GSA has been repeatedly named as one of the 'Best Places to Work' in the Federal Government'. LEARN MORE about why you should choose GSA.)
THIS IS A PUBLIC NOTICE: This Notice is issued under direct-hire authority (DHA) to recruit new talent to this occupation for which there is a severe shortage of candidates. This means that we can hire any qualified candidate, either from this notice or from any source. For more information on DHA, please visit http//www.opm.gov/directhire/index.asp
Summary
GSA has been repeatedly named as one of the 'Best Places to Work' in the Federal Government'. LEARN MORE about why you should choose GSA.)
THIS IS A PUBLIC NOTICE: This Notice is issued under direct-hire authority (DHA) to recruit new talent to this occupation for which there is a severe shortage of candidates. This means that we can hire any qualified candidate, either from this notice or from any source. For more information on DHA, please visit http//www.opm.gov/directhire/index.asp
Location of Position: GSA, GSA IT. This is full-time telework position. Duty location will be determined upon selection.
We are currently filling only one vacancy, but additional vacancies may be filled through this announcement in this or other GSA organizations within the same commuting area, as needed; through other means; or not at all.
This announcement covers the following positions/duties:
Position #1: Security Architect/Security Engineer
Performs security reviews of GSA and government wide software applications/systems (on prem, cloud and hybrid) and approves proposed Security Architectures prior to the commencement of the system build (architecture, infrastructure, and code) to ensure that any proposed security architecture or proposed changes to an existing architecture are security designed and comply with GSA security requirements prior to implementation or redesign.
Develop and maintain the security engineering framework and related process, and supporting procedural guides, technical guides and benchmarks that include, but not be limited to: system and cloud architecture, secure API integration, code quality, cryptography, and required key technical controls.
Position #2: AppSec SME/Security Engineer
Responsible for maintaining the static application security testing tool and dynamic or interactive application security testing tool, working closely with system teams, DevSecOps teams and other internal teams to establish and improve the application security of GSA information systems at every stage of the development lifecycle.
Assist in onboarding system teams to the automated application security testing solutions. Support product and development teams in the area of application security, including defining abuse cases, misuse cases, threat modeling and architecture risk analysis, perform static and dynamic application security testing and code reviews and assist system teams in reproducing, triaging, and remediating application security vulnerabilities.
Position #3: ICAM SME
Responsible for the governance of the Identity, Credential and Access Management (ICAM) Shared Services Portfolio.
Manage the ICAM Program within the ICAM Shared Services Division, including development of any related policies, procedures, and processes.
Position #4: Cyber Security Operations - Security Operations
Manage the Bug Bounty Program and the Vulnerability Disclosure Program (VDP) to include drafting detailed vulnerability reports highlighting issues.
Works with IT Security vendors to ensure their product roadmaps align with ongoing GSA strategic efforts.
Responsible for a variety of Information Security tasks and functions to ensure agency-level compliance with GSA IT Security policies, Federal Information Security Management Act of 2002 (FISMA), Office of Management and Budget (OMD), Department of Homeland Security (DHS) and National Institute of Standards and Technology (NIST) requirements.
Position #5: Cyber Security Operations - Security Operations Center Product Owner
Responsible for all internal security operations tasks and management of Security Operations Center, Incident Response, and Threat Hunt Function and the analyst staff associated with the SOC.
Responsible for a variety of Information Security tasks.
and functions to ensure agency-level compliance with GSA IT Security policies, Federal Information Security Management Act of 2002 (FISMA), Office of Management and Budget (OMB), Department of Homeland Security (DHS), and National Institute of Standards and Technology (NIST) requirements.
Conducts, oversees and monitors security analyses, testing, evaluations and Certification and Accreditation (C&A) of systems and networks.
Works with IT Security vendors to ensure their product roadmaps align with ongoing GSA strategic efforts in providing Security Operations as a Service model.
General: Leadership and Collaboration (ALL POSITIONS)
Implements and provides authoritative advice and guidance to ensure the confidentiality, integrity, and availability of network and information systems.
