The U.S. International Trade Commission is an independent Federal agency that provides the President and Congress with high-quality analysis and technical support on international trade, tariff and competitiveness issues; investigates and makes determinations in proceedings involving imports claimed to injure a domestic industry or violate U.S. intellectual property rights; and maintains the U.S. Harmonized Tariff Schedule.
You must meet all the requirements below by the closing date of the announcement and they must be clearly identified in your application, resume, or supporting documents. This includes any general and specialized experience, education, and/or selective placement factors mentioned. These are used to determine if you possess the knowledge, skills, and/or abilities to successfully perform in this position. Specialized Experience To qualify at the GS-14 level, you must have at least one year of specialized experience obtained in the private or public sector that is equivalent to the GS-13 level. Specialized experience is defined as 1.) Serving as an Information System Security Officer (ISSO) responsible for maintaining enterprise system security posture and supporting continuous Authorization to Operate (ATO) under the NIST Risk Management Framework (RMF), independently implementing and managing risk-based security controls and continuous monitoring activities to ensure ongoing compliance with federal cybersecurity requirements. 2.) Leading the development, coordination, and maintenance of comprehensive security authorization documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms), providing authoritative technical input to support authorization decisions and audit readiness. 3.) Conducting enterprise-level risk assessments and vulnerability management activities, applying advanced cybersecurity expertise to identify, analyze, and mitigate system weaknesses while ensuring compliance with federal information security standards and organizational policies. 4.) Performing senior-level systems engineering and administration functions in support of secure system design, configuration, and maintenance, independently managing system security requirements across mission-critical environments and ensuring alignment with defense-in-depth principles and secure architecture standards. AND 5.) Providing enterprise monitoring and incident response support, leveraging advanced technical knowledge to detect, analyze, and respond to security events while supporting continuity of operations and strengthening overall cybersecurity resilience. Experience refers to paid and unpaid experience, including volunteer work done through national service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills, and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
MAJOR DUTIES Lead all Assessment & Authorization (A&A) activities under RMF, ensuring systems meet federal, NIST, and agency cybersecurity requirements. Conduct comprehensive security control assessments and manage continuous monitoring activities, including vulnerability scanning, audit log review, and POA&M management to track and remediate risks. Provide expert guidance on cybersecurity policies and implementation of security controls. Design, implement, and maintain secure architectures across on-prem, cloud, and hybrid environments, including deployment of tools such as firewalls, IDS/IPS, SIEM, and EDR, along with system hardening practices. Lead and support cyber incident response efforts, including threat hunting, incident management, forensic analysis, malware investigation, and post-incident reporting with actionable improvements.