Clarification from the agency

US Citizenship or National (Residents of American Samoa and Swains Island). We are currently filling five vacancies, but additional vacancies may be filled through this announcement in this or other GSA organizations within the same commuting area, as needed; through other means; or not at all.

Videos

Location of Position:  GSA, GSA IT. Duty location will be determined upon selection.  

This announcement covers the following positions/duties:

Position #1:  Policy and Compliance Division (ISP) Subject Matter Expert (SME)

• Responsible for assisting with efforts to plan, develop, and maintain an agency-wide IT Security program in accordance with the Federal Information Security Management Act (FISMA) that establishes appropriate controls to ensure the protection of GSA's IT assets and with the development and update to GSA Cyber Security policies and guidelines, including ensuring that all laws, regulations, policies, and procedures related to Cyber Security are implemented within the agency on a nationwide basis.
• Assisting with the design, implementation, and maintenance of the ISCM program and Continuous Diagnostics and Mitigation (CDM) program including the integration of appropriate tools and processes across the GSA enterprise.
• Leads in the implementation and operations and maintenance of GSA’s Governance, Risk and Compliance processes and tools.

Position #2:  Cyber Security Operations - Security Operations

• Manage the Bug Bounty Program and the Vulnerability Disclosure Program (VDP) to include drafting detailed vulnerability reports highlighting issues.
  
• Works with IT Security vendors to ensure their product roadmaps align with ongoing GSA strategic efforts.
  
• Responsible for a variety of Information Security tasks and functions to ensure agency-level compliance with GSA IT Security policies, Federal Information Security Management Act of 2002 (FISMA), Office of Management and Budget (OMD), Department of Homeland Security (DHS) and National Institute of Standards and Technology (NIST) requirements.

Position #3:  EndPoint Solutions SME

• Serves as an expert in IT security supporting the Security Endpoint Solutions in the Security Operations Division (ISO).  
• Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Develop a system security context, a preliminary system security Concept of Operations (CONOPS) and define baseline system security requirements in accordance with applicable cybersecurity requirements.
• Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents.

Position #4:  Development Security and Operations (DevSecOps) Engineer

• The priority of the embedded DevSecOps Engineer is security, focusing on security design, operational security, application security (AppSec), security and compliance impact analysis during change management, and security/compliance automation.
• Provides security consulting and engineering support for GSAIT information systems and emerging IT and IT Security initiatives, ensuring new technologies are implemented following IT Security Engineering standards, integrated with the agency's strategic IT and IT security architecture; and, are free of gaps in security. 
• Works with the system team on all aspects of system security in collaboration with the DevSecOps team which includes security designs, security architecture, implementation, operations, and compliance.
• Provides technical expertise and advice on the restructuring and/or re-architecting of GSA networks to ensure the best secure placement and configuration of network tools and appliances in order to provide the maximum protection of various types of sensitive Government data.

Position #5: Technology Transformation Services (TTS) Information Systems Security Manager (ISSM)

•  As Information System Security Manager, the ISSM is responsible for assisting System Owners in developing and maintaining the appropriate security documentation including the system security plan and other security authorization package documentation (e.g. contingency plan, contingency plan test report, user recertification, annual FISMA assessment, etc,) for in scope systems and ensuring continuous monitoring of information systems. 
  
• Supports emerging IT and IT Security initiatives including but not limited to Cloud computing, DevSecOps, CI/CD, physical access control systems (building security), and identity and access management solutions ensuring new technologies are implemented following IT Security Engineering standards and integrated with GSA's strategic IT and IT security architecture. 
  
• Serves as a technical expert in IT security on multiple highly complex IT modernization projects and strategic initiatives. Such work includes addressing complex IT subject matters and resolving challenges in federal IT security and assurance stemming from migrating legacy IT systems to modern IT technologies.

Conditions of employment

• You must be a U.S. Citizen.
• Relevant experience and/or education (as noted on the GSA website).
• Suitable for Federal employment, determined by a background investigation.
• You may be required to serve a trial period.
• You must apply on-line via the GSA website.

In order to be considered, you must meet the following conditions:

• Current or Former Political Appointees: The Office of Personnel Management (OPM) must authorize employment offers made to current or former political appointees. If you are currently, or have been within the last 5 years, a political Schedule A, Schedule C or Non­Career SES employee in the Executive Branch, you must disclose this information to the HR Office. Failure to disclose this information could result in disciplinary action including removal from Federal Service.
• Serve a one year probationary period, if required.
• Undergo and pass a background investigation (Tier 2 investigation level).
• Have your identity and work status eligibility verified if you are not a GSA employee. We will use the Department of Homeland Security’s e-Verify system for this. Any discrepancies must be resolved as a condition of continued employment.

Applications will be evaluated for this job based on how well you meet the qualifications listed in the "How You Will Be Evaluated" section of this announcement.  You will be evaluated on the questions you answer during the application process, which will measure your overall possession of the following competencies or knowledge, skills, and abilities. Your responses to these questions must be supported by your resume or your score may be lowered Qualified candidates will be considered in accordance with the Office of Personnel Management Direct Hire Guidelines. Veterans' Preference does not apply to the direct hire recruitment procedures. Certain selections made under this notice will be processed as new appointments to the civil service. Current civil service employees will be given new appointments to the civil service. You may not be considered for the position, if any part of the application is incomplete or missing the required supporting documentation. Falsifying your background, education and/or experience is cause for not hiring you or dismissing you if hired.

