The position is at the Bureau of the Fiscal Service (FS), Office of Information & Security Services (ISS), Asset Protection Division, Cyber Security Branch, performing cyber-security asset protection and scanning activities for networks, web applications, databases, and incident response forensics to ensure IT infrastructure and systems are protected from internal and external threats. This includes investigating and analyzing cyber-security incidents, and developing solutions.

Duties

NOTE: Based on current hiring restrictions, selectees may be subject to additional approvals prior to an offer being extended. The following are the duties of this position at the GS-12. If you are selected at a lower grade level, you will have the opportunity to learn to perform all these duties, and will receive training to help you grow in this position. - Serve as the Cyber Security Specialist, subject matter expert (SME) and Bureau contact for the Computer Security Information Center (CSIRC) - assisting with cyber incidents and vulnerability management for IT assets and other supporting systems within the Bureau's IT infrastructure and hosted systems. - Spend considerable time maintaining up-to-the-minute situational awareness of what malicious actors are using and targeting, independently developing techniques and deploying custom tools to detect local changes, suspect interactions, and activities of identified malicious actors and their motivation, language, organization, and social behaviors. - Provide SME support in defining and applying principles of common enterprise architecture throughout the planning, programming, budgeting, and execution (PPBE) cycle. - Provides support in ensuring secure architectural solutions are incorporated into all aspects of the Bureau's IT enterprise. - Conduct cyber investigations collaborating with Technical Advisor and management before rendering final Report of Investigation (ROI). - Forensic identification, examination, analysis, reporting and presentation of data associated with incident response and bureau-level cyber investigations. Monitor network activity using information collected from a variety of sources to correlate events, identify and respond to suspicious behavior and activities, minimizing risk and protect information and IT assets or resources (through scanning, network monitoring, National Incident Response Team (NIRT), Treasury Security Service SOC (TSSSOC). - In a 24/7 environment, monitor intrusion detection systems (IDS) for network traffic, conduct log reviews and IDS reviews, and/or declare incidents (identifying indicators that show an incident has occurred). - Investigate, analyze and interpret incident data and relevant response activities; collecting, processing and preserving evidence using forensic tools suitable for developing insight into cause and effect of suspected cyber intrusions and events.

Requirements

Qualifications

You must meet the following requirements by the closing date of this announcement. The experience may have been gained in either the public, private sector or volunteer service. One year of experience refers to full-time work; part-time work is considered on a prorated basis. To ensure full credit for your work experience, please indicate dates of employment by month/day/year, and indicate number of hours worked per week on your résumé. Specialized Experience: For the GS-12, you must have one year of specialized experience at a level of difficulty and responsibility at the GS-11 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position must include ALL of the following: - Experience administering one or more OS platform such as Windows or UNIX based systems and configuring, running and using tools for vulnerability scans to include Application/Web, network and Database (DB) scans; AND - Experience analyzing, investigating, and coordinating remediation for cyber security events and assist with remediation guidance; AND - Experience with networking concepts to include subnetting, network devices (such as firewalls, routes, and switches), and log monitoring, evaluation, and review. AND In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below: - Attention to Detail, such as reviewing and assisting with security vulnerability scan results output. - Customer Service, such as incident handling and response. - Oral Communication, such as conducting briefings, meetings, guidance / training to users of security tools. - Problem Solving, such as recommending remediation for security findings, troubleshooting system problems and system performance. For the GS-11, you must have one year of specialized experience at a level of difficulty and responsibility at the GS-09 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position must include ALL of the following: - Experience running IT security vulnerability scans; AND - Experience investigating cyber security events and assisting with remediation guidance; AND - Experience generating reports from IT security vulnerability scanning tools and working with output using tools such as Excel; AND - Experience with networking concepts to include subnetting, network devices (such as firewalls, routes, and switches), and log monitoring, evaluation, and review. AND In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below. - Attention to Detail, such as reviewing scan results and providing remediation assistance. - Customer Service, such as providing scan access, incident response. - Oral Communication, such as providing guidance and training to lower grade IT specialists. - Problem Solving, such as performing and supporting IT studies. OR You may substitute education for specialized experience as follows: Ph.D. or equivalent doctoral degree or 3 full years of progressively higher level graduate education leading to a Ph.D. or equivalent doctoral degree. For the GS-09, you must have one year of specialized experience at a level of difficulty and responsibility at the GS-07 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position must include ALL of the following: - Experience assisting with cyber security event analysis and investigations; AND - Experience assisting with running security vulnerability scans and reports; AND - Network troubleshooting experience requiring the understanding of network device types and logs generated, alerts, and other information. AND In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below. - Attention to Detail, such as maintaining awareness of cyber security threats. - Customer Service, such as providing troubleshooting support. - Oral Communication, such as participating on IT project teams. - Problem Solving, such as performing assignments without clearly defined precedents. OR You may substitute education for specialized experience as follows: Master's degree or equivalent graduate degree, or 2 full years of progressively higher level graduate education leading to a master's degree or equivalent graduate degree. Attach a copy of transcript or list of college courses designating semester or quarter hours earned to ensure proper credit. For the GS-07, you must have one year of specialized experience at a level of difficulty and responsibility to the GS-05 grade level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position must include ALL of the following: - Experience participating with a team or with a project implementing IT Security or a member of a IT security team using IT security tools ; AND - Assisting with running automated reports from IT security tools and using Microsoft tools such as Excel for report data manipulation; AND - Experience working with IT security team and participate with Network troubleshooting requiring the understanding of network device types including: logs generated, alerts, and other information. AND In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below. - Attention to Detail, such as participating in security vulnerability testing. - Customer Service, such as coordinating security events or installation or upgrading of technologies. - Oral Communication, such as communicating with internal customers on job-related matters. - Problem Solving, such as helping team members with incident response actions and/or report creation. OR You may substitute education for specialized experience as follows: 1 full year of graduate level education or superior academic achievement. Attach a copy of transcript or list of college courses designating semester or quarter hours earned to ensure proper credit. Undergraduate or Graduate Education should be in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.

Education

This job does not have an education qualification requirement.

Contacts

• Address Asset Protection Division 200 Third St Parkersburg, WV 26101 US
• Name: Applicant Call Center
• Phone: 304-480-7300
• Email: [email protected]