About the Position: This position is located in Falls Church, Virginia, with the Defense Health Agency. This is a Direct Hire Solicitation. Salary negotiation may be available for those new to Federal service.
Who May Apply: US Citizens In order to qualify, you must meet the experience requirements described below. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; student; social). You will receive credit for all qualifying experience, including volunteer experience. Your resume must clearly describe your relevant experience; if qualifying based on education, your transcripts will be required as part of your application. Additional information about transcripts is in this document. To qualify based on your experience, your resume must describe at least one year of experience which prepared you to do the work in this job. Specialized experience is defined as: One year of specialized experience equivalent to the GS-12 grade level in the Federal service which includes conducting cyber security assessments; utilizing automated tools and manual procedures to determine potential vulnerabilities to information technology systems; validating security solution designs; recommending countermeasures to reduce or mitigate risks; preparing documents for the acquisition of information technology equipment. For this job, you must meet the qualification requirement using experience alone--no substitution of education for experience is permitted.
Perform technical testing of information systems to determine their ability to meet security requirements in both a laboratory and operational setting.
Recommend and document total spectrum of security requirements from Federal, DoD and DHA regulatory guidance, higher level policies, and system unique concerns.
Use automated tools as well as manual procedures to determine potential vulnerabilities to automated systems caused by technical, policy or procedural shortfalls.
Analyze vulnerabilities to determine risks to the system and the DoDIN, considering system development and operational environments, threats, and vulnerabilities. Prepare reports documenting the risks.
Validate security solutions designs and recommend countermeasures to reduce or mitigate risks.
Prepare recurring progress/status reports and exception/problem reports to ensure that all concerned parties are notified of project status and problem areas.