IT Specialist (INFOSEC)
- Employer
- USAJobs
- Location
- Washington, D.C
- Posted
- Mar 22, 2023
- Closes
- Mar 29, 2023
- Function
- IT
- Industry
- Government and Public Services, Federal
- Career Level
- Experienced (Non-Manager)
- Hours
- Full Time
Duties
The following are the duties of this position at the EL-13. (Equivalent to the GS-13) If you are selected at a lower grade level, you will have the opportunity to learn to perform all these duties and will receive training to help you grow in this position.
- Lead various teams of lower-graded staff in ensuring highly technical and complex audits of IT systems and information systems security programs and practices conform to applicable professional standards and FHFA OIG policy. Prepare proposals for future audits of aforementioned systems, programs, and practices. Conduct and/or review pre-audit and evaluation research of any prior audits reports, as well as related laws, regulations, policies, and procedures. Assign tasks and provides technical and administrative guidance to team members. Serve as liaison with auditee representatives.
- Conduct and/or participate in briefings with OA and auditee management to discuss issues, status of audits, outcomes of testing, and audit results. Prepare and/or reviews audit reports and supporting documentation prepared by team members ensuring compliance with applicable professional standards and OIG policy. Monitor implementation of corrective actions recommended in audit reports. Participate in preparing responses to Congressional requests, and in preparing summaries of Congressional hearings.
- Lead vulnerability assessments and penetration tests to identify security vulnerabilities, causes of systems weaknesses, and identify instances of lack of compliance with IT security requirements; and perform analysis of vulnerabilities and risks and makes recommendations to improve security measures and countermeasures to mitigate IT security risks: lead audits of disaster recovery exercises to identify weaknesses in continuity of operations and make recommendations for ensuring the safeguarding of information systems and their availability in the event of a disaster; lead audits of IT systems and information systems security programs and practices to determine compliance with FISMA and make recommendations to mitigate identified security weaknesses; and lead audits of cloud systems, virtual servers, and web servers and applications to determine whether controls and protections are in place, sufficient and effective for securing aforementioned systems. Lead IT security control testing of emerging and evolving technologies. Ensure that findings are supported by adequate documentation in conformance with applicable professional standards and FHFA policy.
- Review work products prepared by team members to ensure accuracy and sufficiency of support for identified weaknesses in IT systems security and information systems program and practices, and compliance with applicable professional standards and FHFA OIG policy. Provide on-the-job training on use of electronic audit documentation system and audit tasks such as interviewing, testing, program and system processes observation, and report writing.
- As a Contracting Officer's Representative (COR) in the event an audit is contracted, perform technical contracting functions, including drafting statements of work (SOWS), preparing cost estimates, and developing technical standards of performance. Participate in procurement technical evaluation panels to evaluate bids. This includes reviewing and evaluating proposals on factors such as technical approach, qualifications of key personnel, past experience, management plan, labor effort, and price quotation. Make recommendations concerning contractors and proposals to the rest of technical evaluation team. Prepare contract modifications. Participate in briefings with contractors to discuss issues, the status of the audits, and audit results. Review contractors' approach and plan for carrying our audit plans of IT systems security and information systems security programs and practices, status reports, audit reports, audit documentation, and other deliverables prepared by contractors ensuring conformance with applicable professional standards, FHFA OIG policy, and the contract. Review and approve payment of contractor invoices.
- Performs other duties as assigned.
Requirements
Conditions of Employment
- A one year probationary period may be required.
- Must successfully complete a background investigation.
-Public Trust - Background Investigation will be required.
- Complete a Declaration for Federal Employment to determine your suitability for Federal employment, at the time requested by the agency
- If you are a male applicant born after December 31, 1959, certify that you have registered with the Selective Service System or are exempt from having to do so.
- Have your salary sent to a financial institution of your choice by Direct Deposit/Electronic Funds Transfer.
- Go through a Personal Identity Verification (PIV) process that requires two forms of identification from the Form I-9 . Federal law requires verification of the identity and employment eligibility of all new hires in the U.S.
- Obtain and use a Government-issued charge card for business-related travel.
- File a Confidential Financial Disclosure Report within 30 days of appointment and annually from then on.
- If you are retired from the Federal Government and are selected for this vacancy, your retirement annuity may be offset from your pay.
