This position is located in the Department of Technology Services (DTS), IT Security Office (ITSO), Security, Policy and Assessment Division (SPA), Judiciary System Security Testing (JSST) Branch.

Duties

The incumbent will oversee pre and postproduction assessments of national web applications and host environments, vulnerability scanning, external testing of public facing assets, and the management of third party identified vulnerabilities. Testing must be properly scoped and performed consistent with the software development lifecycle. The incumbent will also provide technical, operational and management expertise to ensure thorough testing and risk is properly evaluated. The incumbent will perform multiple and varying assignments under the Chief, SPA Division. Duties of the position include, but are not limited to: Providing management, quality assurance, and leadership of the JSST Branch to keep projects on track and ensuring all activities are conducted in a timely, professional, and cost-effective manner. Uses JSST results to identify IT security trends, which are reported upon annually and as needed to inform priorities. Conducting IT security assessments and testing of national and court-developed pre and postproduction systems and applications to identify vulnerabilities, provide recommendations for their remediation, and assist system owners in implementing effective safeguards. Adapting current testing processes to align with rapid development, security, and operations (DevSecOps) processes. Developing security requirements that can be added to functional requirements so that security is built into products from the beginning. Providing resources and tools that will make it easier for development teams to adopt security requirements from the start. Managing the internal and external vulnerability scanning programs conducted by internal and external teams throughout the year to find and report on potential areas of weakness and validates reported remediations. Interprets and provides routine scan result reports and trends analysis. Utilizing standard reporting templates and methodologies, automated security tools, the enterprise class assessment and management tool, and cross-functional teams in support of JSST service offerings. Continually incorporates "lessons learned" into the established processes. Serving as both the leader and subject matter expert for the development, management, and execution of JSST services and work products. Performing additional duties as the contracting officer representative (COR), project planning, budget planning, scheduling, oversight of concurrent tasking, service delivery, and reporting. In part, services include application, database, and host level security testing performed across a diverse suite of platforms and supporting infrastructures as well as comprehensive assessments of management, technical, and operational security controls associated with court-developed and nationally deployed systems and applications. Validation testing also is performed of corrective actions taken by the consumers of its services. Work products include test plans, reports, written and oral presentations, and webinars, which are tailored for and consumable by multiple levels of technical and non-technical management. Performing research to identify potential vulnerabilities in and threats to existing web, applications, database, and operating system technologies, and providing timely, clear, technically accurate notification to management of the risk potential and options for remediation. Providing analogous services for new or emerging technologies being considered for judiciary use. Managing, operating, and maintaining the security testing infrastructure and testing tools. Researching and identifying new tools that can improve the testing process and/or support enterprise development activities. Responding to inquiries from System Owners, IT Directors, Court Unit Executives and other judicial employees on information security related issues. Technical security terms, concepts, and techniques are successfully explained to both technical and non-technical audiences. Creating and making recommendations for improvements to IT security resources maintained by ITSO, such as security guidelines, hardening standards, and best practices. Providing input on enterprise security tools in their configurations and implementations. Demonstrating strong project management as well as oral and written communication skills. Creating and overseeing the management of the JSST budget. Providing effective supervision and leadership, including: (1) identifying and resolving problems that could impact project goals; (2) establishing priorities and adjusting schedules to accomplish the work as timely as possible; (3) utilizing resources effectively; (4) directing the day-to-day activities of JSST federal and contractor staff; and (5) conducting employee evaluations.

Requirements

Qualifications

Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions. Specialized Experience: Applicants must have at least one full year (52 weeks) of specialized experience which is in or directly related to the line of work of this position. Specialized experience is demonstrated experience in both areas listed below: Conducting information security testing in web applications, infrastructure assets and technologies, mobile applications, custom developed software implementations, virtual technologies, and common application platforms; AND Providing effective management, quality assurance and leadership for teams, while producing timely, professional, cost-effective and highly accurate work products.

Education

This position does not require education to qualify.

Contacts

• Address Department of Technology Services One Columbus Circle, NE Washington, DC 20544 US
• Name: Elisa Acevedo
• Phone: 210-301-6257
• Email: [email protected]