IT Specialist (INFOSEC)
Announcement may be used to fill similar positions within 30 days of the closing date.
This position is also being announced concurrently under Merit Promotion procedures vacancy number: M17-DP-10031833-IMT. Applicants who wish to be considered under MP must apply to both vacancies separately.
About this agency
Be part of a dynamic, self-supporting Federal agency with an 82-year record of supporting U.S. export-related jobs and over $8 billion in export sales in 2016. Work in the heart of Washington, DC two blocks from the White House across from the McPherson Square metro station.
This position is located in the Office of the Chief Information Officer, Information Management and Technology, at the Export-Import Bank of the United States. The primary purpose of this position is to serve as the Bank's Cybersecurity specialist operating the Bank's Security Operations Center (SOC) with responsibility for ensuring the confidentiality, integrity, and availability of the Bank's IT systems, networks, and data (whether on premises or in the cloud) through the use of a combination of on premises and hosted cybersecurity tools and services.
- Occasional Travel
- You may be expected to travel for this position.
Specialized Experience (Credit for Specialized Experience on resume must reflect 40 hours/Full-time per week for each period of work):
GS-14: You must have one (1) year of specialized experience that has equipped you with the particular knowledge, skills, and abilities to successfully perform the duties of the position, and that is typically in or related to the work of the position to be filled. To be creditable, specialized experience must have been equivalent to at least the GS-13 level in the Federal Government. Specialized experience includes:
- Experience providing practical and technical leadership in the cybersecurity areas of continuous monitoring and diagnostics, situation awareness and threat assessment, vulnerability assessment and management, incident response operations and management, and cybersecurity tool acquisition, setup and use.
- Attention to Detail: Is thorough when performing work and conscientious about attending to detail.
- Customer Service: Anticipates and meets the needs of both internal and external business partners and customers (any individuals who use or receive the services or products that your work unity produces including the general public, individuals who work in the agency, other agencies, or organizations outside the Government). Provides information or assistance. Delivers high quality products and services; is committed to continuous improvement. Effectively manages customer relationships.
- Oral Communication: Makes clear and convincing oral presentations to individuals and groups. Listens effectively; clarifies information, as needed. Speaks and writes in a clear, concise, organized, and convincing manner that is appropriate to the audience. Facilitates an open exchange of ideas to ensure all group input is considered. Handles technical, sensitive, or controversial topics with agility involving executives/managers as appropriate.
- Problem Solving: Identifies and analyzes problems, weighs relevance and accuracy of information, generates and evaluates alternative solutions, and makes sound recommendations.
Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
Part-time and/or unpaid experience related to this position will be considered to determine the total number of years and months of experience. Be sure to note the number of paid or unpaid hours worked each week.
Additional information on the qualification requirements is outlined here.
All requirements must be met by 08/17/2017, the closing date of the announcement.
At the full performance level, duties include, but are not limited to:
Serving as a Subject Matter Expert (SME) for the Bank's cybersecurity incident management and Network & Security Operations Center (NSOC) services, the incumbent will:
- Apply tactics, techniques, and procedures for a full range of continuous diagnostics and mitigation (CDM) tools and processes.
- Use defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
- Respond to crisis or urgent situations within the Bank's enterprise to mitigate immediate and potential threats and use mitigation, preparedness, and response and recovery approaches, as needed, to protect information security of the Bank's IT systems, network, and data whether on premises or in the cloud.
- Conduct assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
- Security engineering support and collaboration with external Bank cybersecurity providers for the installation, configuration, test, operations, maintenance, and management of on premises and external (including cloud hosted) cybersecurity analysis and monitoring tools and sensors, services, and software that permit the sharing of actionable, real-time or near real-time cybersecurity information to continuously monitor and act to protect the security of the Bank's information and information systems.
- Security engineering support and collaboration with external Bank cybersecurity providers for the installation, configuration, test, operations, maintenance, and management of on premises and external (including cloud hosted) cybersecurity protective devices and sensors, including firewall/Intrusion Protection System (IPS) settings, rules and configurations to support the accomplishment of the Bank's mission while protecting the Bank's security posture to ensure the confidentiality, integrity, and availability of the Bank's information and information systems.
- Works with external cybersecurity partners (i.e., DHS' CDM program contractor, MTIPS providers, and other cloud-based cybersecurity providers) to review, update, and revise configurations of external cybersecurity services for optimum benefit to the Bank mission and security.
- Tracks and reports to IT management on the responsiveness, performance, and effectiveness of externally hosted cybersecurity services provided to the Bank by our external cybersecurity providers. Makes recommendations for improvement or alternatives as needed.
- Responsible for ensuring the adequacy of access control, passwords, and account creation an administration of assigned on premises and cloud-based IT systems.
- Conduct training of personnel within pertinent subject domain. Develop, plan, coordinate, deliver and/or evaluate training courses, methods, and techniques as appropriate.