Collaborates with internal and external stakeholders and partners to support the government’s information security needs and establish related guidelines. Provides input and support of related high level initiatives.
NOTE: Current civil service employees will receive new appointments if selected under this Direct Hire Authority.
Relevant experience and/or education (as noted on the GSA website).
Suitable for Federal employment, determined by a background investigation.
You may be required to serve a trial period.
You must apply on-line via the GSA website.
In order to be considered, you must meet the following conditions:
Current or Former Political Appointees: The Office of Personnel Management (OPM) must authorize employment offers made to current or former political appointees. If you are currently, or have been within the last 5 years, a political Schedule A, Schedule C or NonCareer SES employee in the Executive Branch, you must disclose this information to the HR Office. Failure to disclose this information could result in disciplinary action including removal from Federal Service.
Serve a one year probationary period, if required.
Undergo and pass a background investigation (Tier 2 investigation level).
Have your identity and work status eligibility verified if you are not a GSA employee. We will use the Department of Homeland Security’s e-Verify system for this. Any discrepancies must be resolved as a condition of continued employment.
Qualifications
For each job on your resume, provide:
the exact dates you held each job (from month/year to month/year)
number of hours per week you worked (if part time).
If you have volunteered your service through a National Service program (e.g., Peace Corps, Americorps), we encourage you to apply and include this experience on your resume. For a brief video on creating a Federal resume, click here.
The GS-14 base salary range starts at $111,521 (based on Step 1, outside of locality pay areas) to $176,300 (San Jose-San Francisco-Oakland, CA includes locality pay). Locality pay will be determined once the duty location has been established
If you are a new federal employee, your starting salary will likely be set at the Step 1 of the grade for which you are selected.
To qualify, you must have IT-related experience demonstrating EACH of the four competencies AND one year of specialized experience equivalent to the GS-13 level in the Federal service as described below:
IT SPECIALIST COMPETENCY REQUIREMENTS:
Attention to Detail - This skill is generally demonstrated by assignments where the applicant investigates and evaluates “state of the art” technology of the industry. Customer Service - This skill is generally demonstrated by assignments where the applicant confers with users to evaluate the effectiveness of, or identify the need for, computer programs or management systems. Oral Communication - This skill is generally demonstrated by assignments where the applicant persuades others to take a particular course of action or to accept findings, recommendations, changes, or alternative viewpoints. Problem Solving - This skill is generally demonstrated by assignments where the applicant identifies and accommodates technology and resource constraints.
SPECIALIZED EXPERIENCE REQUIREMENTS: Specialized experience is defined as experience leading IT security projects, providing information and recommendations to meet the business goals and improve processes of an organization’s IT security in one of the following areas:
Experience in secure architecture design and review, threat modeling and technical guide development, and providing security engineering guidance and recommendations to meet the business goals and improve an organization’s IT security OR
Experience in secure software development and application security (AppSec), managing SAST/DAST/IAST tools and assisting system teams in triage and remediation of software security vulnerabilities to improve the software security posture of the organization OR
Experience in operationalizing an enterprise Identity, Credential, and Access Management (ICAM) program, including authentication mechanisms (e.g. SAML, OIDC) and access management solutions OR
Experience in processing and validation of vulnerability and conducting threat analysis to determine risk or Experience in Cyber Forensic and and Incident Response with the ability to lead a cyber incident
Experience in maintaining a Security Operation Center for a Enterprise that include coordination with stakeholders and technical team
Additional information
Bargaining Unit status: TBD
Relocation-related expenses are not approved and will be your responsibility.
Travel expenses associated with interviews may be approved. Determinations will be made on a case-by-case basis.
On a case-by-case basis, the following incentives may be approved:
Recruitment incentive if you are new to the federal government
Credit toward vacation leave if you are new to the federal government
Selected applicants may qualify for credit toward annual leave accrual based on prior non-Federal work experience or uniformed service experience.