Key Requirements:
Please refer to "Conditions of Employment." Must be U.S. Citizen or U.S. National Ethics: FHFA-OIG employees are subject to government-wide ethical standards of conduct, financial disclosure requirements, and post-employment prohibitions. In addition, certain FHFA-OIG employees are prohibited from accepting compensation from Fannie Mae and Freddie Mac for a two-year period after terminating employment with FHFA-OIG. Furthermore, to avoid financial conflicts-of interest or the appearance of conflicts-of-interest, FHFA-OIG employees may need to divest or sell certain assets they, their spouse, or minor children own or control, including securities issued by Fannie Mae, Freddie Mac, or the Federal Home Loan Banks. Employees who work on Federal Home Loan Bank issues may need to sell or divest financial interests with any of the Federal Home Loan Bank members, which may include stock in bank holding companies, insurance companies, and other financial services firms.
Qualifications
The experience may have been gained in either the public, private sector or volunteer service . One year of experience refers to full-time work; part-time work is considered on a prorated basis. To ensure full credit for your work experience, please indicate dates of employment by month/day/year, and indicate number of hours worked per week on your resume.
You must meet the following requirements by the closing date of this announcement.
Specialized Experience: For the EL-12, you must have one year of specialized experience at a level of difficulty and responsibility at the EL-11/GS-11 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes experience performing IT security work demonstrating experience with, and applying, Federal Information Security Modernization Act, Office of Management and Budget (OMB) Circular No. A-130, Appendix III, and National Institute of Standards and Technology (NIST) standards and guidelines when conducting performance audits over information technology/cyber security, in accordance with generally accepted government auditing standards (GAGAS) or equivalent non-federal auditing standards and guidelines.
Examples of such experience could include:
- Serving as a core member of a project team or subject matter expert in conducting research of reports, laws, regulations, policies, and procedures related to IT or IT security;
- Working as part of a team developing plans for IT audits or IT Security assessments;
- Working on a team involved with IT security control test work (e.g., vulnerability assessment, penetration tests, FISMA control testing, cloud security control assessment);
- Drafting workpapers or sections of report documenting IT audit or IT security assessment findings.
AND
In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below:
- Attention to Detail, such as monitoring implementation of recommended corrective actions.
- Customer Service, such as participating in briefings concerning contractors and proposals.
- Oral Communication, such as conducting briefings with management to discuss issues, status, and findings of IT audits.
- Problem Solving, such as planning and conducting security control test work.
Specialized Experience For the EL-11, you must have one year of specialized experience at a level of difficulty and responsibility at the EL-09/GS-09 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes experience performing structured IT audit security work using testing tools to develop more in-depth experience promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations visions and goals.
Examples of this experience could include:
- Experience assisting more experienced staff in preparing proposals or plans for IT audits or IT security assessments.
- Participate in IT security control test work (e.g., vulnerability assessment, penetration tests, FISMA control testing, cloud security control assessment).
- Experience conducting pre-audit research of prior audit/evaluation reports, laws, regulations, and procedures related to IT or IT security assessments.
AND
In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below in their IT-related experience:
- Attention to Detail, such as reviewing work products prepared by team members to ensure accuracy and sufficiency of support for identified weaknesses.
- Customer Service, such as reviewing and approving payment of contractor invoices.
- Oral Communication, such as providing on-the-job training on use of electronic audit documentation system.
- Problem Solving, such as participating in audits of disaster recovery exercises to identify weaknesses in continuity of operations and make recommendations for ensuring the safeguarding of information systems and their availability in the event of a disaster.
OR
You may substitute education for specialized experience as follows: Ph.D. or equivalent doctoral degree, or 3 full years of progressively higher-level graduate education leading to a Ph.D. or equivalent doctoral degree. Attach a copy of transcript or list of college courses designating semester or quarter hours earned to ensure proper credit. The degree is in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.
Specialized Experience For the EL-09, you must have one year of specialized experience at a level of difficulty and responsibility at the EL-07/GS-07 level, or equivalent, that is directly related to the position and which has equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes performing highly structured, entry level IT security audit work designed to develop broader and more in-depth knowledge and skill needed to perform higher level assignments, such as ensuring the integrity and availability of systems and networks through analysis of information systems security programs, policies, and procedures.
