Senior Information Technology Specialist (Cybersecurity)

Washington, D.C
Jun 24, 2021
Jul 02, 2021
Full Time


This position is located in GAO's Information Technology & Cybersecurity (ITC) team, Center for Enhanced Cybersecurity (CEC) in Washington, DC. The incumbent serves as a Senior IT Specialist (Cybersecurity) performing technical IT security assessments at organizations of audit interest. The incumbent also serve as an individual contributor on an engagement team performing a range of duties that typically include taking the responsibility for a technical cybersecurity segment of the engagement.

Learn more about this agency


  • Takes a lead role in conducting access controls assessments that requires detailed technical testing and verification of controls in complex, diverse and interconnected network environments at organizations of audit interest. Controls assessments includes but not limited to penetration testing tools and techniques, boundary protection, identification and authentication, authorization, cryptography, audit and monitoring, configuration management, and software development.
  • At the direction of the Assistant Director (AD) and the Auditor-In-Charge (AIC), works collaboratively with other team members in the planning and timely execution of information systems general and application controls assessments. This includes involvement in the engagement design, data collection, analysis, message development and drafting segments of products that are technically accurate, complete and appropriately targeted to the product audience.
  • Conducts analysis of data collection efforts that includes conducting interviews with technical staff, independent testing and verification of controls, and reviews of relevant technical documentation and data. Documents results in a clear, balanced, and objective manner that meets the needs of congressional clients and conforms to all audit requirements and quality standards.
  • Presents results orally and in writing to technical and managerial audiences internal to GAO and at external organizations of audit interest.
  • Responsible for the maintenance, configuration, and reliable operation of computer systems that may include servers, network devices, virtualization, and laptops.
  • Serves as a coach and mentor to Band I IT Analysts and Professional Development Program (PDP) staff.
  • Performs other duties as assigned.

Travel Required

Occasional travel - Occasional travel may be required.

Supervisory status

Promotion Potential


Conditions of Employment

  • You must be a U.S. Citizen
  • You may be required to submit a financial disclosure statement.
  • You must be suitable for federal employment.
  • Employees new to GAO must complete a two year probationary period.
  • Registered for Selective Service, if applicable. (

You must meet all qualifications requirements before the announcement closes.


Basic Requirements:
Applicants must have IT-related experience demonstrating each of the four competencies listed below:
  • Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
  • Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
  • Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
  • Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

  • AND

    Specialized Experience: Applicants must have 1 year (52 weeks) of specialized experience at the next lower band or level equivalent to the PE-I or PT-II band level, or GS-12 level in the Federal Service, or comparable private/public sector experience which has equipped the applicant with the skills and knowledge to successfully perform the duties of the position. Specialized experience for this position is extensive experience in three or more of the following areas:

    (1) assessing cybersecurity posture of enterprise networks and systems;

    (2) using vulnerability assessment tools and techniques;

    (3) managing multiple operating system environments (for example, Linux and command line, Microsoft and PowerShell, and virtualization environments);

    (4) coding and scripting (for example, Java, C and Python);

    (5) networking technologies such as firewalls, routing, switching and intrusion detection;

    (6) managing cloud resources and security (for example, Amazon Web Services and Azure); and

    (7) conducting computer forensics.

    Specialized experience for this position also includes working collaboratively and effectively in a highly technical team environment, developing detailed plans and schedules, identifying risks, preparing supporting documentation, and presenting results/briefings to senior management officials.

    NOTE: Your application should clearly show your possession of the specialized experience qualification requirement and the four competencies listed above.

    You must meet all qualification requirements before the announcement closes.


    There is no education requirement for this position.

    Additional information

    This is a bargaining unit position.

    Based on the staffing needs, additional selections may be made through this vacancy announcement.

    Travel and relocation expenses will not be paid for by the GAO.

    The U.S. Government Accountability Office's policy is to provide equal employment opportunity for all regardless of race, religion, color, sex (including pregnancy), national origin, age, disability, genetic information, sexual orientation, or gender identity.

    The U.S. GAO is part of the Legislative Branch of the Federal government. As such, all positions are in the excepted service. Initial appointments, permanent or indefinite, to the GAO require completion of a one-year or two-year probationary period.

    How You Will Be Evaluated

    You will be evaluated for this job based on how well you meet the qualifications above.

    Applicants will be considered for selection throughout the opening period. Your resume and supporting documents will be reviewed to determine if you are qualified and eligible. If you are determined to be qualified and eligible for the position, your application will be referred to the selecting official for further consideration.

    All applicants will be rated based on their responses to the assessment questions, in conjunction with the following Knowledge, Skills and Abilities (KSA's):
    • Extensive knowledge of one of more of the following IT technical areas: Linux operating systems and the command line interface, Windows operating systems and PowerShell, networking and wireless technologies, web-based systems and applications, coding and scripting, virtual servers and cloud technologies, or database systems.
    • Extensive knowledge of federal and industry IT security standards and guidelines, and vulnerability assessment methods including the use of penetration tools and techniques, use of vulnerability scanners and scripting tools that can be used to assess the security posture of organizations of audit interest. Ability to think critically, comprehend and apply federal and industry standards and guidelines to audited controls as compliance criteria.
    • Mastery in collecting, analyzing and evaluating cybersecurity-related quantitative and qualitative data collected from various sources to make logical inferences and/or draw accurate conclusions to identify problems and solutions for improvement, by leveraging knowledge in one or more of the following cybersecurity- related areas: cybersecurity policies and laws; best practices for protecting computer systems and data from cyber-attack; cyber incident detection, response, and mitigation capabilities; cybersecurity of critical infrastructures; and information assurance/ information security best practices.
    • Skill in researching and organizing evidence findings and prepare information in a concise and structured manner to communicate recommendation to target audiences.
    • Skill in communicating orally and in writing to prepare reports, lead and participate in Interviews and meetings and to make presentations to agency officials, Congressional staff and others. By way of definition, oral communication may include methods used by employees with disabilities such as sign language interpretation, text-to-speech or TTY technology, and amplification devices.
    • Ability to work collaboratively with other team members and to prioritize work while working on multiple engagements and other tasks simultaneously.
    • Possess or ability to obtain technical industry certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), SANS cybersecurity certifications, or vendor specific certifications (Red Hat, Microsoft, Cisco, Splunk, etc...).

    To preview questions please click here .

    Background checks and security clearance

    Security clearance

    Drug test required

    Required Documents

    You must provide a complete application package which includes:

    - Resume: must be created using the USAJOBS resume builder and show relevant work experience.

    - Current or former federal employees may submit their most recent Notification of Personnel Action (SF-50 or equivalent), showing tenure, type of service (competitive/excepted) and the highest grade held.

    Failure to submit any of the above mentioned required documents will result in loss of consideration due to an incomplete application package. It is your responsibility to ensure all required documents have been submitted.

    If you are relying on your education to meet qualification requirements:

    Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education .

    Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.