Information Technology Security Officer

Employer
USAJobs
Location
Washington, D.C
Posted
Sep 08, 2021
Closes
Sep 16, 2021
Function
IT, Security Engineer
Hours
Full Time
Duties

Summary

The position performs professional work related to the management of IT security policy, planning, development, implementation, training, and support for the circuit.
Learn more about this agency

Responsibilities

The incumbent will collaborate with the AO Office of IT Security on national security policies and the promotion of the Judiciary IT Security Program, while also working with other circuits to collectively establish and raise the security baseline of the Judiciary. Must be able to work regularly on-site and employment is expected to commence as early as late August 2021. A recruitment or relocation bonus may be considered for eligible candidates in accordance with the applicable judiciary policies.

For the full summary of duties, please see the original announcement by clicking the following link:
http://www.cafc.uscourts.gov/sites/default/files/Employment/CAFC-21-11.pdf

Responsibilities of the Information Technology Security Officer include:
  • Review, evaluate, and make recommendations on the courts' technology security programs. Implement local security policies, processes, and technologies that are consistent with the national information security. Provide actionable advice to improve IT security and to fulfill security objectives within the circuit. Promote and support security services available throughout the circuit.
  • Provide technical advisory services to securely design, implement, maintain, or modify information technology systems and networks that are critical to the operation and success of all departments within the circuit. Perform research to identify potential vulnerabilities in, and threats to, existing and proposed technologies, and notify the appropriate managers/personnel of the risk potential.
  • Provide advice on matters of IT security, including security strategy and implementation, to judges, the circuit executive, and other senior court staff. Serve as an information security resource to all departments within the circuit regarding federal and judiciary security regulations and procedures.
  • Assist in the development and maintenance of local court unit security policies and guidance, the remediation of identified risks, and the implementation of security measures.
  • Analyze, and evaluate new and innovative information technology concepts, approaches, methodologies, techniques, services, guidance, training, and policies that will constructively and proactively transform the information security posture of all departments within the circuit. Make recommendations regarding best practices and implement changes in policy.
  • Provide security analysis of IT activities to ensure that appropriate security measures are in place and are enforced. Conduct security risk and vulnerability assessments of planned and installed information systems to identify weaknesses, risks, and protection requirements. Utilize standard reporting templates, automated security tools, and cross-functional teams to facilitate security assessments.
  • Oversee the implementation of security on information systems. Manage information security projects (or security-related aspects of other IT projects) to ensure milestones are completed in the appropriate order, in a timely manner, and according to schedule. Prepare justifications for budget requests. Prepare special management reports, as needed.
  • Serve as a liaison with court stake holders to integrate security into the system development lifecycle. Facilitate project meetings, educate project stakeholders about security concepts, and create supporting methodologies and templates to meet security requirements and controls.
  • Assist the court in developing policies and procedures to ensure information systems' reliability and to prevent and defend against unauthorized access to systems, networks, and data. Create and employ procedures to establish repeatable processes across the circuit's IT security services.
  • Establish mechanisms to promote awareness and adoption of security best practices. Conduct annual security awareness training for all circuit staff and provide frequent IT security briefings, updates, and other resources to all circuit staff. Responsible for completion of the annual Judiciary IT Scorecard self-assessment and ensuring the court is constantly enhancing its IT security posture.


Travel Required

Not required

Supervisory status
No

Promotion Potential
30 - CL-30.

Requirements

Conditions of Employment


This is an Excepted Appointment and At-Will position. Federal government civil service classifications or regulations do not apply. All offers of employment are provisional pending successful completion of a background check or investigation and a favorable employment suitability determination. This position is subject to Electronic Funds Transfer (EFT) for payroll deposit.

Must be a U. S. citizen or eligible to work in the United States. Non-citizens may be interviewed and considered for employment, but employment offers will only be made to individuals who qualify under one of the exceptions in 8 U.S.C.§ 1324b(a)(3)(B). Under 8 U.S.C.§1324b(a)(3)(B), a lawful permanent resident seeking citizenship may not apply for citizenship until he or she has been a permanent resident for at least five years (three years if seeking naturalization as a spouse of a citizen), at which point he or she must apply for citizenship within six months of becoming eligible, and must complete the process within two years of applying (unless there is a delay caused by the processors of the application). Non-citizens who have not been permanent residents for five years will be required to execute an affidavit that they intend to apply for citizenship when they become eligible to do so.

Qualifications

Required Qualifications
  • CL 29 ($82,928 - $134,833): A bachelor's degree from an accredited college or university in Computer Science, Information Systems, Engineering or a related field and at least two years of specialized IT Security experience that provided the applicant with a thorough knowledge and expertise in the theories, principles, practices and techniques of IT systems, network security and management, hardware and software, data communications, and project management. At least one year of specialized experience must have been at or equivalent to work at the CL-28 (GS-12) level.
  • CL 30 ($98,010 - $159,310): A bachelor's degree from an accredited college or university in Computer Science, Information Systems, Engineering or a related field and at least four years of specialized IT Security experience that provided the applicant with a thorough knowledge and expertise in the theories, principles, practices and techniques of IT systems, network security and management, hardware and software, data communications, and project management. At least two years of specialized experience must have been at or equivalent to work at the CL-29 (GS-13) level.

Core Competencies
  • Overall minimum of five years of professional IT experience for the CL 29 or seven years of professional IT experience for the CL 30.
  • Thorough understanding of IT security theories and best practices, as well as an ability to assist with analysis, design, and implementation of security policies and procedures.
  • Thorough knowledge of network security and network traffic analysis.
  • Demonstrated ability to identify and analyze vulnerabilities and implement resolutions in a way that reflects the need to balance risk management against the organization's ability to effectively and efficiently perform its constitutional mission within established legal and regulatory frameworks, and ensure security measures, once enacted, are monitored and enforced.
  • Knowledge of anti-virus, anti-malware, application control, web threat protection and endpoint security controls.
  • Knowledge of and experience with enterprise-level firewalls.
  • Understanding of incident response processes, disaster recovery planning, and Continuity of Operations Plans (COOP) including the ability to implement plans and procedures.
  • Skill in designing IT security awareness training programs for users and IT staff with the application of industry standards and best practices.
  • Knowledge of and experience with one or more of the following software platforms:
    • Splunk Log Management;
    • Security Awareness Training and Products (KnowBe4);
    • Patch Management (KACE); and
    • Vulnerability Scanning (Nessus).
  • Skill in project management, organizing information, and managing multiple work assignments effectively including establishing prioritization, time management, and adherence to tight deadlines.
  • Excellent written and oral communication, presentation, and organizational skills.
  • Ability to use tact and diplomacy in dealing effectively with all levels of court personnel.
  • Ability to work independently and in a team environment.

Preferred Competencies
  • CISSP, CISM, or similar certifications are highly desirable.
  • Experience with and knowledge of Federal Judiciary IT security policies and guidelines is also desirable.


Education

A bachelor's degree from an accredited college or university in Computer Science, Information Systems, Engineering or a related field.

Additional information

The court reserves the right to modify the conditions of this announcement, commence interviews immediately, withdraw the announcement, or fill the position at any time, any of which actions may occur without notice.

How You Will Be Evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Applicants will be evaluated based upon review of their qualifications and the application package.

Background checks and security clearance

Security clearance
Other

Drug test required
No

Required Documents

Cover letter, resume, and completion of the provided online application (AO 78) and testing.

If you are relying on your education to meet qualification requirements:

Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education .

Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.

Similar jobs