Clarification from the agency

All U.S. Citizens - Current Career United States Postal Service Office of Inspector General, United States Postal Service and United States Postal Inspection Service WILL NOT be considered or selected from this vacancy announcement. INTERNAL EMPLOYEES MUST APPLY TO ANNOUNCEMENT #: 11752852

Videos

The Cybersecurity & Information Technology Directorate helps reduce the risk of fraud, inappropriate disclosure of sensitive data, unauthorized disclosure of customer information, cost overruns and inefficiencies of systems, IT contract and regulatory noncompliance, and disruption of critical operations and services. The directorate assesses whether Postal Service information resources provide the highest level of security, reliability, and value expected by Postal Service customers.

The USPS OIG uses a Pay Banding system, which is equivalent to the Federal GS scale. Grade and salary determinations will be made based upon a candidate's education and professional experience.

This position is being advertised at the Specialist Band level, equivalent to a GS-14. The salary range for this position is $115,072.00 - $164,102.00. The salary figures INCLUDE locality pay for all announced locations.

Candidates will be evaluated on the skills that they possess that are directly related to the duties of the position and the experience, education and training that indicate the applicant's ability to acquire the particular knowledge and skills needed to perform the duties of the position. Only those candidates who meet all qualification and eligibility requirements and who submit the required information by 11:59 PM EST on12/23/2022 will be considered.

Please note that the duties and responsibilities associated with this position may vary based upon the agency's needs at the time of hire. The following description of major duties and responsibilities is only intended to give applicants a general overview of the expectations.

The employee provides senior or expert level advice in the area of information technology. Participates in and makes contributions to management decisions in assigned program areas. Applies a wide range of information technology concepts, laws, policies, practices, analytical, and diagnostic methods and techniques to address substantive technical issues or problems characterized by complex, controversial, and/or sensitive matters that contain several inter-related issues. Serves as a trouble-shooter, providing authoritative advice and guidance.

• Performs individually and as a member of an audit team, including continuing responsibility for a specific component of a project.
• Leads technical aspects of complex information system related audits of the United States Postal Service, including the data collection efforts needed to develop conclusions and recommendations.
• Participates or leads meetings with OIG and USPS officials to communicate results of work.
• Review Postal Service use of emerging technology and its implementation and recommends potential audit areas using the format prescribed by the Cybersecurity & Technology directorate.
• Makes recommendations for corrective actions and writes audit working papers and reports utilizing Generally Accepted Government Auditing Standards.
• Maintains liaison with other offices, agencies and other appropriate organizations as needed.
• Performs other special projects and activities.
• Ensures that research and resulting audit work papers are developed and delivered in accordance with Office of Audit requirements.
• Conducts program risk assessments and develops applicable audit programs.
• Provides opinions on the efficiency and effectiveness of Postal Service programs.
• Conducts follow-up reviews of management actions taken to correct identified deficiencies for complex information systems audits.
• Represent the Cybersecurity & Technology directorate at key technical conferences, working groups and forums
• Performs IT Security testing to include vulnerability assessments, penetration testing, and source code reviews on wireless, mobile systems, applications, and IT networks.
• Develops audit procedure steps for IT testing within the objective and scope of the audit project.
• Train audit team members to gain an understanding of IT technical testing and analysis of resulting data.
• Research emerging technologies.
• Plans, develops, and organizes pilot tests in controlled environments.
• Recommends adoption of new methodologies based on favorable feasibility analyses.
• Ensures improvements in the design and development of applications that enhance the Office of Audit's ability to accomplish mission critical program activities.

Conditions of employment

• Must be a U.S. citizen.
• Must be able to pass a drug screening and medical assessment questionnaire.
• Must be able to pass a background investigation.
• Must be able to obtain and maintain Tier-5 Top Secret security clearance.
• Must be able to obtain and maintain a government-issued credit card.
• May be required to successfully complete a 12-month probationary period.

Qualifications

MINIMUM QUALIFICATIONS

You must meet ALL of the minimum qualifications listed below.

• Specialist (GS-14) level must have 10+ years of hands-on experience performing build, implementation, and maintenance of IT systems, cyber defense systems, or network infrastructure.

• A combination of education and experience - Successful completion of a full 4-year course of study in an accredited college or university leading to a bachelor's or higher degree in information technology or a related field AND six (6) years of progressive, specialized, hands-on experience in performing build, implementation, and maintenance of IT systems, cyber defense systems, or network infrastructure

AND

• Enterprise IT, IT Security, or IT Network operations experience

OR

• Knowledge of program coding languages such as Python, PowerShell, YAML, SQL, etc.

DESIRABLE QUALIFICATIONS

• At least 3 years' experience performing blue team (vulnerability testing) or red team (penetration testing)
• At least 2 years' experience performing secure code reviews
• At least 3 years SCADA or ICS experience
• A technical certification such as CCNA, CCNP, SSCP, Cloud (AWS, Google, etc), MCSE, Security +, Network +, CISA, CISSP, ITIL

EVALUATION FACTORS
You must have the experience, knowledge and skills as listed in EACH of the evaluation factors. Failure to demonstrate that you meet all of the evaluation factor requirements as listed below will result in a score of zero (0); an ineligible status, and you will not be referred for further consideration. Include your major accomplishments relevant to the position requirements in your resume.

• Mastery of, and skill in applying, advanced information technology principles, concepts, methods, standards, and practices sufficient to develop and interpret policies, procedures, and strategies governing the planning and delivery of services throughout the Office of Audit.
• Mastery of, and skill in applying interrelationships of multiple IT specialties; new IT developments and applications; emerging technologies and their applications to business processes; IT security concepts, standards, and methods; and project management principles, methods, and practices including developing plans and schedules, estimating resource requirements, defining milestones and deliverables, monitoring activities, and evaluating and reporting on accomplishments sufficient to manage assigned projects.
• Skill in making decisions or recommendations that significantly influence important Office of Audit information technology policies or programs.
• Ability to provide expert technical advice, guidance, and recommendations to management and other technical specialists regarding critical information technology issues.
• Ability to analyze, review, and/or assess information technology procedures and controls in topics such as: general controls, computer security techniques, application control reviews, system development life cycle, operating system software, multi-platform hardware such as client- server or mainframes, network operations and testing, data integrity, disaster recovery, information systems acquisitions, etc.
• Ability to apply new developments to previously unsolvable information technology problems.
• Ability to prepare and present briefings to senior management officials on complex/controversial issues.
• Ability to communicate effectively both orally and in writing.
• Ability to analyze data from IT Security testing using advanced analytical tools.
• Ability to independently design and execute IT Security testing to include vulnerability assessments, penetration testing, and source code reviews

Failure to demonstrate that you meet all evaluation factor requirements will result in a score of zero (0). Upon receipt of a zero score, you will be deemed "not minimally qualified," and you will not be referred for further consideration.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

The Human Resources Office will review your resume and supporting documentation to ensure that you meet the minimum qualifications required for this position. You will no longer be considered for this position if you: receive a zero (0) rating on any evaluation factor; fail to attach all required documentation; if your application materials indicate that you are not minimally-qualified for this position; or if you fail to qualify on the interview. Only the top-rated candidates will be referred to a review official or the selecting official for further consideration. Top-rated applicants may be required to participate in an interview. Your rating may be further adjusted or rated as ineligible by the review official or the selecting official based on your interview performance. Once all applicant scores are finalized, the selecting official will make a final decision. NOTE: If you receive a zero (0) rating on any evaluation factor or on the interview, you will be considered NOT MINIMALLY QUALIFIED for the position and rated ineligible.