IT Specialist (Security)

Employer
USAJobs
Location
District of Columbia, D.C
Posted
Sep 26, 2020
Closes
Oct 04, 2020
Function
IT, Security Engineer
Hours
Full Time
Duties

Summary

This position is located in the Information Technology Center (ITC), FCC IT, Office of the Managing Director, Federal Communications Commission.The incumbent of this position serves as an IT Specialist focused on Security Compliance supporting the Chief Information Security Officer (CISO). The incumbent facilitates the engineering of mechanisms used to defend FCC networks from external threat required around the developing, delivering, and maintenance of systems and networks at the FCC.

Learn more about this agency

Responsibilities

The IT Security Compliance and Audit Lead maintains the critical role of protecting FCC's computer network operations by maximizing the Cybersecurity Assets that defend the network and exercising knowledge, skills and the experience to understand, detect, clearly explain, and resolve cyber threats. In this role the incumbent supports the Chief Information Security Officer (CISO), enabling him/her to perform higher level functions within the FCC. The IT Security Compliance Specialist must:
  • Manage FCC Assessment and Authorization (A&A) Lifecycle.
  • Develop and implement FCC Information System Security Policies and Procedures.
  • Develop annual Authority to Operate (ATO) packages as required by the National Institute of Standards and Technology {NIST) standard in conjunction with the Information Systems Security Officer (ISSO). Ensure that all critical systems have been identified and are up to date for the System Security Plan.
  • Administer and manage the FISMA system repository, Cyber Security Assessment and Management tool.
  • Conduct independent risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and measures needed to protect FCC automated information, and to complete system certification and accreditation for each system.
  • Create, approve, and monitor status Plan of Action and Milestones for Security Program. Develop, test, implement, and update the FCC Information Systems Contingency Plan and Disaster Recovery Plans. Ensure that these plans are consistent across Headquarter, Regional Offices, and meet NIST requirements.
  • Review and comment on all Security Policies developed by the Office of Chief Information Officer.
  • Prepare annual for General Support Systems and Major Applications in conjunction with System owners.
  • Direct and control project phases, ensuring compliance with applicable Federal regulations and guidelines such as but not limited to FISMA, OMB directives and Information security policies and procedures.
  • Oversee the vulnerability management process to ensure that vulnerabilities are being patched in a timely manner.
  • Direct and facilitate the enterprise-wide security training for all users.
  • Oversee, review and approve FedRAMP ATO packages, continuous monitoring reports, and deviation requests for Cloud Service Providers.
  • Plan projected work including development of long range and annual audit plans, research and coordination of fact sheets and audit plans.
  • Develop plan to migrate from NIST 800-37 Rev 1 to Rev 2.
  • Independently oversee audit execution and the development of concepts and approaches, guides, and resources; conduct audit reviews; and report progress.
  • Direct the development of audit reports, ensuring compliance with standards and 'protocols and the development of appropriate corrective action.
  • Maintain liaison and represent FCC IT personnel with Internal and external stakeholders and officials of OIG, FCC, GAO, other Federal agencies, nongovernmental organizations, foreign governments, and Congressional staff.
  • Manage acquisition and planning, prepare Statements of Work for security related
  • Provide recommendations for and participate in the acquisition of information security and information assurance enforcement, analysis, and monitoring tools, as well as tools purchased off the-shelf that are acquired with security requirements.
  • Provide recommendations for and participates in the assessment of emerging technologies that may enhance information security and information assurance enforcement, analysis, and monitoring, as well as technologies that may be available off-the-shelf that may enhance security capabilities of existing applications and systems.
  • Manage contractor staff and be COR certified.
  • Collaborate with IT team members to effectively meet milestones.
  • Provide reports to the CISO on compliance activities.
  • Performs other duties as assigned.


Travel Required

Not required

Supervisory status
No

Promotion Potential
14 - No promotion potential.

Requirements

Conditions of Employment

  • Suitable for employment as determined by a background investigation.
  • US Citizenship.
  • Must submit a financial disclosure statement upon assuming the position.
  • Males born after 12/31/59 must be registered with Selective Service.
  • Drug Testing Required.


Please note your resume must thoroughly support your responses to the vacancy questions. Your resume is an integral part of the process for determining if you meet the basic qualifications of the position and determining if you are to be among the best qualified.