Examples of such experience could include:
-Experience applying operational standards to identify, isolate and resolve issues.;
-Experience participating in audit, assessment, evaluation or analytical reviews in accordance with an established process.;
-Experience assisting with the audit analysis and testing of IT systems security controls.
AND
In addition to meeting specialized experience, applicants must have IT-related proficiency in each of the four competencies listed below.
-Attention to Detail, such as preparation of supporting documents for an IT audit.
-Customer Service, such as serving as liaison with auditee representatives for a team.
-Oral Communication, such as assisting with preparation of pre-audit and exit conferences.
-Problem Solving, such as assisting with pre-audit research.
OR
You may substitute education for specialized experience as follows: Master's degree or equivalent graduate degree or 2 full years or progressively higher level graduate education leading to a Master's or equivalent graduate degree, in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.
In addition to the above requirements, you must meet the following time-in-grade requirement, if applicable:
For the EL-12, you must have been at the EL/GS-11level for 52 weeks.
For the EL-11, you must have been at the EL/GS-09level for 52 weeks.
For the EL-09, you must have been at the EL/GS-07level for 52 weeks.
Additional information
- We may select from this announcement or any other source to fill one or more vacancies.
- Relocation expenses may be paid.
- This is a non-bargaining unit position.
- Telework opportunities are offered per agency policy.
- We offer opportunities for flexible work schedules.
- Occasional travel may be required.
Our employees enjoy all the standard federal benefits, plus additional agency-specific benefits. Our benefits package includes:
-HEALTH INSURANCE: A variety of Federal Employee Health Benefit plans to choose from which can be paid from pre-tax income. FHFA-OIG pays 90% of the bi-weekly premium.
-DENTAL and VISION INSURANCE: 100% of the premium for employees and their family members (including domestic partners).
-401(k) PLAN: In addition to the Thrift Savings Plan (TSP), FHFA-OIG employees are eligible to participate in a separate agency-sponsored 401(k) plan. FHFA-OIG provides a 100% employer matching contribution of up to 3 percent of your salary that you contribute. The plan offers multiple investment options. Funds from qualified plans of previous employers can be rolled over to your 401(k) account.
-COMMUTING EXPENSES: FHFA-OIG provides monthly transportation and parking subsidies to employees who commute to work on public transportation. Employees who do not commute via public transportation may apply for free parking at the building.
-GYM: Free use of an on-site gym and locker room with shower facilities when at the HQ building.
-REIMBURSEMENTS and STIPENDS: Fees forprofessional licenses/certifications and professional liability insurance may be reimbursed. Health and Wellness stipends are provided to eligible employees each year for activities related to promoting a healthy lifestyle and work-life balance. Travel stipends are provided to employees who travel over 50 nights per fiscal year.
Learn more about Federal benefits programs at: https://help.usajobs.gov/index.php/Pay_and_Benefits
The following are the duties of this position at the EL-13. (Equivalent to the GS-13) If you are selected at a lower grade level, you will have the opportunity to learn to perform all these duties and will receive training to help you grow in this position.
- Lead various teams of lower-graded staff in ensuring highly technical and complex audits of IT systems and information systems security programs and practices conform to applicable professional standards and FHFA OIG policy. Prepare proposals for future audits of aforementioned systems, programs, and practices. Conduct and/or review pre-audit and evaluation research of any prior audits reports, as well as related laws, regulations, policies, and procedures. Assign tasks and provides technical and administrative guidance to team members. Serve as liaison with auditee representatives.
- Conduct and/or participate in briefings with OA and auditee management to discuss issues, status of audits, outcomes of testing, and audit results. Prepare and/or reviews audit reports and supporting documentation prepared by team members ensuring compliance with applicable professional standards and OIG policy. Monitor implementation of corrective actions recommended in audit reports. Participate in preparing responses to Congressional requests, and in preparing summaries of Congressional hearings.
- Lead vulnerability assessments and penetration tests to identify security vulnerabilities, causes of systems weaknesses, and identify instances of lack of compliance with IT security requirements; and perform analysis of vulnerabilities and risks and makes recommendations to improve security measures and countermeasures to mitigate IT security risks: lead audits of disaster recovery exercises to identify weaknesses in continuity of operations and make recommendations for ensuring the safeguarding of information systems and their availability in the event of a disaster; lead audits of IT systems and information systems security programs and practices to determine compliance with FISMA and make recommendations to mitigate identified security weaknesses; and lead audits of cloud systems, virtual servers, and web servers and applications to determine whether controls and protections are in place, sufficient and effective for securing aforementioned systems. Lead IT security control testing of emerging and evolving technologies. Ensure that findings are supported by adequate documentation in conformance with applicable professional standards and FHFA policy.
