Information Technology Specialist (Security)
The Administrative Office (AO), an agency of the Judicial Branch of the Federal government, is committed to serving and supporting the Federal court system of the United States. The AO provides a broad range of legislative, legal, financial, technology, management, administrative and program support services to the Federal courts.
AO positions are classified and paid under a broad-banded system with the exception of positions in the AO Executive Service. Salary is commensurate with experience. Most AO employees are eligible for full Federal and Judiciary benefits.
The AO is committed to attracting the best and brightest applicants in our support of the Third Branch of government. We take pride in serving the Judicial Branch and supporting its mission to provide equal justice under law.
- Not Required
Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions.
Basic Requirements: You must have Information Technology (IT) related experience which demonstrates proficiency in each of the following competencies:
- Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
- Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
- Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
- Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
Specialized Experience: Applicants must have at least one year of specialized experience which is in or directly related to the line of work of this position. Specialized experience must demonstrate ALL areas defined below:
(1) Leading an enterprise security program, including compliance and assessment responsibilities; AND
(2) Overseeing "hands on" security projects which implement security policies.
(Resume must show clear and convincing evidence of all areas of specialized experience. We cannot make assumptions.)
The following certification is desired but not required:
- Certified Information Systems Security Professional (CISSP)
CONDITIONS OF EMPLOYMENT:
- All information is subject to verification. Applicants are advised that false answers or omissions of information on application materials or inability to meet the following conditions may be grounds for non-selection, withdrawal of an offer of employment, or dismissal after being employed.
- Selection for this position is contingent upon completion of OF-306, Declaration for Federal Employment during the pre-employment process and proof of U.S. citizenship or, for noncitizens, proof of authorization to work in the United States and proof of entitlement to receive compensation. Additional information on the employment of non-citizens can be found at http://ww.usajobs.gov/Help/working-in-government/non-citizens. For a list of documents that may be used to provide proof of citizenship or authorization to work in the United States, please refer to Form I-9, Employment Eligibility Verification.
- A background security investigation is required for all selectees. Appointment will be subject to a successful completion of a background security investigation and favorable adjudication. Failure to successfully meet these requirements may be grounds for appropriate personnel action. A background security reinvestigation or supplemental investigation may be required at a later time.
- All new AO employees must identify a financial institution for direct deposit of pay before appointment.
- You will be required to serve a trial period if selected for a first-time appointment to the Federal government, transferring from another Federal agency, or serving as a first-time supervisor. Failure to successfully complete the trial period may result in termination of employment.
- If appointed to a temporary position, management may have the discretion of converting the position to permanent depending upon funding and staffing allocation.
- Relocation expenses may be provided, but only if authorized by the Director of the AO.
- The selectee of this position may be assigned to an official duty station outside the advertised area.
Public Trust - Background Investigation
This position is located within the AO Technology Office (AOTO) of the Department of Technology Services (DTS). The incumbent will serve as the Information Technology Security Officer (ISO) for AOTO. As an Information Technology (IT) Specialist (Security) within the AOTO, the incumbent will lead a team of contractual IT security professionals.
The incumbent is a recognized IT security expert with a strong background in security compliance and assessment as well as a proven record of successfully leading "hands on" security activities which implement security policies. The incumbent will lead a team to bolster and administer a security program and oversee security operations activities for AOTO. Compliance and assessment responsibilities include developing IT security policy and supporting procedures, maintaining system security plans, performing risk assessments and performing continuous monitoring of Internal controls. Security operations responsibilities include incident response, vulnerability management, participating in change management, and others. The incumbent will perform multiple and varying assignments under the direction of the Chief, AOTO/LITSS. Additionally, this position will work closely with the Information Technology Security Office (ITSO) of the Department of Technology Services (DTS) to ensure the AOTO's compliance with the Judiciary Security Framework (based on National Institute of Standards in Technology NIST 800-53, Revision 4) and both national and AO-specific security policies.
Duties include, but are not limited to the following:
1. Developing and overseeing implementation of IT security policy, guidance, and procedures;
2. Creating, updating and maintaining System Security Plans, IT security-related exceptions, security audit findings, and Corrective Action Plans (CAPS);
3. Overseeing and log management review and analysis activities;
4. Oversee and make recommendations to improve the incident response and reporting capabilities of AOTO including performing periodic incident response and contingency planning test and exercises;
5. Providing technical advisory services to securely design, implement, maintain, or modify information technology systems that are critical to the operation and success of the Judiciary. This includes performing research to identify potential vulnerabilities in and threats to existing and proposed technologies, and notifying the appropriate managers/personnel of the risk potential;
6. Participating in change and configuration management decisions via change control boards. Reviewing Change Requests and evaluate the completeness of their descriptions and risk impact to the Judiciary;
7. Ensuring the creation and execution of the system's continuous monitoring program, including identifying the controls, approving the test methodology and reporting processed, and coordinating with stakeholders on its implementation;
8. Performing risk assessments to periodically re-evaluate the sensitivity of the system, risks and mitigation strategies as well as assessing the impact of new requirements;
9. Performing self-assessments of the system safeguards to validate that they are properly implemented and operating as intended. Recommending options for closing or mitigating identified vulnerabilities and independently assessing the effectiveness of their implementation;
10. Ensuring a contingency plan is in place for continuity of operations in an emergency situation and that the developed plans are tested;
11. Developing procedures for reporting, documenting, and remediation of technical vulnerabilities, and ensuring appropriate personnel receive training for carrying-out the procedures; and
12. Coordinating the development and delivery of IT security awareness programs for authorized users, and a specialized program for those with elevated privileges.