Qualifications

Applicants must meet eligibility and qualification requirements by the closing date of this announcement. Current Federal employees must meet time-in-grade requirements by the closing date of this announcement.

For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below:
  • Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
  • Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
  • Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
  • Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

  • In addition to meeting the basic requirements:

    Specialized Experience: Applicants must have a minimum of one year of specialized experience equivalent to at least the GS-13 grade level in the Federal service.

    For this position, specialized experience includes the following:

    1) Experience reviewing and validating Cybersecurity Assets network and architecture.
    2) Experience identifying network threats or vulnerabilities, providing solutions and resolving issues.
    3) Experience managing the completion of assessment and authorization packages for government systems.
    4) Experience independently overseeing audit execution and the development of concepts and approaches, guides, and resources; conducts audit
    reviews; and reports progress.

    PART-TIME OR UNPAID EXPERIENCE: Credit will be given for appropriate unpaid and or part-time work. You must clearly identify the duties and responsibilities in each position held and the total number of hours per week.

    Education

    N/A

    Additional information

    EEO Policy Statement Reasonable Accommodation Policy Statement Veterans Information Legal and Regulatory Guidance

    How You Will Be Evaluated

    You will be evaluated for this job based on how well you meet the qualifications above.

    All applicants will be rated on the extent and quality of experience and education relevant to the duties of the position. An automated score is administered based on the on-line application process used.

    There are several parts to the application process that affect the overall evaluation of your application including:

    1. the core questions
    2. the vacancy questions
    3. supplemental documentation (e.g., DD-214, SF-50, SF-15, transcripts), if applicable; and
    4. your resume.

    Applicants will be rated ineligible, if they do not respond to job specific questions provide supplemental documents and submit resume. For more information, please click on Rating Process

    You will be evaluated for this position on the following Knowledge, Skills, Abilities and Other characteristics (KSAOs):
    • Ability to validate Cybersecurity Assets
    • Skill in conducting risk and vulnerability assessments
    • Ability to manage the completion of assessment and authorization packages
    • Ability to oversee IT Audit Execution

    To preview questions please click here .

    Background checks and security clearance

    Security clearance
    Sensitive Compartmented Information

    Drug test required
    Yes

    Position sensitivity and risk
    Special-Sensitive (SS)/High Risk

    Trust determination process
    Suitability/Fitness , National security

    Required Documents

    ***ALL SUPPLEMENTAL DOCUMENTS MUST BE RECEIVED IN THE FCC'S HUMAN RESOURCES OFFICE BY THE CLOSING DATE OF THIS ANNOUNCEMENT. ONCE YOU APPLY TO THIS VACANCY YOU WILL BE PROMPTED BY THE SYSTEM TO EITHER UPLOAD DOCUMENTS OR PRINT FAX COVERSHEETS. THE FAX NUMBER WILL BE LISTED ON THIS SHEET. IF FAXING, ALL DOCUMENTS REQUIRED SHOULD BE FAXED SEPARATELY ON THE FAX COVER SHEET PROVIDED. ONCE FAXED, YOU SHOULD RECEIVE AN EMAIL CONFIRMATION WITHIN AN HOUR. IF YOU DO NOT RECEIVE AN EMAIL CONFIRMATION, YOUR FAX HAS NOT BEEN SUCCESSFULLY RECEIVED AND YOU SHOULD FAX AGAIN.

    IF YOU ARE UNABLE TO FAX THE REQUIRED DOCUMENTATION, CONTACT THE HUMAN RESOURCES OFFICE AT 202-418-0130 PRIOR TO THE CLOSING DATE OF THIS ANNOUNCEMENT.***

    Hardcopy Supplement Documents Required:

    Current Federal employees should submit a copy of their most recent annual performance appraisal;

    Veterans must submit a legible copy of form DD-214, "Certificate of Release or Discharge from Active Duty," or an SF-15, Application for 10-Point Veterans' Preference, plus the proof
    required by that form. Please refer to OPM's VetGuide for further information about veterans' preference at http://www.opm/veterans/html/vetguide or click on VetGuide

    If you are relying on your education to meet qualification requirements:

    Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education .

    Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.

    Similar jobs