Security Engineer

Full Job Description

This position is located in the Department of Health & Human Services (HHS), Centers for Medicare & Medicaid Services (CMS), Office of Enterprise Data and Analytics(OEDA).

As an IT Specialist (Security), referred to here as a Security Engineer, GS-2210-13, you will support the implementation, assessment, authorization, and continuous monitoring of information security controls.

ALL QUALIFICATION REQUIREMENTS MUST BE MET BY THE CLOSING DATE OF THIS ANNOUNCEMENT.

Your resume (limited to no more than 2 pages) must include detailed information as it relates to the responsibilities and specialized experience for this position.

Evidence of copying and pasting directly from the vacancy announcement without clearly documenting supplemental information to describe your experience will result in an ineligible rating.

This will prevent you from receiving further consideration. There is a BASIC REQUIREMENT AND MINIMUM QUALIFICATION REQUIREMENT for this position. You must meet both requirements.

BASIC REQUIREMENT: You must have IT-related experience, at the GS-12 grade level in the federal government, demonstrating each of the four competencies listed: I have IT-related experience, demonstrated by paid or unpaid experience obtained in either the private or public sector and/or completion of specific, intensive training that demonstrates that I possess each of the following four competencies: (1) Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

(2) Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

(3) Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

(4) Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

AND MINIMUM QUALIFICATION: In order to qualify for the GS-13, you must meet the following: You must demonstrate in your resume at least one year (52 weeks) of qualifying specialized experience equivalent to the GS-12 grade level in the Federal government, obtained in either the private or public sector, to include: 1) Implementing and supporting security controls for cloud-based information systems (AWS, Azure, GCP) in accordance with Federal security requirements, including integrating controls into system architecture and development processes; 2) Applying the NIST Risk Management Framework (RMF) to support system authorization activities, including developing and maintaining security documentation such as System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms); 3) Conducting security control assessments, vulnerability analyses, or compliance reviews of information systems to identify risks, and recommending and supporting implementation of remediation actions; AND 4) Supporting continuous monitoring activities, including tracking POA&Ms, reviewing vulnerability scanning results, and coordinating with system owners and technical teams to address security findings and improve system security posture.

Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social).

Volunteer work helps build critical competencies, knowledge, and skills, and can provide valuable training and experience that translates directly to paid employment.

You will receive credit for all qualifying experience, including volunteer experience.

Click the following link to view the occupational questionnaire: https://apply.usastaffing.gov/ViewQuestionnaire/12928093 Major Duties:

• Serve as an ISSO supporting the implementation and ongoing maintenance of information security controls for assigned OEDA systems.
• Provide security engineering support for information systems and services operating within CMS-authorized enterprise platforms, including cloud-based and managed service environments.
• Provide essential support to the Authorizing Official (AO) and Authorizing Official Designated Representative (AODR) in making risk-based authorization decisions.
• Conduct continuous monitoring activities for assigned systems, including security event logging, vulnerability scanning, and configuration management to ensure ongoing compliance with security requirements and ATO conditions.