-hire authority to recruit new talent to occupations for which NIST has a severe shortage of candidates.
Duties
Working as an IT Specialist (Security) in the Office of Information Systems Management, IT Security and Networking Division, you will perform the following duties:
Designated as the CHIPS Research & Development (R&D) Operating Unit IT Security Officer (OU ITSO) and Information System Security Officer (ISSO) responsible for coordination and oversight of the security posture of assigned Information Systems and programs.
Apply IT security principles and methods to include development and dissemination of IT security policies and practices to protect information assets in compliance with the Federal Information Security Modernization Act (FISMA).
Apply security engineering principle and methods to provide guidance for securing new and existing systems.
Work with research and scientific staff and partners to architect solutions that meet security requirements for new hardware and software technologies while enabling cutting-edge research.
Serve as the OU Privacy Liaison responsible for facilitating the implementation of the NIST Privacy Program within their assigned respective OU(s).
Identify, analyze, and document risk to computer systems, including continuous monitoring of system components, vulnerability scanning and remediation, coordinating security incidents, change management, and deployment of security controls in compliant with NIST Special Publication 800-53.
Provide technical cybersecurity and Assessment and Authorization (A&A) process guidance to IT implementation teams for the secure development/implementation of technologies that support scientific research and business operational needs.
Assist with the A&A process, including, but not limited to,creating or updating required System Security & Privacy Plans (SSPP) and other security documentation, participating in security assessment interviews and briefings, and ensuring related artifacts are created and maintained.
Perform security control assessments against NIST SP 800-53 controls, as required.
Develop, research, report and close Plans of Actions and Milestones (POA&Ms) for identified system deficiencies.
Communicate cybersecurity status to system stakeholders and management, including, but not limited to Authorizing Officials (AO), System Owners (SO), and the NIST Chief Information Security Officer (CISO).
This position functions in a research IT environment with exposure to broad sections of cutting-edge technology and research related areas including - but not limited to - advanced communications, measurement sciences, and cyber-physical systems. As such, the ITSO/ISSO/Privacy Liaison must be able to apply previous knowledge and problem-solving skills to customize requirements to meet specific customer needs. This position provides an opportunity to learn while applying cyber security to a dynamic research environment.
Requirements
- U.S. citizenship
- Males born after 12-31-59 must be registered for Selective Service
- Suitable for Federal employment
- Bargaining Unit Position: No
- Applicants must meet selective placement factor.
Qualifications
Basic Requirements:
Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate.
For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled.
Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
Selective Placement Factor: You mustpossess a current active IT Security certification (e.g. CISSP, GIAC certification). A copy of your certification must be submitted in your application package.
Specialized Experience:
In addition to the basic requirements, and the selective placement factor, applicants must have one year (52 weeks) of specialized experience equivalent to at least the GS-12 level (ZP-III at NIST). Specialized experience is defined as: Specialized experience MUST include all of the following:
- Experience in operational implementation of information system security and privacy requirements from NIST Specialized Publication 800-53.
- Performing system analysis to identify the need for changes and/or improvements based on new security technologies or threats.
- Working in the information security field implementing FISMA and NIST Special Publication series in support of the A&A process, including monitoring and reporting of POA&Ms for identified system deficiencies.
- Responsible for creating and/or updating required SSPPs and other A&A security documentation, participating in security assessment interviews and briefings, and ensuring related artifacts are created and maintained.
- Providing technical cybersecurity guidance to IT implementation teams for the secure development/implementation of technologies that support scientific research and business operational needs, whether "on premise" or "cloud" systems/infrastructure.
Experience refers to paid and unpaid experience, including volunteer work done. We will credit all qualifying volunteer experience in your application.
The qualification requirements in this vacancy announcement are based on the U.S. Office of Personnel Management (OPM) Qualification Standards Handbook.
Applicant Reconsideration
Education
Qualifications are based upon meeting specialized experience only. Education cannot be used to qualify for this position.
Contacts
- Address Information Technology Security and Networking Division
100 Bureau Drive
Gaithersburg, MD 20899
US
- Name: Jessica Leopold
- Phone: 301-975-5760
- Email: [email protected]
Map