Clarification from the agency

THIS IS A PUBLIC NOTICE: This Notice is issued under direct-hire authority (DHA) to recruit new talent to this occupation for which there is a severe shortage of candidates. This means that we can hire any qualified candidate, either from this notice or from any source. NOTE: Current civil service employees will receive new appointments if selected under this Direct Hire Authority. For more information on DHA, please visit http//www.opm.gov/directhire/index.asp

As an IT Specialist (INFOSEC) you will perform the following duties for one of the following positions.

1) The Office GSA IT, Security Engineering Division (ISE) provides security consulting and engineering support for systems and emerging IT and IT security initiatives

(Position#1) IT Specialist with DevSecOps Engineer Specialization:

• The priority of the embedded DevSecOps Engineer is security, focusing on security design, operational security, application security (AppSec), security and compliance impact analysis during change management, and security/compliance automation.
• Provides security consulting and engineering support for GSAIT information systems and emerging IT and IT Security initiatives, ensuring new technologies are implemented following IT Security Engineering standards, integrated with the agency's strategic IT and IT security architecture; and, are free of gaps in security.
• Works with the system team on all aspects of system security in collaboration with the DevSecOps team which includes security designs, security architecture, implementation, operations, and compliance.
• Provides technical expertise and advice on the restructuring and/or re-architecting of GSA networks to ensure the best secure placement and configuration of network tools and appliances in order to provide the maximum protection of various types of sensitive Government data.
• Implements and provides authoritative advice and guidance to ensure the confidentiality, integrity, and availability of network and information systems.
  
• Collaborates with internal and external stakeholders and partners to support the government’s information security needs and establish related guidelines. Provides input and support of related high level initiatives.
  

2) The Office of GSA IT, Security Operations Division (ISO) provides real-time operational security through SOC and enterprise network security capabilities.

 (Position #2) IT Specialist with Enterprise Cyber Security Vulnerability Management Specialization:

• Evaluates, acquires, configures, and uses software intended to ensure that automated systems are secure from unauthorized use, viral infection, and other problems that would compromise sensitive information in terms of confidentiality, integrity, and availability, or would compromise other aspects of overall system security.
• Implements Enterprise Security Shared Services across stakeholders, in conjunction with the Security Operations Director and the CISO/DCISO, building product roadmaps, business use cases, technical specifications, wireframes, mockups, prototypes, launch plans, tracking key performance metrics and data analytics/reporting along with end user/customer surveys among other deliverables for identifying efficiencies for the rolled-out services.
• Installs, configures, troubleshoots, and maintains INFOSEC hardware and software to ensure the availability and functionality of the systems. Recovers data in the event of hardware or software failure.
• Uses information from a variety of sources, such as National Institute of Standards and Technology (NIST), US-CERT, and commercial sources to obtain information regarding potential and actual security threats and risks that may exist or be imminent.
• Participates in the conduct and management of independent evaluations and compliance reviews of IT systems in accordance with FISMA. This includes, but is not limited to, POA&M reviews, assessment, and authorization package reviews, exhibit 300 reviews, vulnerability assessments and scanning activities, system configuration reviews, and system inventory reviews, IT audit findings and remediation, etc.
• Implements and provides authoritative advice and guidance to ensure the confidentiality, integrity, and availability of network and information systems.
• Collaborates with internal and external stakeholders and partners to support the government’s information security needs and establish related guidelines. Provides input and support of related high level initiatives.

Conditions of employment

• US Citizenship or National (Residents of American Samoa and Swains Island)
• Direct Deposit of salary check to financial organization required.
• Register with the Selective Service if you are a male born after 12/31/1959
• You may be required to serve a trial period.
• You must apply on-line via the GSA website.
• Suitable for Federal employment, determined by a background investigation.

 If selected, you must meet the following conditions:

• Receive authorization from OPM on any job offer you receive, if you are or were (within the last 5 years) a political Schedule A, Schedule C or Non-Career SES employee in the Executive Branch.
• Serve a one year probationary period, if required.
• Complete a financial disclosure report to verify that no conflict, or an appearance of conflict, exists between your financial interest and this position.
• Undergo and pass a background investigation (Tier 2 investigation level).
• Have your identity and work status eligibility verified if you are not a GSA employee. We will use the Department of Homeland Security’s e-Verify system for this. Any discrepancies must be resolved as a condition of continued employment.