If you are eligible under Interagency Career Transition Assistance Plan or GSA’s Career Transition Assistance Plan (ICTAP/CTAP), you must receive a score of 85 or higher to receive priority.
A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.
Benefits A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Learn more about federal benefits
Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.
How you will be evaluated
You will be evaluated for this job based on how well you meet the qualifications above.
Applications will be evaluated for this job based on how well you meet the qualifications above. You will be evaluated on the questions you answer during the application process, which will measure your overall possession of the following competencies or knowledge, skills, and abilities. Your responses to these questions must be supported by your resume or your score may be lowered. Qualified candidates will be considered in accordance with the Office of Personnel Management Direct Hire Guidelines. Veterans' Preference does not apply to the direct hire recruitment procedures. Certain selections made under this notice will be processed as new appointments to the civil service. Current civil service employees will be given new appointments to the civil service. You may not be considered for the position, if any part of the application is incomplete or missing the required supporting documentation. Falsifying your background, education and/or experience is cause for not hiring you or dismissing you if hired.
Position #1: Security Architect/Security Engineer
Skills applying IT security theories, principles, concepts, standards, and best practices to understand the proposed IT system security design and guide the secure implementation of information systems.
Position #2: AppSec SME/Security Engineer
Skill in applying application security and software security concepts, principles, methods, industry standards and practices to provide technical advice and guidance on critical application and software security issues.
Position #3: ICAM SME
Skill in applying IT concepts, principles, methods, industry standards and practices to provide technical advice and guidance on critical IT issues to apply new developments to special projects.
Position #4: Cyber Security Operations - Security Operations
Knowledge of Information Technology Security to apply experimental theories and developments to problems and make recommendations changing or developing public policies or programs.
Knowledge of the IT Security area of specialization, its governing laws, regulations, methodologies and/or policies to provide technical guidance on all issues related to the assigned program.
Skill in applying a range of qualitative and/or quantitative methods for the assessment and improvement of Infosecurity (INFOSEC) program effectiveness
Position #5: Cyber Security Operations - Security Operations Center Product Owner
Knowledge of Information Technology Security to apply experimental theories and developments to problems and make recommendations changing or developing public policies or programs.
Knowledge of the IT Security area of specialization, its governing laws, regulations, methodologies and/or policies to provide technical guidance on all issues related to the assigned program.
Skill in applying a range of qualitative and/or quantitative methods for the assessment and improvement of Infosecurity (INFOSEC) program effectiveness.
General: Leadership and Collaboration (ALL POSITIONS)
Skills in building relationships with internal and external customers to provide advice and guidance.
Knowledge of project management methodologies
Ability to apply tools and technologies to direct the secure development and implementation of systems/software.
A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.
Benefits A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Learn more about federal benefits
Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.
GSA's application process has been specifically developed to ensure that we only ask you for the information we absolutely need to evaluate your qualifications and eligibility. All Recent Graduate applicants are required to submit the following supportive documents:
Your resume showing applicant's name, email address, work schedule, hours worked per week, dates of employment and duties performed.
If you are ICTAP eligible - submit a, b, and c: (a) proof of eligibility including agency notice; (b) SF-50, and (c) most recent performance appraisal. Current or Former Political Appointees: Submit SF-50.
eligible - submit a, b, and c: (a) proof of eligibility including agency notice; (b) SF-50, and (c) most recent performance appraisal. Current or Former Political Appointees: Submit SF-50.
If you are relying on your education to meet qualification requirements:
Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.
How to Apply: This Direct Hire Public Notice will be used to build a list/inventory of applicants that may be referred as vacancies become available.
You must submit a complete online application, including any required documents, before your eligibility can be confirmed. Errors or omissions may result in your not being considered for this vacancy. You can modify/complete your application any time before the vacancy date/time deadline. Simply return to USAJOBS, select the vacancy, and update your application. For more detailed instructions on how to apply, click here: Apply for a GSA Job (http://www.gsa.gov/portal/category/26564) . To begin, click the Apply Online button on the vacancy announcement.
