Vulnerability Assessment Analyst, CG-2210-14

Full Job Description

This position is located in the Chief Information Officer Organization, Enterprise Security Operations Section of the Federal Deposit Insurance Corporation and provides support in implementation and administration of corporate security policies, procedures, and programs.

Additional selections may be made from this vacancy announcement to fill similar vacancies that occur subsequent to this announcement.

Qualifying experience may be obtained in the private or public sector. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g.

Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic, religious spiritual; community; student, social).

Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment.

You will receive credit for all qualifying experience, including volunteer experience. Additional qualifications information can be found here.

To qualify for the CG-14, applicants must have completed at least one year of specialized experience equivalent to at least the grade 13 level or above in the Federal service.

Specialized experience is defined as assessing systems, subsystems, networks, and applications across on‐premises and cloud environments to identify deviations from acceptable security policies, while supporting the Software Development Lifecycle (SDLC) through the application of DevSecOps practices and other agile assessment methodologies..

You must have Information Technology (IT)-related experience which demonstrates proficiency in each of the following competencies: • Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

• Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

• Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

• Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

For qualification determinations, your resume must contain the following for each work experience listed: Organization/Agency's Name Title Salary (series and grade, if applicable) Start and end dates (including the month and year) Number of hours you worked per week Relevant experience that supports your response to the specialized experience that is stated in the job announcement If your resume does not contain this information, your application may be marked as incomplete, and you may not receive consideration for this position.

NOTE: Please indicate how you meet the specialized experience under each applicable position.

Do not copy and paste the duties or specialized experience from this announcement into your resume as that will not be considered a demonstration of your qualifications.

Applicants eligible for ICTAP (Interagency Career Transition Assistance Program) must achieve a score of 80 or higher in the online assessment to be determined “well qualified” for this position.

For more information, click here. Major Duties:

Leads task forces in performing assessments of systems, subsystems, networks, and applications within on-premises or cloud environments and identifies deviations from acceptable security policies.

Applies available technologies and basic management principles to adapt cyber vulnerability, application security, and penetration testing methods to a variety of subject matter situations.

Develops cyber vulnerability, application security, and penetration testing indicators to maintain awareness of the status of the highly dynamic operating environment.

Conducts strategic and operational effectiveness assessments as required for identified cyber vulnerabilities.

Develops detailed plans for the conduct or support of the applicable range of cyber operations through collaboration with other planners, operators and/or analysts.

Investigates, analyzes, and reports vulnerabilities, discovered within environments, systems, subsystems, networks, and applications.

Analyze organization's cyber defense policies and evaluate compliance with regulations and organizational directives.

Support the Software Development Lifecycle (SDLC) using DevSecOps and other agile assessment methodologies.