- Review work products prepared by team members to ensure accuracy and sufficiency of support for identified weaknesses in IT systems security and information systems program and practices, and compliance with applicable professional standards and FHFA OIG policy. Provide on-the-job training on use of electronic audit documentation system and audit tasks such as interviewing, testing, program and system processes observation, and report writing.
- As a Contracting Officer's Representative (COR) in the event an audit is contracted, perform technical contracting functions, including drafting statements of work (SOWS), preparing cost estimates, and developing technical standards of performance. Participate in procurement technical evaluation panels to evaluate bids. This includes reviewing and evaluating proposals on factors such as technical approach, qualifications of key personnel, past experience, management plan, labor effort, and price quotation. Make recommendations concerning contractors and proposals to the rest of technical evaluation team. Prepare contract modifications. Participate in briefings with contractors to discuss issues, the status of the audits, and audit results. Review contractors' approach and plan for carrying our audit plans of IT systems security and information systems security programs and practices, status reports, audit reports, audit documentation, and other deliverables prepared by contractors ensuring conformance with applicable professional standards, FHFA OIG policy, and the contract. Review and approve payment of contractor invoices.
- Performs other duties as assigned.
Requirements
Conditions of Employment
- A one year probationary period may be required.
- Must successfully complete a background investigation.
-Public Trust - Background Investigation will be required.
- Complete a Declaration for Federal Employment to determine your suitability for Federal employment, at the time requested by the agency
- If you are a male applicant born after December 31, 1959, certify that you have registered with the Selective Service System or are exempt from having to do so.
- Have your salary sent to a financial institution of your choice by Direct Deposit/Electronic Funds Transfer.
- Go through a Personal Identity Verification (PIV) process that requires two forms of identification from the Form I-9 . Federal law requires verification of the identity and employment eligibility of all new hires in the U.S.
- Obtain and use a Government-issued charge card for business-related travel.
- File a Confidential Financial Disclosure Report within 30 days of appointment and annually from then on.
- If you are retired from the Federal Government and are selected for this vacancy, your retirement annuity may be offset from your pay.
Key Requirements:
Qualifications
The experience may have been gained in either the public, private sector or volunteer service . One year of experience refers to full-time work; part-time work is considered on a prorated basis. To ensure full credit for your work experience, please indicate dates of employment by month/day/year, and indicate number of hours worked per week on your resume.
You must meet the following requirements by the closing date of this announcement.
Specialized Experience: For the EL-12, you must have one year of specialized experience at a level of difficulty and responsibility at the EL-11/GS-11 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes experience performing IT security work demonstrating experience with, and applying, Federal Information Security Modernization Act, Office of Management and Budget (OMB) Circular No. A-130, Appendix III, and National Institute of Standards and Technology (NIST) standards and guidelines when conducting performance audits over information technology/cyber security, in accordance with generally accepted government auditing standards (GAGAS) or equivalent non-federal auditing standards and guidelines.
Examples of such experience could include:
- Serving as a core member of a project team or subject matter expert in conducting research of reports, laws, regulations, policies, and procedures related to IT or IT security;
- Working as part of a team developing plans for IT audits or IT Security assessments;
- Working on a team involved with IT security control test work (e.g., vulnerability assessment, penetration tests, FISMA control testing, cloud security control assessment);
- Drafting workpapers or sections of report documenting IT audit or IT security assessment findings.
AND
In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below:
- Attention to Detail, such as monitoring implementation of recommended corrective actions.
- Customer Service, such as participating in briefings concerning contractors and proposals.
- Oral Communication, such as conducting briefings with management to discuss issues, status, and findings of IT audits.
- Problem Solving, such as planning and conducting security control test work.
Specialized Experience For the EL-11, you must have one year of specialized experience at a level of difficulty and responsibility at the EL-09/GS-09 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes experience performing structured IT audit security work using testing tools to develop more in-depth experience promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations visions and goals.
Examples of this experience could include:
- Experience assisting more experienced staff in preparing proposals or plans for IT audits or IT security assessments.
