An official website of the United States government
The Senate Sergeant at Arms is seeking a Cybersecurity Senior Specialist. The complete vacancy announcement and application can be found on the United States Senate Career Page at https://sen.gov/J5NY. This vacancy announcement closes at 7pm EST on the closing date. Late applications will not be accepted.
Learn more about this agency05/15/2023 to 05/30/2023
$98,000 - $146,992 per year
AD 10
1 vacancy in the following location:
Yes—as determined by the agency policy.
Not required - N/A
NoThe Senate Sergeant at Arms does not pay for relocation expenses.
Permanent -
Full-time -
Excepted
10
No
No
req129
725793000
Responds to potential localized or widespread security events; uses various reports to help track and isolate user access problems and potential security incidents; creates daily situational reports while manning and supporting the Cyber Security Operations Center. Coordinates and performs automated vulnerability assessments; advises Senate office staff on effective remediation techniques. Coordinates and performs the critical security patch evaluation and certification process for supported Microsoft and non-Microsoft software. Promotes cybersecurity awareness and assists with developing security awareness materials; provides security reviews for Senate Office Cybersecurity operational environments; and assists in providing security training and awareness briefings. Assesses the impact of new cybersecurity threats and identifies and evaluates vulnerabilities within new technology and changes to Senate IT infrastructure. Researches, evaluates, tests, and recommends cybersecurity solutions and controls. Develops, implements, and maintains scripts and other automated tools to identify indicators of intrusion activity and to support effective cybersecurity workflow processes. Performs cybersecurity systems administration tasks and services for Senate employees and vendor maintenance access. Updates management as required on Cybersecurity related issues.
Work requires a Bachelor’s Degree in computer science, telecommunications, or a related field, and three to five years of progressively responsible experience within a Certified Information Systems Security Professional (CISSP)-type environment or any equivalent combination of education and experience that provides the following knowledge, skills and abilities:
Physical Demands and Working Environment
Work is essentially sedentary with occasional walking, standing, and bending; occasional lifting and carrying desktop computers, computer components, and/or packages of software media. Work is conducted in common office environments and security operations centers. Occasional evening and weekend work may be required to resolve problems, handle incidents, participate in Continuity of Operations (COOP) exercises, or assist SAA staff in meeting critical deadlines. Expected to work unusual and perhaps unexpected hours during a COOP event.
Additional Examples of Work:
• Develop methods to monitor and measure risk, compliance, and assurance efforts.
• Provide ongoing optimization and problem-solving support.
• Provide recommendations for possible improvements and upgrades.
• Review or conduct audits of information technology (IT) programs and projects
• Update deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions
• Update applicable cybersecurity policies, regulations, and compliance documents
• Support implementing recommendations regarding the selection of cost-effective security controls to
mitigate risk (e.g., protection of information, systems and processes)
• Contribute to information security risk assessment
• Contribute to testing of cybersecurity developed applications and/or systems
• Contribute to technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing
environment, network and infrastructure, enclave boundary, etc.)
• Senior contributor to audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions
• Contribute to analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion or other crimes
• Support team Lead as required in conducting cybersecurity Audit reviews
• Contribute to development of procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements
• Contribute to documentation of original condition of digital and/or associated evidence (e.g., via digital photographs, written reports, hash function checking)
• Provide technical leadership employing information technology (IT) systems and digital storage media to solve, investigate, and/or prosecute cybercrimes and fraud committed against people and property
• Support systems security operations and maintenance activities are properly documented and updated as necessary
• Contribute to integration and implementation of Cross-Domain Solutions (CDS) in a secure
environment
• Senior contributor to identification and/or determination of whether a security incident is indicative of a violation of law that requires specific legal action
• Senior contributor identifying digital evidence for examination and analysis in such a way as to avoid
unintentional alteration.
• Senior contributor implementing system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation
Knowledge, Skills and Abilities:
• Ability to support the design of valid and reliable assessments
• Ability to evaluate organization's risk tolerance and/or risk management approach
• Skill in contributing to application vulnerability assessments
• Skill in identifying gaps in technical delivery capabilities
• Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system
• Strong skill in reviewing logs to identify evidence of past intrusions
• Knowledge of penetration testing tools and techniques
• Knowledge of the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.)
• Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.)
• Skill to develop insights about the context of an organization’s threat environment
• Knowledge of advancements in information privacy technologies to ensure organizational adaptation and compliance
• Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to
confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledge of network traffic analysis methods.
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL])
• Knowledge of packet-level analysis.
• Knowledge of network security architecture concepts including topology, protocols, components, and
principles (e.g., application of defense-in-depth)
• Knowledge of basic system, network, and OS hardening techniques.
• Knowledge of test procedures, principles, and methodologies (e.g., Capabilities and Maturity Model
Integration (CMMI)).
• Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly.
• Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Knowledge of network traffic analysis (tools, methodologies, processes).
• Knowledge of scripting languages
This position requires that the applicant obtain and maintain an applicable U.S. Government security clearance. Applicants must be U.S. citizens in order for the SAA to submit your application for a security clearance. For education requirements please see Minimum Qualifications.
The Sergeant at Arms is an equal opportunity employer in accordance with the requirements of Senate rules, regulations, and applicable Federal Laws. This agency provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process, please notify the agency. Decisions to grant reasonable accommodations will be determined on a case-by-case basis. Please email SAAHRMedical@saa.senate.gov with “Applicant Accommodation” in the subject line. No moving, relocation or pre-employment travel expenses will be paid for this position, or while in application for this position.
You will be evaluated for this job based on how well you meet the qualifications above.
Your application will be evaluated by a panel on the quality and extent of your total accomplishments, experience, and education. Highly qualified candidates may be interviewed and a reference check conducted.
You may be required to serve a probationary period. Subject to background/security investigation.
Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education.
Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.
https://sen.gov/J5NY All applicants must use the link above and follow instructions. DO NOT submit any paper application materials or resumes via U.S. Postal Mail or in person. All applicants MUST use the online employment application.
Qualified candidates will be contacted directly.
The Federal hiring process is set up to be fair and transparent. Please read the following guidance.
This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/job/725793000. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.
Learn more about
The Office of the Sergeant at Arms (SAA) is the largest in size of staff and budget in the Senate. It is responsible for all Senate computers and technology support services, recording and photographic services, printing and graphics services, and telecommunications services. The SAA also provides assistance to all Senate offices with their staffing, mailing, purchasing, and financial needs. The offices of the SAA that are responsible for providing these and other services include Capitol Facilities, the Operations Division, Customer Relations, Financial Operations, Human Resources, and Information Security. The SAA also shares responsibility for the U.S. Capitol Police, the Senate Page Program, the Senate Office of Training and Development, and the Capitol Telephone Exchange. The Sergeant at Arms is an excepted service agency. Employment with the Sergeant at Arms does not confer the "Competitive Status" that generally results from selection and service in Competitive Service agencies.
