Click on "Learn more about this agency" button below to view Eligibilities being considered and other IMPORTANT information. The primary purpose of this IT SPECIALIST (INFOSEC), NH-2210-03 position is to provide expert IT support as the Information Systems Security Officer for security related technical analysis and development of Risk Management Framework and Certification & Accreditation documentation for NIPRNet, SIPRNet, and stand-alone Platform Information Technology systems in OO-ALC.
Experience requirements are described in the Office of Personnel Management (OPM) Qualification Standards for General Schedule Positions, Individual Occupational Requirements (IOR) for the Information Technology (IT) Management Series 2210 (Alternative A). Due to the use of 120-day rosters, this period of experience may be completed within 120 days of the closing date of this announcement. BASIC REQUIREMENT OR INDIVIDUAL OCCUPATIONAL REQUIREMENT: For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. In addition to meeting the basic requirement above, to qualify for this position you must also meet the qualification requirements listed below: SPECIALIZED EXPERIENCE: Applicants must have IT-related experience demonstrating each of the following four competencies: Attention to Detail, Customer Service, Oral Communication, and Problem Solving AND I have, or within 120 days of the closing date of this announcement will have at least 1 year (52 weeks) of specialized experience at the next lower broadband NH-02, equivalent to the next lower grade GS-11 or equivalent in other pay systems. Specialized experience is experience includes: assisted with implementing Cybersecurity and privacy principles; recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning); aided in performing vulnerability scans to recognize vulnerabilities in security systems; provided continuous monitoring through scheduled audits, controls testing, and audit reviews. NOTE: Due to the use of 120-day rosters, this period of experience may be completed within 120 days of the closing date of this announcement. KNOWLEDGE, SKILLS AND ABILITIES (KSAs): Your qualifications will be evaluated on the basis of your level of knowledge, skills, abilities and/or competencies in the following areas: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge of Cybersecurity and privacy principles. Knowledge of Cyber threats and vulnerabilities. Knowledge of Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Knowledge of information technology (IT) risk management policies, requirements, and procedures. PART-TIME OR UNPAID EXPERIENCE: Credit will be given for appropriate unpaid and or part-time work. You must clearly identify the duties and responsibilities in each position held and the total number of hours per week. VOLUNTEER WORK EXPERIENCE: Refers to paid and unpaid experience, including volunteer work done through National Service Programs (i.e., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; student and social). Volunteer work helps build critical competencies, knowledge and skills that can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Information Assurance Certification is a condition of employment. This position includes information assurance (IA) work as a paramount duty requirement. Per DoDM 8140.03, para 4.2.a.(2)., requires foundational qualification requirements within 9 months of assignment to a cyberspace work role and resident qualification requirements within 12 months of assignment to a cyberspace work role. A waiver of this six months requirement may be granted per DoDM 8140.03. Failure to receive and maintain the proper IA certification may result in removal from this position.
Oversee the security posture for one or more system(s) throughout the entire life cycle; provide continuous monitoring through scheduled audits, control testing, and audit reviews, and escalate issues as needed. Develop estimates of risks associated with technologies and discovered threats, enabling organization to assess the resources needed to respond effectively. Provide the interface between the System Administrator and the Information System Security Manager as detailed in NIST SP 800-37. Ensure the development and implementation of security requirements and security practices are incorporated throughout the system engineering life cycle (SELC) and engineering maintenance of solutions, applications, products, information systems, and network environments to minimize risk to the organization.