Over 1 Million Paying Vacancies Available. Discover Your Dream Vacancy with Us!

Are you looking for a Information Technology Security Specialist? We suggest you consider a direct vacancy at Office of the Inspector General, USPS in Arlington. The page displays the terms, salary level, and employer contacts Office of the Inspector General, USPS person

Job opening: Information Technology Security Specialist

Salary: $139 395 - 181 216 per year
City: Arlington
Published at: Dec 04 2024
Employment Type: Full-time
*PLEASE NOTE THAT THIS VACANCY ANNOUNCEMENT IS ONLY OPEN TO CURRENT UNITED STATES POSTAL SERVICE OFFICE OF INSPECTOR GENERAL, UNITED STATES POSTAL SERVICE, UNITED STATES POSTAL INSPECTION SERVICE AND POSTAL REGULATORY COMMISSION EMPLOYEES. OTHER APPLICANTS WILL NOT BE CONSIDERED.

Duties

In-Office Requirement: The U.S. Postal Service, Office of Inspector General values collaboration, teamwork, and effective communication to foster our dynamic working and learning environment. The position adheres to our agency's telework policy to facilitate this and requires an in-office presence of at least two days per pay period. Remote work is not available for this role. This announcement provides the opportunity for a reassignment/promotion to the position ofThe USPS OIG is seeking a highly qualified applicant to fill our Information Technology Security Specialist position in the Office of Chief Information Officer (CIO) located in Arlington, VA. Bring your skills and voice to our team! The successful candidate will be a technical expert authority responsible for the application security function and for information technology security (Cybersecurity/InfoSec) engineering, and design. Responsibilities include solving significant problems complicated by interfaces and inter-relationships between and among programs, systems, functions, applications, and numerous critical issues for agency-wide information technology solutions, operations, and maintenance supporting the security of agency infrastructure, systems, and information. Candidates will be evaluated on the skills that they possess that are directly related to the duties of the position and the experience, education and training that indicate the applicant's ability to acquire the particular knowledge and skills needed to perform the duties of the position. Only those candidates who meet all qualification and eligibility requirements and who submit the required information by 11:59 PM EST on 12/19/2024 will be considered. The USPS OIG uses a Pay Banding system, which is equivalent to the Federal GS scale. Grade and salary determinations will be made based upon a candidate's education and professional experience. This position is being advertised at the Specialist Band level, equivalent to a GS-14. The salary range for this position is $139,395.00 - $181,216.00. The salary figures include locality pay. Please note that the duties and responsibilities associated with this position may vary based upon the agency's needs at the time of hire. The following description of major duties and responsibilities is only intended to give applicants a general overview of the expectations. Establishes, implements, and interprets the requirements for agency compliance with policy directives governing cybersecurity protection. Performs thorough security operations center analysis of potentially malicious or suspicious threats. Effectively administers and sustains enterprise level application security scanning tools for all COTS, GOTS, Web Applications, and internally developed cloud-based applications. Conducts risk and vulnerability assessments of planned and installed information systems applications to identify vulnerabilities, risks, and protection needs. Conducts systems security evaluations, audits, and reviews. Develops cybersecurity plans, processes, and procedures. Participates in network and system design to ensure implementation of appropriate cybersecurity policies as they relate to application security. Facilitates the gathering, analysis, and preservation of evident used in the prosecution of cybercrimes. Updates or establishes new application security requirements. Assesses security events to determine impact and implementing corrective actions. Ensures the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services. Identifies current and potential problem areas. Monitors agency compliance with application cybersecurity protection requirements across IT programs. Ability to handle multiple tasks and work independently as well as in a team.

Requirements

  • Must be a U.S. citizen
  • Must be able to pass a drug screening and medical assessment questionnaire.
  • Must be able to pass a background investigation
  • Must be able to obtain and maintain Moderate Background Investigation security clearance
  • Must be able to obtain and maintain a government-issued credit card
  • May be required to successfully complete a 12-month probationary period

