View common definitions of terms found in this announcement. This announcement is issued under the Direct Hire Authority (DHA) to recruit for positions for which there is a critical hiring need. Selectee(s) will receive a career or career-conditional appointment in the competitive service and may be required to serve a one-year probationary period.

Duties

Typical work assignments include, but are not limited to: Prepare detailed audit reports identifying technical and procedural findings and offer remediation strategies to mitigate security risks. Review security architecture for gaps and develop a comprehensive security risk management plan that aligns with the organization's requirements. Respond to requests for information (RFIs) by conducting in-depth research and synthesizing data from various intelligence sources. Review and evaluate security incident response, making recommendations for improvements to mitigate potential risks.

Requirements

Qualifications

Do NOT copy and paste the duties, specialized experience, or occupational assessment questionnaire from this announcement into your resume as that will not be considered a demonstration of your qualifications for this position. To be considered minimally qualified for this position, you must demonstrate that you have the required experience for the respective grade level in which you are applying. You qualify for the GS-12 and GS-13 grade levels if you possess information technology related experience demonstrating each of the four required competencies: Attention to Detail- Is thorough when performing work and conscientious about attending to detail. Customer Service-Works with clients and customers (this includes any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication- Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving- Identifies problems; determines accuracy and relevance of information; uses sound judgement to generate and evaluate alternatives, and to make recommendations. GS-12: In addition to the above requirement, you must have at least one year of specialized experience at the GS-11 grade level performing the following duties: Collecting and interpreting system security requirements from various stakeholders to conduct vulnerability assessments and evaluate the security posture of IT systems, networks, and configurations, ensuring compliance with cybersecurity policies and regulations. Analyzing collected requirements to generate data-driven insights and identify trends in security vulnerabilities, risks, and gaps, using analytical tools to support decision-making for system improvements. Assisting in the development and documentation of system security requirements, ensuring alignment with technical findings from vulnerability assessments and stakeholder needs. Preparing detailed audit reports based on the interpretation of collected requirements and assessment data, identifying technical vulnerabilities, compliance gaps, and recommending appropriate remediation strategies. GS-13: In addition to the above requirement, you must have at least one year of specialized experience at the GS-12 grade level performing the following duties: Leading efforts to collect and define system security requirements from stakeholders, ensuring requirements accurately reflect the needs of complex environments and address identified vulnerabilities and compliance issues. Interpreting collected requirements to generate actionable insights and identify trends from vulnerability data, informing strategic decision-making related to the security posture of the organization's IT infrastructure. Developing and overseeing the implementation of system security requirements, ensuring requirements are aligned with federal regulations, technical assessments, and organizational cybersecurity goals. Preparing in-depth audit reports that incorporate findings from requirements analysis, technical vulnerability assessments, and stakeholder input, providing strategic recommendations for risk mitigation and system security enhancements. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. All qualification requirements must be met by the closing date of this announcement.

Education

Some federal jobs allow you to substitute your education for the required experience in order to qualify. For this job, you must meet the qualification requirement using experience alone--no substitution of education for experience is permitted.

Contacts

• Address Cybersecurity and Infrastructure Security Agency 1110 N Glebe Rd Arlington, VA 22201 US
• Name: Kitara Jackson
• Phone: 000-000-0000
• Email: [email protected]