NIST works with industry and science to advance innovation and improve quality of life. We're looking for a IT Specialist (Security) to join our team! This notice is issued under direct-hire authority to recruit new talent to occupations for which NIST has a severe shortage of candidates.

Duties

Working as an IT Specialist (Security) in the Office of Information Systems Management, IT Security and Networking Division, you will perform the following duties: Designated Information System Security Officer (ISSO), Operating Unit IT Security Officer (OU ITSO), and Privacy Liaison (PL) responsible for implementing organization-wide IT Security and Privacy Program to maintain the confidentiality, integrity, and availability of assigned Information Systems and programs for three (3) organizations: Office of Acquisitions and Agreements Management (OAAM), Office of Financial Resource Management (OFRM) and Office of Human Resources Management (OHRM). Apply IT security and privacy principles and methods to include development and dissemination of IT security and privacy policies and practices to protect information assets in compliance with the Federal Information System Modernization Act (FISMA). Identify, analyze, and document risk to computer systems, including continuous monitoring of system components, vulnerability scanning and remediation, coordinating security incidents, change management, and deployment of security controls in compliant with NIST SP 800-53. Provide technical cybersecurity and Assessment and Authorization (A&A) process guidance to IT implementation teams for the secure development/implementation of technologies that support business operational needs. Assist with the A&A process, including, but not limited to, updating required System Security & Privacy Plans (SSPP) and other security documentation, participating in security and privacy assessment interviews and briefings, and ensuring related artifacts are created and maintained. Perform security control assessments against SP 800-53 controls, as required. Coordinate the completion of Plans of Actions and Milestones (POA&Ms) for identified system deficiencies. Communicate cybersecurity status to system stakeholders and management, including, but not limited to Authorizing Officials (AO), System Owners (SO), and the NIST Chief Information Security Officer (CISO)

Requirements

• U.S. citizenship
• Males born after 12-31-59 must be registered for Selective Service
• Suitable for Federal employment
• Bargaining Unit Position: No
• Applicant must meet selective placement factor

Qualifications

Basic Requirements: Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Selective Placement Factor: You mustpossess a current active IT Security Certification (e.g. CISSP, GIAC certification). ). A copy of your certification must be submitted in your application package. Specialized Experience: In addition to the basic requirements, and the selective placement factor, applicants must have one year (52 weeks) of specialized experience equivalent to at least the GS-12 level (ZP-III at NIST). Specialized experience is defined as: Experience in operational implementation of information system security and privacy requirements from NIST SP 800-53. Performing system analysis to identify the need for changes and/or improvements based on new security technologies or threats. Working in the information security field implementing FISMA and NIST Special Publication series in support of the A&A process, including monitoring and reporting of PO&AMs for identified system deficiencies. Creating and/or updating required SSPPs and other A&A security documentation, participating in security assessment interviews and briefings, and ensuring related artifacts are created and maintained. Providing technical cybersecurity guidance to IT implementation teams for the secure development/implementation of technologies that support scientific research and business operation. Experience refers to paid and unpaid experience, including volunteer work done. We will credit all qualifying volunteer experience in your application. The qualification requirements in this vacancy announcement are based on the U.S. Office of Personnel Management (OPM) Qualification Standards Handbook. Applicant Reconsideration

Education

Qualifications are based upon meeting specialized experience only. Education cannot be used to qualify for this position.

Contacts

• Address Information Technology Security and Networking Division 100 Bureau Drive Gaithersburg, MD 20899 US
• Name: Jessica Leopold
• Phone: 301-975-5760
• Email: [email protected]