Responds to potential localized or widespread security events; uses various reports to help track and isolate user access problems and potential security incidents; creates daily situational reports while manning and supporting the Cyber Security Operations Center. Coordinates and performs automated vulnerability assessments; advises Senate office staff on effective remediation techniques. Coordinates and performs the critical security patch evaluation and certification process for supported Microsoft and non-Microsoft software. Promotes cybersecurity awareness and assists with developing security awareness materials; provides security reviews for Senate Office Cybersecurity operational environments; and assists in providing security training and awareness briefings. Assesses the impact of new cybersecurity threats and identifies and evaluates vulnerabilities within new technology and changes to Senate IT infrastructure. Researches, evaluates, tests, and recommends cybersecurity solutions and controls. Develops, implements, and maintains scripts and other automated tools to identify indicators of intrusion activity and to support effective cybersecurity workflow processes. Performs cybersecurity systems administration tasks and services for Senate employees and vendor maintenance access. Updates management as required on Cybersecurity related issues.

Conditions of employment

• For conditions of employment and citizenship requirements, please visit the job announcement on the United States Senate Career Page at https://sen.gov/J5NY

Qualifications

Work requires a Bachelor’s Degree in computer science, telecommunications, or a related field, and three to five years of progressively responsible experience within a Certified Information Systems Security Professional (CISSP)-type environment or any equivalent combination of education and experience that provides the following knowledge, skills and abilities:

• Understanding of computer operating systems, applications, and networking; understanding of key principles of information protection; knowledge of data security and access control systems, encryption, firewalls, network- and host-based security technologies and processes.
• Working knowledge of TCP/IP communications protocols and standards.
• Ability to identify potential security breaches and implement action plans in conjunction with diverse groups of stakeholders.
• Ability to interface with individuals at all levels of the organization in a dynamic, fast-paced environment.
• Ability to communicate functional issues and solutions effectively, both orally and in writing, to individuals possessing a broad range of functional knowledge, skills, and abilities.
• Ability to re-focus work activities rapidly in response to changing requirements and priorities.
• Ability to handle sensitive information.
• Proficiency with office productivity tools including, but not limited to, spreadsheets, word processors, databases, and presentation software.
• Proficiency with one or more scripting language and/or integrated development environments.

Physical Demands and Working Environment

Work is essentially sedentary with occasional walking, standing, and bending; occasional lifting and carrying desktop computers, computer components, and/or packages of software media. Work is conducted in common office environments and security operations centers. Occasional evening and weekend work may be required to resolve problems, handle incidents, participate in Continuity of Operations (COOP) exercises, or assist SAA staff in meeting critical deadlines. Expected to work unusual and perhaps unexpected hours during a COOP event.

Additional Examples of Work:

• Develop methods to monitor and measure risk, compliance, and assurance efforts.
• Provide ongoing optimization and problem-solving support.
• Provide recommendations for possible improvements and upgrades.
• Review or conduct audits of information technology (IT) programs and projects
• Update deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions
• Update applicable cybersecurity policies, regulations, and compliance documents
• Support implementing recommendations regarding the selection of cost-effective security controls to
mitigate risk (e.g., protection of information, systems and processes)
• Contribute to information security risk assessment
• Contribute to testing of cybersecurity developed applications and/or systems
• Contribute to technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing
environment, network and infrastructure, enclave boundary, etc.)
• Senior contributor to audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions
• Contribute to analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion or other crimes
• Support team Lead as required in conducting cybersecurity Audit reviews
• Contribute to development of procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements
• Contribute to documentation of original condition of digital and/or associated evidence (e.g., via digital photographs, written reports, hash function checking)
• Provide technical leadership employing information technology (IT) systems and digital storage media to solve, investigate, and/or prosecute cybercrimes and fraud committed against people and property
• Support systems security operations and maintenance activities are properly documented and updated as necessary
• Contribute to integration and implementation of Cross-Domain Solutions (CDS) in a secure
environment
• Senior contributor to identification and/or determination of whether a security incident is indicative of a violation of law that requires specific legal action
• Senior contributor identifying digital evidence for examination and analysis in such a way as to avoid
unintentional alteration.
• Senior contributor implementing system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation

Knowledge, Skills and Abilities:

• Ability to support the design of valid and reliable assessments
• Ability to evaluate organization's risk tolerance and/or risk management approach
• Skill in contributing to application vulnerability assessments
• Skill in identifying gaps in technical delivery capabilities
• Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system
• Strong skill in reviewing logs to identify evidence of past intrusions
• Knowledge of penetration testing tools and techniques
• Knowledge of the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.)
• Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.)
• Skill to develop insights about the context of an organization’s threat environment
• Knowledge of advancements in information privacy technologies to ensure organizational adaptation and compliance
• Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to
confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledge of network traffic analysis methods.
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL])
• Knowledge of packet-level analysis.
• Knowledge of network security architecture concepts including topology, protocols, components, and
principles (e.g., application of defense-in-depth)
• Knowledge of basic system, network, and OS hardening techniques.
• Knowledge of test procedures, principles, and methodologies (e.g., Capabilities and Maturity Model
Integration (CMMI)).
• Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly.
• Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Knowledge of network traffic analysis (tools, methodologies, processes).
• Knowledge of scripting languages

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Your application will be evaluated by a panel on the quality and extent of your total accomplishments, experience, and education. Highly qualified candidates may be interviewed and a reference check conducted.