IT SPECIALIST (INFOSEC)
This position is being advertised through the Office of Personnel Management's (OPM) Delegated Direct-Hire Authority (Section 1312 of the Homeland Security Act of 2002) and is open to All U.S. Citizens. Under this authority, competitive rating, ranking and veterans' preference procedures do not apply.
The U.S. Securities and Exchange Commission is looking for the best and brightest to join our team. Our mission includes advocating for investors who seek to secure a future for their family, providing guidance and regulations for the nation's securities industry in an increasingly global market, and taking action with an eye toward promoting the capital formation necessary to sustain economic growth.
A career with the Securities and Exchange Commission (SEC) offers work that is exciting, challenging and rewarding. You can contribute to securities regulation and enforcement while making a positive difference for the American investing public. The SEC provides:
- Careers that broaden and deepen your already accomplished knowledge, skills and abilities;
- An environment that allows you to work and learn with the nation's experts;
- Benefits, compensation and career expansion opportunities; and
- A balance between your professional and family life.
- Paid dental and vision insurance;
- Subsidy for health insurance, which supplements your health benefits premiums by $28.66 for self-only coverage, $53.55 for self plus one, and $57.32 for family coverage;
- Domestic Partner Health Insurance Reimbursement Program;
- Mass transportation subsidy;
- "WorkSmart" - Opportunities for flexible work schedules and expanded telework
The Office of Information Technology (OIT) supports the Commission and staff of the SEC in all aspects of information technology. The office has overall management responsibility for the Commission's IT program including application development, infrastructure operations and engineering, user support, IT program management, capital planning, security, and enterprise architecture. OIT also maintains a very active website that contains a wealth of information about the Commission and the securities industry, and also host the Electronic Data Gathering Analysis and Retrieval (EDGAR) database for free public access.
- Not Required
All qualification requirements must be met by the closing date of this announcement.
Qualifying experience may be obtained in the private or public sector. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Additional qualifications information can be found here.
MINIMUM QUALIFICATION REQUIREMENT: Qualifying experience for the SK-14 level requires Information Security-related experience that demonstrates each of the following four competencies: Attention to Detail; Customer Service; Oral Communication; and Problem Solving; AND 1 year of specialized experience in Information Security comparable in scope and responsibility to at least the SK/GS-13 level which required 1) supporting incident detection and response operations; 2) configuring, tuning, and monitoring security capabilities including intrusion detection/prevention systems and security event and information management (SEIM) tools; 3) identifying, evaluating, and mitigating information systems threats and vulnerabilities; and, 4) developing, advising, and implementing security solutions for enterprise infrastructure capabilities.
1. Application procedures are specific to this vacancy announcement. Please read all the instructions carefully. Failure to follow the instructions may result in you not being considered for this position.
2. Supplementary vacancies may be filled in addition to the number stated in this announcement.
3. This position has promotion potential to the SK-14.
4. PROBATIONARY PERIOD: This appointment may require completion of a one-year probationary period.
5. SECURITY CLEARANCE: Entrance on duty is contingent upon completion of a pre-employment security investigation. Favorable results on a Background Investigation may be a condition of employment or selection to another position.
6. DRUG TESTING: This position may be subjected to drug testing requirements.
7. PERMANENT CHANGE OF STATION (PCS): Moving/Relocation expenses are not authorized.
8. DIRECT DEPOSIT: All Federal employees are required to have Federal salary payments made by direct deposit to a financial institution of their choosing.
9. This position is in the collective bargaining unit.
If selected, you will join a well-respected team that is responsible for providing expert level information technology support for information security operations and development.
Typical Duties Include:
- Monitoring data sources to detect, characterize, and respond to attacks on the agency's computing environment, domain boundaries, network assets and supporting infrastructures.
- Serving as an escalation point for ongoing incident response activities, providing both technical and administrative subject-matter expertise in incident detection and handling.
- Extending the capabilities of existing technologies within the information security domain and implementing new and emerging information security capabilities.
- Performing gap-analysis of current coverage against known Tactics, Techniques, and Procedures (TTPs) of adversaries and remedying shortfalls to reduce the attack-surface of the Enterprise.
- Maintaining, operating, and enhancing the performance of information security toolsets through the automation and integration of disparate toolsets, via various means and technologies (RESTful APIs provided by vendors, various programming and scripting languages, interface scraping, and information exchange standards such as OpenIOC, CybOX, STIX, or IODEF).
- Consulting and collaborating across the Enterprise to augment and improve the information security posture via enhanced policies, system architectures, and processes.
- Assisting with the integration of information security fundamentals and advanced security concepts into agency technology initiatives, application development efforts, and infrastructure operations.
- Conducting informal training for information technology staff to advance technical abilities and threat awareness.