Duties

The IT Specialist (INFOSEC-Cybersecurity):

• Assists with development of risk analysis, accreditation, and certification packages to include disaster recovery plans in accordance with agency requirements. Assists Information Assurance (IA) personnel in conducting risk analysis and security tests and evaluations. Works with other security officers, users, and other support personnel to ensure security regulations are followed. Ensures agency security standards are met.
• Participates with user support personnel to train personnel and functional users on use of automated information systems, computers, local and wide area networks, and other automated systems management tools. Attends available commercial and Agency/OCIO courses needed to maintain current technical knowledge and depth as needed. Plans, develops, and administers training programs implementing the standardization, control, and/or guidance of communications programs.
• Ensure all facets of network connectivity (e.g., WAN architecture) and security controls including perimeter security are architected in a manner to safeguard DOT's assets, applications and data including personally identifiable information (PII) in adherence to federal standards and industry best practices.
• Advises upper-level management and executives as well as other IT experts throughout the agency on identifying, selecting, and ensuring the proper instantiation of all necessary cloud tools including but not limited to continuous diagnostic and monitoring (CDM) versus CSP native tools. Establishes studies, technical assessments, surveys, and evaluations as needed based on enterprise cloud related problems or deficiencies.
• Supports the implementation, and evaluation of security programs in assigned organizations, including the implementation of security programs designed to anticipate, assess, and minimize system vulnerabilities. Assists in coordinating the implementation of security programs across platforms and establishes vulnerability reporting criteria.
• Coordinates with other DOT staff on the development of information security system and application policies, guidelines, standards, requirements, and procedures. Recommends ways to protect the organization's information and information systems.

The Ideal Candidate Statement: We are looking to grow our team with candidates who are motivated self-starter who can share their expertise in planning, development, and implementation of cyber security incident management and response programs; establishing policies and processes/procedures to use their skills to fill multiple positions related to Cybersecurity Compliance, Identity, Credential, and Access Management (ICAM), and Governance, Risk, and Compliance (GRC), Cloud Security and Cybersecurity Data Analysis.

PLEASE NOTE: This is an open continuous, not to exceed one-year, vacancy. Given our continuing need for top professionals in this field, we will review applications on an as needed basis. We will give equal consideration to all applications we receive.

Requirements

Conditions of Employment

• You must be a U.S. citizen & meet specialized experience to qualify
• Submit application and resume online by 11:59 PM EST on the closing date
• Required documents must be submitted by the closing date.
• Direct Hire Authority will be used to fill this position

CONDITIONS OF EMPLOYMENT:

• SELECTIVE SERVICE: Males born after 12/31/1959 must be registered for the Selective Service.
• GOVERNMENT TRAVEL CARD: This position involves travel. A government contractor-issued travel card will be issued and must be retained for official business only.
• PROBATIONARY PERIOD: Applicants may be required to successfully complete a one-year probationary period (unless already completed).
• TELEWORK ELIGIBILITY: The position is approved for occasional telework and you are required to report to the office on a regular basis. The number of telework days approved is determined by the agency policy, emergency situations, the approval of your immediate supervisor, and if applicable, approval of additional officials.

Qualifications

To meet the minimum qualifications for this position, you must meet either the education or specialized experience requirements for the grade at which you are requesting consideration.

To qualify for the GS-11 on Experience, you must have at least one year of experience equal or equivalent to the GS-09 it must include:

• Experience using cybersecurity tools or systems to identify potential cybersecurity threats or issues.
• Experience in conducting multiple risk assessments at the program or project level and incorporated the results into the risk management/mitigation programs as part of overall program or project management for multiple programs.

To qualify for the GS-11 on Education alone, you must have:
3 years of progressively higher level graduate education leading to a Ph.D. degree or Ph.D. or equivalent doctoral degree.
You can also qualify based on a combination of higher level graduate education and experience. This must be fully supported by your resume and transcripts, provided with your application.

To qualify for the GS-12 on Experience, you must have at least one year of experience equal or equivalent to the GS-11 it must include:

• Experience developing and/or evaluating information systems security programs.
• Experience in securing cloud and on premise environments.
• Experience in cloud solutions, software engineering methodologies, computer operating and application software, data communications, and computer hardware in evaluating state of the art products, performing studies, and developing future applications and control requirements.

You cannot qualify on education at the GS-12 level; you must have experience.

To qualify for the GS-13 on Experience, you must have at least one year of experience equal or equivalent to the GS-12 it must include:

• Experience managing and/or administering an IT Security Program for an organization.
• Experience and training in performing system security assessments, identifying security deficiencies and recommending cost-effective security controls.
• Experience managing and/or leading workers performing cybersecurity work (i.e., Incident Management and Remediation, Risk Management, Security Assessments and Authorizations, Training, etc.

You cannot qualify on education at the GS-13 level; you must have experience.

In addition to meeting the above described specialized experience requirements, your IT experience will be evaluated and be expected to include described experience in the following competencies:

• Attention to Detail: Work is thorough and conscientious about attending to detail.
• Customer Service: Working with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, providing information or assistance, assigning staff to resolve their problems, or satisfying their expectations; knowing about available products and services; committed to providing quality products and services.
• Oral Communication: Expressing information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); making clear and convincing oral presentations; listening to others, attending to nonverbal cues, and responding appropriately.
• Problem Solving: Identifying problems; determining accuracy and relevance of information; using sound judgment to generate and evaluate alternatives and making recommendations based on technical requirements.

For all types of consideration, experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience

For additional information about applying to Federal positions, please click on the following link: https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-policies/#url=e4

Students enrolled in a qualifying degree program can apply if the anticipated graduation date is within six months of closing date of the announcement. Graduation transcript must be received before start date.

Other applicants must meet all qualification requirements by the closing date of this announcement.

Additional information

This announcement may be used to fill additional positions if similar vacancies occur within 90 days of the issue date of the referral certificate.

Qualified CTAP/ICTAP candidates receive priority and will be referred to the hiring manager.