Sign in or register on USAJobs and select a resume and documents to include in your application.
Once you have clicked Apply for this position now, you will be taken to the GSA site to complete the application process.
Click the Apply To This Vacancy and complete all steps in the application process until the Confirmation indicates your application is complete. If you click Return to USAJobs or get timed out prior to receiving confirmation, your application will not be submitted and cannot be considered for this job.
Note: Review the REQUIRED DOCUMENTS section of this announcement to determine which apply to you and must be submitted online. You may choose one or more of the following options to submit your document(s): Upload (from your computer); USAJOBS (click the "USAJOBS" link to complete the transfer process).
Need Assistance in Applying? Contact the HR representative listed on the announcement prior to the application deadline. We are available to assist you Monday-Friday during normal business hours. You must receive HR approval before deviating from these instructions. Be sure to APPLY EARLY as most assessments must be completed fully and submitted before the announcement closing.
GSA, Office of GSA IT
General Services Administration
Human Resources Division (CRSC)
1800 F Street NW
Washington, District of Columbia 20405
United States
Next steps
Please notify us if your contact information changes. Also, note that if your provide an email address that is inaccurate, or if your mailbox is full or blocked (e.g., spam-blocker), you may not receive important communication that could affect your consideration for this positions
The Federal hiring process is set up to be fair and transparent. Please read the following guidance.
GSA's application process has been specifically developed to ensure that we only ask you for the information we absolutely need to evaluate your qualifications and eligibility. All Recent Graduate applicants are required to submit the following supportive documents:
Your resume showing applicant's name, email address, work schedule, hours worked per week, dates of employment and duties performed.
If you are ICTAP eligible - submit a, b, and c: (a) proof of eligibility including agency notice; (b) SF-50, and (c) most recent performance appraisal. Current or Former Political Appointees: Submit SF-50.
eligible - submit a, b, and c: (a) proof of eligibility including agency notice; (b) SF-50, and (c) most recent performance appraisal. Current or Former Political Appointees: Submit SF-50.
If you are relying on your education to meet qualification requirements:
Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.
How to Apply: This Direct Hire Public Notice will be used to build a list/inventory of applicants that may be referred as vacancies become available.
You must submit a complete online application, including any required documents, before your eligibility can be confirmed. Errors or omissions may result in your not being considered for this vacancy. You can modify/complete your application any time before the vacancy date/time deadline. Simply return to USAJOBS, select the vacancy, and update your application. For more detailed instructions on how to apply, click here: Apply for a GSA Job (http://www.gsa.gov/portal/category/26564) . To begin, click the Apply Online button on the vacancy announcement.
Sign in or register on USAJobs and select a resume and documents to include in your application.
Once you have clicked Apply for this position now, you will be taken to the GSA site to complete the application process.
Click the Apply To This Vacancy and complete all steps in the application process until the Confirmation indicates your application is complete. If you click Return to USAJobs or get timed out prior to receiving confirmation, your application will not be submitted and cannot be considered for this job.
Note: Review the REQUIRED DOCUMENTS section of this announcement to determine which apply to you and must be submitted online. You may choose one or more of the following options to submit your document(s): Upload (from your computer); USAJOBS (click the "USAJOBS" link to complete the transfer process).
Need Assistance in Applying? Contact the HR representative listed on the announcement prior to the application deadline. We are available to assist you Monday-Friday during normal business hours. You must receive HR approval before deviating from these instructions. Be sure to APPLY EARLY as most assessments must be completed fully and submitted before the announcement closing.
GSA, Office of GSA IT
General Services Administration
Human Resources Division (CRSC)
1800 F Street NW
Washington, District of Columbia 20405
United States
Next steps
Please notify us if your contact information changes. Also, note that if your provide an email address that is inaccurate, or if your mailbox is full or blocked (e.g., spam-blocker), you may not receive important communication that could affect your consideration for this positions
Fair and transparent
The Federal hiring process is set up to be fair and transparent. Please read the following guidance.