- Participate in IT security control test work (e.g., vulnerability assessment, penetration tests, FISMA control testing, cloud security control assessment).
- Experience conducting pre-audit research of prior audit/evaluation reports, laws, regulations, and procedures related to IT or IT security assessments.
AND
In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below in their IT-related experience:
- Attention to Detail, such as reviewing work products prepared by team members to ensure accuracy and sufficiency of support for identified weaknesses.
- Customer Service, such as reviewing and approving payment of contractor invoices.
- Oral Communication, such as providing on-the-job training on use of electronic audit documentation system.
- Problem Solving, such as participating in audits of disaster recovery exercises to identify weaknesses in continuity of operations and make recommendations for ensuring the safeguarding of information systems and their availability in the event of a disaster.
OR
You may substitute education for specialized experience as follows: Ph.D. or equivalent doctoral degree, or 3 full years of progressively higher-level graduate education leading to a Ph.D. or equivalent doctoral degree. Attach a copy of transcript or list of college courses designating semester or quarter hours earned to ensure proper credit. The degree is in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.
Specialized Experience For the EL-09, you must have one year of specialized experience at a level of difficulty and responsibility at the EL-07/GS-07 level, or equivalent, that is directly related to the position and which has equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes performing highly structured, entry level IT security audit work designed to develop broader and more in-depth knowledge and skill needed to perform higher level assignments, such as ensuring the integrity and availability of systems and networks through analysis of information systems security programs, policies, and procedures.
Examples of such experience could include:
-Experience applying operational standards to identify, isolate and resolve issues.;
-Experience participating in audit, assessment, evaluation or analytical reviews in accordance with an established process.;
-Experience assisting with the audit analysis and testing of IT systems security controls.
AND
In addition to meeting specialized experience, applicants must have IT-related proficiency in each of the four competencies listed below.
-Attention to Detail, such as preparation of supporting documents for an IT audit.
-Customer Service, such as serving as liaison with auditee representatives for a team.
-Oral Communication, such as assisting with preparation of pre-audit and exit conferences.
-Problem Solving, such as assisting with pre-audit research.
OR
You may substitute education for specialized experience as follows: Master's degree or equivalent graduate degree or 2 full years or progressively higher level graduate education leading to a Master's or equivalent graduate degree, in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.
In addition to the above requirements, you must meet the following time-in-grade requirement, if applicable:
For the EL-12, you must have been at the EL/GS-11level for 52 weeks.
For the EL-11, you must have been at the EL/GS-09level for 52 weeks.
For the EL-09, you must have been at the EL/GS-07level for 52 weeks.
Additional information
- We may select from this announcement or any other source to fill one or more vacancies.
- Relocation expenses may be paid.
- This is a non-bargaining unit position.
- Telework opportunities are offered per agency policy.
- We offer opportunities for flexible work schedules.
- Occasional travel may be required.
Our employees enjoy all the standard federal benefits, plus additional agency-specific benefits. Our benefits package includes:
-HEALTH INSURANCE: A variety of Federal Employee Health Benefit plans to choose from which can be paid from pre-tax income. FHFA-OIG pays 90% of the bi-weekly premium.
-DENTAL and VISION INSURANCE: 100% of the premium for employees and their family members (including domestic partners).
-401(k) PLAN: In addition to the Thrift Savings Plan (TSP), FHFA-OIG employees are eligible to participate in a separate agency-sponsored 401(k) plan. FHFA-OIG provides a 100% employer matching contribution of up to 3 percent of your salary that you contribute. The plan offers multiple investment options. Funds from qualified plans of previous employers can be rolled over to your 401(k) account.
-COMMUTING EXPENSES: FHFA-OIG provides monthly transportation and parking subsidies to employees who commute to work on public transportation. Employees who do not commute via public transportation may apply for free parking at the building.
-GYM: Free use of an on-site gym and locker room with shower facilities when at the HQ building.
-REIMBURSEMENTS and STIPENDS: Fees forprofessional licenses/certifications and professional liability insurance may be reimbursed. Health and Wellness stipends are provided to eligible employees each year for activities related to promoting a healthy lifestyle and work-life balance. Travel stipends are provided to employees who travel over 50 nights per fiscal year.
Learn more about Federal benefits programs at: https://help.usajobs.gov/index.php/Pay_and_Benefits