IT SPECIALIST (INFOSEC/PLCYPLN)

Full Job Description

This is a public notice flyer to notify interested applicants of anticipated vacancies. Applications will not be accepted through this flyer.

Interested applicants must follow the directions in the "How to Apply" section of this flyer to be considered. There may or may not be actual vacancies filled from this flyer.

Notice of Result letters will not be sent to applicants who respond to this flyer.

This position requires one year of information technology related experience in the federal service or private or public sector demonstrating the following four competencies, as defined: 1.

Attention to Detail - Is thorough when performing work and conscientious about attending to detail. 2.

Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

3.

Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

In addition to experience demonstrating the four competencies above, your resume must demonstrate at least one year of specialized experience equivalent to the next lower grade level (GG/GS-12) or pay band in the federal service or equivalent experience in the private or public sector performing duties such as: Conduct security testing to include vulnerability assessments, penetration testing, and security control validation in support of the Risk Management Framework.

Work with system owners and security personnel to identify and document security risks and recommend security controls to mitigate those risks.

Develop and maintain security assessment plans and report the results of assessments to leadership and the Designated Authorizing Official (DAO).

Assess the effectiveness of security controls, perform security reviews to identify gaps in the security architecture, and develop a security risk management plan.

Use cybersecurity principles to manage risks related to the use, processing, storage, and transmission of information or data.

Additional qualification information can be found from the following Office of Personnel Management website: https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/#url=List-by-Occupational-Series https://www.opm.gov/policy-data-oversight/classification-qualifications/classifying-general-schedule-positions/standards/2200/gs2200a.pdf https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/2200/information-technology-it-management-series-2210-alternative-a/ Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., professional, philanthropic, religious, spiritual, community, student, social).

Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. Major Duties:

• You will conduct independent security assessments of information systems, applications, and/or networks to ensure they are compliant with security requirements.
• You will plan and coordinate security assessment activities in accordance with established policies, procedures, and guidelines.
• You will conduct in-depth reviews of security documentation to identify potential gaps in security controls.
• You will evaluate, implement, and disseminate information technology security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• You will conduct vulnerability scans and recognize vulnerabilities in information systems and networks.
• You will use knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• You will utilize relevant laws, policies, procedures, or governance related to critical infrastructure, Risk Management Framework (RMF) requirements and the organization's evaluation and validation requirements.