Qualifications

For each job on your resume, provide:

• the exact dates you held each job (from month/year to month/year)

• number of hours per week you worked (if part time).

If you have volunteered your service through a National Service program (e.g., Peace Corps, Americorps), we encourage you to apply and include this experience on your resume.
For a brief video on creating a Federal resume, click here.

The GS-14 base salary range starts at $111,521 (based on Step 1, outside of locality pay areas) to $176,300 (San Jose-San Francisco-Oakland, CA includes locality pay). Locality pay will be determined once the duty location has been established.

If you are a new federal employee, your starting salary will likely be set at the Step 1 of the grade for which you are selected.

Applicants applying for the GS-14 grade level must meet the following requirements: Have IT-related experience demonstrating EACH of the four competencies AND one year of specialized experience equivalent to the GS-13 level in the Federal service as described below:

IT SPECIALIST COMPETENCY REQUIREMENTS:

Attention to Detail - This skill is generally demonstrated by assignments where the applicant investigates and evaluates “state of the art” technology of the industry.
Customer Service - This skill is generally demonstrated by assignments where the applicant confers with users to evaluate the effectiveness of, or identify the need for, computer programs or management systems.
Oral Communication - This skill is generally demonstrated by assignments where the applicant persuades others to take a particular course of action or to accept findings, recommendations, changes, or alternative viewpoints.
Problem Solving - This skill is generally demonstrated by assignments where the applicant identifies and accommodates technology and resource constraints.

SPECIALIZED EXPERIENCE REQUIREMENTS:  Specialized experience is defined as experience leading IT security projects, providing information and recommendations to meet the business goals and improve processes of an organization’s IT security in one of the following areas:

• Experience managing, implementing and integration of cyber security policies, guidelines and requirements on IT systems and software, and designing, implementing, and maintaining a Information Security Continuous Monitoring program OR;
• Experience in secure architecture design and review, threat modeling and technical guide development, and providing security engineering guidance and recommendations to meet the business goals and improve an organization’s IT security OR;
• Experience with agile workflows, utilizing your understanding of container technology, orchestration, and security tooling, and continuous integration and continuous delivery (CI/CD) tools, proficient in securing major operating systems, creating hardened images, utilizing major IaaS platforms to grow and assist in securing cloud deployments OR;
• Experience in processing and validation of vulnerability and conducting threat analysis to determine risk OR;
• Experience in Cyber Forensic and Incident Response with the ability to lead a cyber incident.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Position #1:  Policy and Compliance Division (ISP) SME

• Skill applying Cyber security principles, concepts, standards, and practices in the field on Information Security Continuous Monitoring.
• Skill in applying experimental theories and new developments to make decisions and/or recommendations to interpret, change and or develop public policies and programs.
• Knowledge of Information Security Continuous Monitoring (ISCM) strategies and procedures including but not limited to requirements within National Institute of Standards and Technology (NIST) guidance and Office of Management and Budget (OMB) memorandums.
• Skill in applying a range of qualitative and/or quantitative methods for the assessment and improvement of program effectiveness.

Position #2:  Cyber Security Operations - Security Operations

• Knowledge of Information Technology Security to apply experimental theories and developments to problems and make recommendations changing or developing  public policies or programs.
• Knowledge of the IT Security area of specialization, its governing laws, regulations, methodologies and/or policies to provide technical guidance on all issues related to the assigned program.
• Skill in applying a range of qualitative and/or quantitative methods for the assessment and improvement of Infosecurity (INFOSEC)  program effectiveness.

Position #3:  EndPoint Solutions (SME)

• Skill with IT technologies, computer security, system development methodologies and practices, automated information systems concepts and usage, systems analysis and design, data analysis and models, and documentation standards in order to lead studies and task forces to formulate appropriate policies, standards, and guidelines for an organization.
• Skill in oral communication to advise, support and make recommendations to users and management on systems to meet an organization's security guidelines.
• Skill in written communication to develop, write and formulate policies, directives, technical instructions, and guidelines on computer security and other related IT topics.

Position #4:  Development Security and Operations (DevSecOps) Engineer

• Skill in applying IT principles, concepts, standards, and practices systems security engineering to grow and assist  in securing cloud deployments.
• Knowledge of high level IT security policy issues and initiatives to provide advice and guidance to leadership in IT environments within organizations on integration of IT programs.
• Skill in cybersecurity, critical infrastructure and resilience security, and cloud security initiatives, legislation, policies, standards, and strategies.

Position #5: Technology Transformation Services (TTS) Information Systems Security Manager (ISSM)

• Skill in applying IT principles, concepts, standards, and practices systems security engineering to grow and assist in securing cloud deployments.
• Knowledge of high level IT security policy issues and initiatives to provide advice and guidance to leadership in IT environments within organizations on integration of IT programs.
• Skill in cybersecurity, critical infrastructure and resilience security, and cloud security initiatives, legislation, policies, standards, and strategies.

General (ALL POSITIONS): Leadership and Collaboration

• Skill in building relationships with internal and external customers to provide advice and guidance. 
• Knowledge of project management methodologies.