Clarification from the agency

All U.S. Citizens - Current Career United States Postal Service Office of Inspector General, United States Postal Service and United States Postal Inspection Service will not be considered or selected from this vacancy announcement.

The successful candidate will be an expert technical authority responsible for the Security Operations Center (SOC) function and for information technology security (Cybersecurity/InfoSec) engineering, design, and system authorization. Responsibilities include solving significant problems complicated by interfaces and inter-relationships between and among programs, systems, functions, policies, and numerous critical issues for agency-wide information technology solutions, operations, and maintenance supporting the security of agency infrastructure, systems, and information.

Candidates will be evaluated on the skills that they possess that are directly related to the duties of the position and the experience, education and training that indicate the applicant's ability to acquire the particular knowledge and skills needed to perform the duties of the position. Only those candidates who meet all qualification and eligibility requirements and who submit the required information by 11:59 PM EST on 10/01/2021 will be considered.

The USPS OIG uses a Pay Banding system, which is equivalent to the Federal GS scale. Grade and salary determinations will be made based upon a candidate's education and professional experience.

This position is being advertised at the Specialist Band level, equivalent to a GS-14. The salary range for this position is $122,530.00 - $159,286.00. The salary figures include locality pay.

Please note that the duties and responsibilities associated with this position may vary based upon the agency's needs at the time of hire. The following description of major duties and responsibilities is only intended to give applicants a general overview of the expectations.

• Establishes, implements, and interprets the requirements for agency compliance with policy directives governing cybersecurity protection.
• Performs thorough security operations center analysis of potentially malicious or suspicious threats.
• Effectively administers and sustains an enterprise level application security scanning tool for major cloud-based applications.
• Develops policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to on-premises and cloud-based systems, networks, and data.
• Conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
• Promotes awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals.
• Conducts systems security evaluations, audits, and reviews.
• Develops cybersecurity policies, plans, processes, and procedures.
• Develops and implements cybersecurity training programs to ensure that on-premises and cloud-based systems, networks, and data users are aware of, understand, and adhere to systems security policies and procedures.
• Participates in network and system design to ensure implementation of appropriate cybersecurity policies.
• Facilitates the gathering, analysis, and preservation of evident used in the prosecution of cybercrimes.
• Assesses security events to determine impact and implementing corrective actions.
• Ensures the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services.
• Coordinates the review and evaluation of the agency cybersecurity protection program, including policies, guidelines, tools, methods, and technologies.
• Identifies current and potential problem areas.
• Updates or establishes new requirements.
• Makes recommendations for a fully compliant cybersecurity protection program to be implemented throughout the agency.
• Monitors agency compliance with cybersecurity protection requirements across IT programs.
• Adjusts program guidelines in response to changing technologies.

Conditions of employment

• Must be a U.S. citizen
• Must be able to pass a drug screening and medical assessment questionnaire.
• Must be able to pass a background investigation
• Must be able to obtain and maintain Moderate Background Investigation
• Must be able to obtain and maintain a government-issued credit card
• May be required to successfully complete a 12-month probationary period

Qualifications

MINIMUM QUALIFICATIONS

You must meet ALL of the minimum qualifications listed below.

• Bachelor's Degree in Cybersecurity/Information Technology Security or equivalent field from an accredited college or university

AND

• At least 5 years of specialized experience in responding to security incidents and conducting security related operations or engineering for an enterprise network; operating network systems or windows security systems and implementing security considerations as part of engineering and operations; designing and implementing security or network operations capabilities; supporting IT troubleshooting for complex network or server operations including customer support and technical resolution.

DESIRABLE QUALIFICATIONS

• Microsoft 365 Certified Security Administrator Associate
• Microsoft Certified Azure Security Engineer Associate
• Advanced degree in Cybersecurity or related field
• Currently Industry Certifications in one or more of the following (or equivalent)
  • Security Management/Leadership: CISSP, SANS GSLC
  • SANS/GIAC Intrusion Analyst, Incident Handler, Incident Management training
  • CompTIA Security+, Network+
• Knowledge of coding languages such as Kusto, Python, PHP, C++, C#

EVALUATION FACTORS
You must have the experience, knowledge and skills as listed in EACH of the evaluation factors. Failure to demonstrate that you meet all of the evaluation factor requirements as listed below will result in a score of zero (0); an ineligible status, and you will not be referred for further consideration. Include your major accomplishments relevant to the position requirements in your resume.

• Demonstrated expertise in utilizing cloud-based security tools such as, Azure Security Center (Sentinel, Log Analytics, Azure WAF, Defender for Identity, Privileged Identity Manager); Microsoft 365 Security Suite (Defender, Advanced Threat Protection, Cloud Application Security, Protection Portal); Microsoft Security and Compliance Center; Microsoft Endpoint Manager (Intune).
• Demonstrated knowledge of application-based, host-based, and network-based security best practices.
• Knowledge in applying advanced information technology principles, concepts, methods, standards, and practices sufficient to develop and interpret policies, procedures, and strategies governing the planning and delivery of services throughout the agency.
• Demonstrated ability to cultivate relationships across multiple teams to effectively implement security recommendations.
• Demonstrated ability to communicate effectively both orally and in writing with audiences of various levels of technical understanding.

You will no longer be considered for this position if you receive a zero (0) rating on any evaluation factor.

Failure to demonstrate that you meet all evaluation factor requirements will result in a score of zero (0). Upon receipt of a zero score, you will be deemed "not minimally qualified," and you will not be referred for further consideration.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

The Human Resources Office will review your resume and supporting documentation to ensure that you meet the minimum qualifications required for this position. You will no longer be considered for this position if you: receive a zero (0) rating on any evaluation factor; fail to attach all required documentation; if your application materials indicate that you are not minimally-qualified for this position; or if you fail to qualify on the interview. Only the top-rated candidates will be referred to a review official or the selecting official for further consideration. Top-rated applicants may be required to participate in an interview. Your rating may be further adjusted or rated as ineligible by the review official or the selecting official based on your interview performance. Once all applicant scores are finalized, the selecting official will make a final decision. NOTE: If you receive a zero (0) rating on any evaluation factor or on the interview, you will be considered NOT MINIMALLY QUALIFIED for the position and rated ineligible.