Application Security Engineer, CG-2210-14

Full Job Description

These positions are located in the Offices of the Chief Information Security Officer (OCISO) or Application Platforms and Delivery Branch (APDB), Division of Information Technology (DIT), within the Chief Information Officer Organization (CIOO) of the Federal Deposit Insurance Corporation (FDIC).

Additional selections may be made from this announcement to fill similar vacancies. Qualifying experience may be obtained in the private or public sector.

Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g.

Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic, religious spiritual; community; student, social).

Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment.

You will receive credit for all qualifying experience, including volunteer experience. Additional qualifications information can be found here.

To qualify for the CG-14: Applicants must have at least one year of specialized experience equivalent to the CG-13 level in the federal service which includes experience in application security assessments, identifying vulnerabilities in code and architecture, validating secure coding practices, and guiding development teams in implementing remediation.

You must have Information Technology (IT)-related experience which demonstrates proficiency in each of the following competencies: • Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

• Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

• Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

• Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

For qualification determinations, your resume must contain the following for each work experience listed: Organization/Agency's Name Title Salary (series and grade, if applicable) Start and end dates (including the month and year) Number of hours you worked per week Relevant experience that supports your response to the specialized experience that is stated in the job announcement If your resume does not contain this information, your application may be marked as incomplete, and you may not receive consideration for this position.

NOTE: Please indicate how you meet the specialized experience under each applicable position.

Do not copy and paste the duties or specialized experience from this announcement into your resume as that will not be considered a demonstration of your qualifications.

Applicants eligible for ICTAP (Interagency Career Transition Assistance Program) must achieve a score of 80 or higher in the online assessment to be determined “well qualified” for this position.

For more information, click here. Major Duties:

Implement FDIC's Application Security strategy and roadmap. Develop, maintain and support the implementation of the FDIC API security strategy.

Develop secure coding standards and improves secure software development processes. Conduct application architecture risk analysis and threat modeling against applications and APIs.

Support the application security program and collaborate with development teams in secure code reviews and application security testing, utilizing AST, DAST, SCA, IAST and other cybersecurity pen testing tools.

Develop custom scripts and solutions to enhance application cybersecurity testing and analysis capabilities.

Support the integration of application cybersecurity tools into CI/CD pipeline to automate cybersecurity checks, ensuring API security is a part of automated process.

Educate and train the development teams on best practices in application security and API security, and cybersecurity secure coding standards, and secure development methodologies.