Cybersecurity Engineers capture, refine, and translate information systems security requirements for IT systems and component products. They support the development of computer systems and/or the modification of computer applications and programs to integrate information system security protocols. They monitor security controls, assess threats and vulnerabilities, mitigate adverse impacts, and/o

Duties

ADDITIONAL INFORMATION: This CIO-T (IT Services Directorate) position resides within the Cyber Security Office (TES), Cyber Technology and Monitoring Division (TESC) at NGA Washington.The Cybersecurity Office (TES) safeguards the NGA mission through collaborative, forward-leaning, and risk-balanced solutions to ensure trust in GEOINT services and data.The Cybersecurity Office (TES) assesses and conveys the level of Agency cybersecurity risk in the context of overall NGA mission goals and objectives. To achieve this, we establish the policies and procedures governing cybersecurity. The office prioritizes cybersecurity initiatives, integrates all cybersecurity solutions and facilitates the review and approval of all NGA cross domain services. We implement the Risk Management Framework and other applicable national and community-level policies within the Agency, balancing risk to realize maximum performance.This position in TESC works across the key component and agency to integrate cybersecurity technologies and solutions into NGA products, programs and operations in order to support continuous monitoring and agency risk awareness. Conducts both internal and external Red Team and penetration tests to identify vulnerabilities in the NGA network and systems. This role requires an understanding of ethical hacking, network security, and penetration testing techniques.Specific Responsibilities: TESC is looking for an experienced cybersecurity analyst to provide leadership and cyber security/testing/operations and Computer Network Operations (CNO) / Computer Network Exploitation (CNE) /Computer Network Attack (CAN) /Computer Network Defense support in Mission Assurance, Red Team Vulnerability Assessments, Pentest, and Threat or Adversary Emulation. Advanced knowledge of offensive cyber concepts and methods such as passive and active reconnaissance, infiltration, internal network pivoting and exploration, and data exfiltration in order to emulate adversarial actions and attacks and expose vulnerabilities when conducting red cyber assessments is critical. Advanced knowledge of conducting both penetration testing and deploying cyber-attack vectors in simulated network environments in order to conduct assessment-specific activities to identify and exploit vulnerabilities as well as enhancing technical training and development material is a key component of this position. A successful candidate would demonstrate knowledge in exploit development including the modification of COTS and/or government developed tools for application in on-net assessments of DoD and non-DoD networks and would have experience in creating and developing unique tools required for specific network assessment operations in order to emulate adversaries and conduct thorough, network-specific threat assessments. Certification in any of the following would be advantageous to this position: OSCP, OSCE, OSEE, GSE, GXPN, GRTP, RTAC or equivalent certification.TES allows up to 16 hours of ad hoc telework per pay period for this position.Additional Application Requirement: You may be asked to complete one or more assessments in addition to the application you submit on this website as part of your application to NGA. These assessments may include but are not limited to: 1) Online questionnaires or assessments that require you to describe your job-related knowledge, skills, abilities, or other characteristics that are aligned with the mandatory and desirable qualifications of this job posting. The information you provide in the application you submit must support the response you provide to this questionnaire. You will receive an email to describe any additional assessments required. Please monitor your emails and complete any required assessments as soon as possible.This position may be eligible for a RECRUITMENT INCENTIVE: selected candidates may be offered an incentive as part of the offer of employment. To receive the incentive, selected candidates must be eligible under 5 CFR Part 575, Subpart A, upon issuance of the Final Offer Letter. Changes in federal employment status prior to issuance of the Final Offer Letter may affect eligibility. To receive the incentive, selected candidates will be required to sign a service agreement to stay within the position at NGA for the agreed upon time. If the service agreement is terminated before its completion, the employee may be required to repay a pro rata share amount of the incentive to the government. Additional information regarding recruitment incentives for current federal employees can be found in DoDI 1400.25, Volume 2006.

Requirements

• Security Investigation

Qualifications

MANDATORY QUALIFICATION CRITERIA: For this particular job, applicants must meet all competencies reflected under the Mandatory Qualification Criteria to include education (if required). Online resumes must demonstrate qualification by providing specific examples and associated results, in response to the announcement's mandatory criteria specified in this vacancy announcement: 1. Demonstrated experience capturing cybersecurity acquisition requirements for multi-domain enterprise environments.2. Demonstrated experience assessing and/or implementing security controls to meet compliance thresholds.3. Demonstrated experience engineering, acquiring, deploying, and/or decommissioning cybersecurity tools in multi-domain enterprise environments.4. Demonstrated experience assessing risks to identify potential impacts and vulnerabilities. 5. Demonstrated experience applying cybersecurity policies and/or controls to secure virtual systems, cloud environments, and/or data infrastructures in multi-domain enterprise environments.EDUCATION REQUIREMENT: A. Education: Bachelor's degree from an accredited college or university in Systems Engineering, Computer Science, Information Assurance, or a related field, or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems, or networks. -OR- B. Combination of Education and Experience: A minimum of 24 semester (36 quarter) hours of coursework in any area listed in option A, plus experience in systems engineering, IT standards development, IT security testing, IT security engineering, implementation, and integration, or a related area that demonstrates the ability to successfully perform the duties associated with this work. As a rule, every 30 semester (45 quarter) hours of coursework is equivalent to one year of experience. Candidates should show that their combination of education and experience totals 4 years. -OR- C. Experience: A minimum of 4 years of experience in systems engineering, IT standards development, IT security testing, IT security engineering, implementation, and integration, or a related area that demonstrates the ability to successfully perform the duties associated with this work. -AND- LICENSES/CERTIFICATIONS: Information Assurance System Architect and Engineer Level 1 -OR- Information Assurance Technician I (IAT I) certification -OR- Technical Level III Certification (as outlined by the DoDD 8140.01), must be obtained as directed by management. -AND- Relevant Competencies: IT-related experience demonstrating each of the four competencies: Attention to Detail, Customer Service, Oral Communication, and Problem Solving. DESIRABLE QUALIFICATION CRITERIA: In addition to the mandatory qualifications, experience in the following is desired: 1. Demonstrated experience analyzing data and datasets to support cybersecurity continuous monitoring activities.2. Demonstrated experience with network security architecture and systems security engineering concepts, including topology, protocols, components, and principles and incorporating security solutions into proposed technologies.3. DoD 8570/8140 cybersecurity certification.4. Demonstrated experience making decisions in ambiguous situations. 5. Experience developing and leading project activities (resources, cost, schedule, and performance). 6. Experience with planning and implementing data collection techniques to discover unauthorized activities or changes.

Contacts

• Address NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY Mailstop: S44-HDR 7500 GEOINT Drive Springfield, VA 22150 US
• Name: Recruitment
• Phone: 571-557-1999
• Email: [email protected]