See below for important information regarding this job. Position will be filled at any of the locations listed below. Site specific salary information as follows: Columbus, OH: $109,966- $142,957 New Cumberland, PA: $120,579- $156,755 Richmond, VA: $110,083- $143,109
To qualify for an IT Specialist (INFOSEC) your resume and supporting documentation must support: A. Specialized Experience: One year of specialized experience that equipped you with the particular competencies to successfully perform the duties of the position, and is directly in or related to this position. To qualify at the GS-13 level, applicants must possess one year of specialized experience equivalent to the GS-12 level or equivalent under other pay systems in the Federal service, military or private sector. Applicants must meet eligibility requirements including time-in-grade (General Schedule (GS) positions only), time-after-competitive appointment, minimum qualifications, and any other regulatory requirements by the cut-off/closing date of the announcement. Creditable specialized experience includes: - Mastery knowledge of DLA and DOD cybersecurity requirements, information security standards, policies, methods, and procedures used to analyze and interpret Information Assurance (IA) policies, standards, guidelines, and evaluate the need for changes in existing policies and procedures. - Extensive technical knowledge of DLA information systems/services to include how this information is deployed, hosted, made available, and the applicable rules governing the dissemination of DLA/DOD logistics information. This includes but is not limited to, Log Management, Security Event Management, Vulnerability Management, Host Based Security System, and Intrusion Detection. - Comprehensive knowledge of the IT security program established, implemented, and maintained to assure efficient IT security is provided for all organizational information collected, processed, transmitted, stored, or disseminated in its general support systems and major applications. - Expert skill in adapting analytical techniques and evaluation criteria to determine program effectiveness, to develop new or modified work methods, and ability to analyze and resolve complex problems Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
Leads the planning, deployment, maintenance, and optimization of enterprise-wide automated vulnerability scanning solutions to ensure continuous visibility into security posture across all DLA-managed assets.
Provides Tier 3 support for vulnerability scanning infrastructure on both the Non-secure Internet Protocol Router Network (NIPRNET) and the Secure Internet Protocol Router Network (SIPRNET), ensuring accurate and timely scan coverage.
Maintains and configures scanning schedules, credentialed scan capabilities, and asset groupings to support compliance, risk management, and operational security objectives.
Oversees the operation and tuning of DLP systems to detect, alert, and prevent unauthorized data exfiltration across endpoints, networks, and cloud services.
Delivers technical briefings and status reports to leadership and stakeholders on vulnerability trends, scan coverage, system health, and DLP incident metrics.
Provides expert-level troubleshooting and problem resolution for issues related to scan failures, false positives, DLP policy enforcement, and system integration.
Manages user access, roles, and permissions for vulnerability scanning and DLP platforms, ensuring alignment with security policies and operational needs.
Collaborates with internal and external cybersecurity teams to coordinate scanning activities, validate findings, and support remediation efforts.
Supports acquisition planning and execution for vulnerability management and DLP tools, including lifecycle upgrades, licensing, and capability enhancements.