You will serve as an IT SPECIALIST (INFOSEC) of NAVSUP BUSINESS SYSTEMS CENTER OMN.
I have one year of information technology related experience in the federal service or private or public sector demonstrating the following four competencies, as defined: 1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. 2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. 3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. 4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. In addition to my experience demonstrating the four competencies above. Your resume must demonstrate at least one year of specialized experience at or equivalent to the GS-11 grade level or pay band in the Federal service or equivalent experience in the private or public sector. Specialized experience must demonstrate the following: 1) Knowledge of Risk Management Framework (RMF) requirements, system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design and system life cycle management principles, including software security and usability; 2) Systems security certification and accreditation requirements and processes; 3) Knowledge of Personally Identifiable Information (PII) and Payment Card Industry (PCI) data security standards and relevant laws, policies, procedures, or governance related to work impacting critical infrastructure; 4) Knowledge of server and client operating systems, an organization's risk tolerance and/or risk management approach, enterprise incident response program, roles, and responsibilities, and current and emerging threats/threat vectors. Additional qualification information can be found from the following Office of Personnel Management website: https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/2200/information-technology-it-management-series-2210-alternative-a/ OR https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/2200/information-technology-it-management-series-2210-alternative-b/ . Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment.
You will oversee the implementation of information technology (IT) security controls and security authorization documents and ensure the system is compliant with mandated security policies and requirements.
You will provide security analysis of IT activities to ensure that appropriate security measures are in place and being enforced.
You will coordinate penetration testing or other 'red team' activities that might occur at/or traverse the system’s infrastructure as part of a Security Control Assessment (SCA).
You will promote IT security awareness information to the user community by validating the user community is completing their annual training.
You will ensure that protection and detection capabilities are acquired or developed using the Information system security engineering approach and are consistent with organization-level IA architecture.