Provides functional and/or technical skills for the assigned cybersecurity unit. Supports the unit’s work effort as required in preparing materials for collaborating with other sections, divisions, departments, and vendors to gather and disseminate information. Contributes to the unit’s work effort as required in preparing analysis and materials for providing expert level support in the assigned area of cybersecurity to SAA IT security branch staff, other SAA technical staff, SAA procurement staff, and other division or departments; and for identifying and resolving critical and complex issues in the assigned unit. Supports the unit’s work effort as directed in providing leadership to the unit’s project teams and contractors. Work includes helping to develop plans, assignments, and coordination of work efforts. Supports the unit’s work effort to develop governing policies, standards and procedures.

Conditions of employment

• For conditions of employment and citizenship requirements, please visit the job announcement on the United States Senate Career Page at https://sen.gov/J5NY

Qualifications

Work requires an Associate’s Degree, or greater, in computer science, telecommunications, or a related technical field, and one to two years of experience within a CISSP-type environment or any equivalent combination of education and experience that provides the following knowledge, skills and abilities:

• Knowledge with a variety of concepts, practices and procedures used by the assigned cybersecurity unit.
• Knowledge of current technologies and/or tools in use by the assigned unit Skill in critical thinking to identify strengths, weaknesses, alternative solutions, conclusions and approaches to unit problems.
• Skill in making processes more efficient.
• Ability to logically analyze systems and/or processes in use by the assigned unit.
• Ability to support unit work effort in setting team goals, plans, and monitoring projects.
• General command of applicable standards and processes.
• Ability in oral communication skills.

Physical Demands and Working Environment

Work requires extended periods of confined sitting and hand-eye coordination working with computers. Expected to work unusual and perhaps unexpected hours during a Continuity of Operations.

Additional Examples of Work:

• Contribute technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents
• Assist with implementation of updating defense tools’ rules and signatures (e.g., intrusion detection/protection systems, antivirus, and content blacklists, etc.) for specialized cyber defense applications
• Analyze log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security
• Assist with the triage cyber defense incidents, including determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation
• Assist with trend analysis and reporting to ensure quality of cyber defense.
• Assist with modifications or adjustments to technical platform, processes, environment, etc., based on cybersecurity capability assessments (Blue Team, Read Team, audits, etc.)
• Assist with development of cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies
• Assist with collection of intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise

Knowledge, Skills and Abilities:

• Knowledge of cybersecurity and privacy principles
• Knowledge of cyber threats and vulnerabilities
• Knowledge of authentication, authorization, and access control methods
• Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)
• Knowledge of incident categories, incident responses, and timelines for responses
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions
• Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities
• Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations
• Knowledge of adversarial tactics, techniques, and procedures
• Knowledge of collection management processes, capabilities, and limitations
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks)
• Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
• Knowledge of encryption methodologies
• Knowledge of signature implementation impact for viruses, malware, and attacks
• Knowledge of cloud service models and how those models can limit incident response

• Knowledge of malware analysis concepts and methodologies
• Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
• Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications
• Knowledge of penetration testing principles, tools, and techniques
• Knowledge of intrusion detection and prevention system tools and applications
• Knowledge of common adversary capabilities, tactics, techniques, and procedures in assigned area of responsibility
• Knowledge of general attack stages
• Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
• Skill in preserving evidence integrity according to standard operating procedures or national standards
• Skill in using incident handling methodologies
• Skill in conducting investigations and developing comprehensive reports
• Skill in collecting data from a variety of cyber defense resources
• Skill in securing network communications
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks
• Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters)
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies
• Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Your application will be evaluated by a panel on the quality and extent of your total accomplishments, experience, and education. Highly qualified candidates may be interviewed and a reference check conducted.