Qualifications

For each job on your resume, provide:

• the exact dates you held  each job (from month/year to month/year)
• number of hours per week you worked (if part time).

If you have volunteered your service through a National Service program (e.g., Peace Corps, Americorps), we encourage you to apply and include this experience on your resume.

For a brief video on creating a Federal resume, click here.

The GS-14 salary range starts at $122,198.00 per year.

If you are a new federal employee, your starting salary will likely be set at the Step 1 of the grade for which you are selected.

To qualify, you must have at least one year of specialized experience equivalent to the GS-13 level or higher in the Federal service. 

Applicants applying for the GS-14 grade level must meet the following requirements:

Have IT-related experience demonstrating EACH of the four competencies AND one year of specialized experience equivalent to the GS-13 level in the Federal service as described below:

IT SPECIALIST COMPETENCY REQUIREMENTS:

• Attention to Detail - This skill is generally demonstrated by assignments where the applicant investigates and evaluates “state of the art” technology of the industry.
• Customer Service - This skill is generally demonstrated by assignments where the applicant confers with users to evaluate the effectiveness of, or identify the need for, computer programs or management systems.
• Oral Communication - This skill is generally demonstrated by assignments where the applicant persuades others to take a particular course of action or to accept findings, recommendations, changes, or alternative viewpoints.
• Problem Solving - This skill is generally demonstrated by assignments where the applicant identifies and accommodates technology and resource constraints.

SPECIALIZED EXPERIENCE REQUIREMENTS: Specialized experience is providing cybersecurity project management for an organization’s Information Technology (IT) systems in one of the following areas: 

(Position #1) - IT Specialist with DevSecOps Engineer Specialization: Specialized experience is defined as experience utilizing cybersecurity IT principles, concepts, standards, automation, and industry practices to modern cloud environments and cloud system deployments.

(Position #2) - IT Specialist with Enterprise Cyber Security Vulnerability Management Specialization: Specialized experience is experience in processing and validation of vulnerabilities and conducting threat analysis to determine risk on an Enterprise scale as well as experience configuring and maintaining enterprise cybersecurity tooling and maintaining enterprise level vulnerability disclosure program or bug bounty program.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Evaluation Statement

Applications will be evaluated against the basic qualifications. Qualified candidates will be considered in accordance with the Office of Personnel Management Direct Hire Guidelines. Applications will not be rated or ranked. Veterans’ Preference does not apply to the direct hire recruitment procedures.

You may not be considered for the position, if any part of the application is incomplete or missing the required supporting documentation. Falsifying your background, education and/or experience is cause for not hiring you or dismissing you if hired.

You will be scored on the questions you answer during the application process, which will measure your possession of the following competencies or knowledge, skills, and abilities:

Position #1 KSA’s:

1. Skill in applying IT principles, concepts, standards, and practices systems security engineering to grow and assist in securing cloud deployments.
2. Knowledge of high level IT security policy issues and initiatives to provide advice and guidance to leadership in IT environments within organizations on integration of IT programs.
3. Skill in cybersecurity, critical infrastructure and resilience security, and cloud security initiatives, legislation, policies, standards, and strategies.
4. Skills in building relationships with internal and external customers to provide advice and guidance.
   
5. Knowledge of project management methodologies
   
6. Ability to apply tools and technologies to direct the secure development and implementation of systems/software.
   

Position #2 KSA’s:

1. Skilled in the field of Information Technology Security to apply experimental theories and new developments to problems not susceptible to treatment by accepted methods and to make decisions or recommendations significantly changing, interpreting or developing important public policies or programs.
2. Knowledge of the IT Security area of specialization, its governing laws, regulations, methodologies and/or policies to provide sound and authoritative technical guidance on all issues related to the assigned program.
3. Knowledge of project management principles, methods, and practices including developing plans and schedules, estimating and reporting on accomplishments.
4. Knowledge of product management principles, methods, and practices including implementing Enterprise Security Shared Services across stakeholders, in conjunction with the Security Operations Director and the CISO/DCISO, building product roadmaps, business use cases, technical specifications, wireframes, mockups, prototypes, launch plans, tracking key performance metrics and data analytics/reporting along with end user/customer surveys among other deliverables for identifying efficiencies for the rolled out services.
5. Skills in building relationships with internal and external customers to provide advice and guidance.
6. Knowledge of project management methodologies
7. Ability to apply tools and technologies to direct the secure development and implementation of systems/software.