Qualifications

MINIMUM QUALIFICATIONS You must meet ALL of the minimum qualifications listed below. Bachelor's Degree in Cybersecurity/Information Technology Security or related field of study from an accredited college or university OR Applicant must have at least 5 years of specialized experience in application security testing AND Applicant must have at least 5 years of specialized experience with hands-on skills in performing application security assessments Applicant must have at least 5 years of specialized experience in Secure SDLC and Source Code Analysis (Manual &Tools) on Web-based Applications Applicant must have hands on experience with Static and Dynamic Application Security Testing using tools like HP Fortify, HP WebInspect, HCL Appscan, Check Marx, Synopsys, and Veracode Specialized experience in Continuous Integration (CI) and Continuous Deployment (CD) practices Specialized experience in application vulnerability and security assessments using various tools like Burp Suite Pro, OWASP Zap Proxy, DirBuster, Kali Linux, Metasploit Pro, Accunetix, Insight AppSec, GitLab, Coverity, Fortify, Snyk Code, GitHub Enterprise Specialized experience in assessing application vulnerabilities and bugs in various application Specialized experience creating security testing pipelines and test plans Specialized experience in implementing and deploying an organization-wide Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities in development and production environments. Knowledge of coding languages such as Java, .NET, Python, PHP, C++, C# Extensive experience in preparing test Plans, writing test Cases, test Execution and follow up remediation efforts DESIRABLE QUALIFICATIONS Microsoft 365 Certified Security Administrator Associate Microsoft Certified Azure Security Engineer Associate Advanced degree in Cybersecurity or related field Currently Industry Certifications in one or more of the following (or equivalent) Certified Secure Software Lifecyle Professional (CSSLP) Certified API Security Professional (CASP) Offensive Security Certified Professional (OSCP) EC-Council Certified Application Security Engineer (CASE) CompTIA Security+, Network+ EVALUATION FACTORS You must have the experience, knowledge and skills as listed in EACH of the evaluation factors. Failure to demonstrate that you meet all of the evaluation factor requirements as listed below will result in a score of zero (0); an ineligible status, and you will not be referred for further consideration. Include your major accomplishments relevant to the position requirements in your resume. Demonstrated expertise in configuring, deploying and utilizing both dynamic and static application security testing tools. Demonstrated knowledge of application-based, host-based, and network-based security best practices. Knowledge in applying advanced information technology principles, concepts, methods, standards, and practices sufficient to develop and interpret policies, procedures, and strategies governing the planning and delivery of services throughout the agency. Demonstrated ability to cultivate relationships across multiple teams to effectively implement security recommendations. Demonstrated ability to communicate effectively both orally and in writing with audiences of various levels of technical understanding. You will no longer be considered for this position if you receive a zero (0) rating on any evaluation factor. Failure to demonstrate that you meet all evaluation factor requirements will result in a score of zero (0). Upon receipt of a zero score, you will be deemed "not minimally qualified," and you will not be referred for further consideration.

Education

Education must be accredited by an institution recognized by the U.S. Department of Education. Applicants can verify accreditation here: www.ed.gov/admins/finaid/accred. Special Instructions for Candidates with Foreign Education: Education completed outside the United States must be deemed equivalent to that gained in U.S. education programs. You must submit all necessary documents to a private U.S. credential evaluation service to interpret equivalency of your education against courses given in U.S. accredited colleges and universities. For further information visit: http://www2.ed.gov/about/offices/list/ous/international/usnei/us/edlite-visitus-forrecog.html.

Contacts

  • Address CIO Chief Information Officer 1735 N. Lynn Street Arlington, VA 22209 US
  • Name: Vacancy Inquiries
  • Email: [email protected]

Map

Similar vacancies

IT Cybersecurity Specialist (INFOSEC) Jul 12 2024
$163 964 - 191 900

Typical work assignments include: Prepares decision papers, reports, and analyses on program activities for senior officials and policy makers. Represents the Department of Homeland Security (DHS) ...

Supervisory IT Cybersecurity Specialist (PLCYPLN) Mar 04 2024
$163 964 - 191 900

Typical work assignments include: Formulates strategies to identify and assess the nature and scope of terrorist cyber threats to the homeland; detects, identifies, and analyzes threats of cyber ter...

Supervisory IT Cybersecurity Specialist (PLCYPLN) Mar 04 2024
$163 964 - 191 900

Typical work assignments include: Formulates strategies to identify and assess the nature and scope of terrorist cyber threats to the homeland; detects, identifies, and analyzes threats of cyber ter...

IT Cybersecurity Manager (INFOSEC) Jun 11 2024
$163 964 - 191 900

Typical work assignments include: Advise senior management on cost/benefit analysis of information security programs, policies, processes, systems, and elements. Implement higher-level security req...

Supervisory IT Cybersecurity Specialist (INFOSEC) Dec 19 2024
$163 964 - 191 900

In this position, you will serve as the Supervisory IT Cybersecurity Specialist (INFOSEC) for the National Risk Management Center. Typical work assignments include, but are not limited to: Providing...