Clarification from the agency

This position is being filled under the Direct Hire Authority. U. S. Citizenship required.

• Execute cybersecurity operations for agency, including continuous monitoring, threat intelligence, incident response and vulnerability management.
• Establish and enforce standard operating procedures to ensure swift identification, containment, and mitigation of security incidents.
• Coordinate response efforts with internal and external teams, ensuring all actions comply with federal and DOJ regulations and with minimal operational impact.
• Provide expert analysis and recommendations to senior leadership on enhancing resilience against evolving cybersecurity threats.
• Continuously monitor agency IT environment for suspicious activity and potential security incidents using security information and event management (SIEM) tools and endpoint protection.
• Document incident response activities, create incident reports and conduct post-incident reviews to improve response processes.
• Collaborate with IT and application teams to patch, configure and otherwise address vulnerabilities.
• Gather and analyze cybersecurity threat intelligence from various sources to inform defense strategies and response plans.
• Interpret FISMA, NIST 800-53, CISA BODs, Executive Directives (EDs) and DOJ cybersecurity policies to develop compliance strategies.
• Develop, implement and monitor policies and procedures to ensure agency adherence to cybersecurity standards.
• Create and maintain compliance reports, tracking the remediation of findings and providing regular updates to leadership.
• Collaborate with program offices to implement security practices, providing guidance to ensure compliance.
• Work closely with internal and external stakeholders to promote a culture of security awareness and collaboration.
• Ensure high-quality customer service in delivering cybersecurity guidance and technical assistance to program offices by facilitating cybersecurity training and awareness programs to promote security-conscious behaviors and strengthen agency security culture.
• Develop and deliver cybersecurity training and awareness sessions for staff, promoting secure practices across the organization.
• Develop long-term cybersecurity goals and objectives, working with the Division Director to define a roadmap for achieving these goals.
• Ensure policies are documented, communicated and implemented across agency, conducting regular reviews to assess their effectiveness.

Conditions of employment

• U.S. Citizenship required.
• Subject to background/suitability investigation/determination.
• Federal payments are required to be made by Direct Deposit.
• Requires registration for the Selective Service. Visit www.sss.gov.
• Pre-employment drug testing required.
• 1-year probationary period may be required.
• Security Requirements: Non-Sensitive/Moderate Risk

Qualifications

Basic Entry Requirements:
Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate.

Individuals must have IT-related experience demonstrating each of the four competencies listed below.

1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
4. Problem Solving - Identifies problems; determines accuracy and relevance.

• Managing operations and running a combined on-prem/cloud SOC, ensuring the effective monitoring, detection, and response to security incidents.
• Aligning and fulfilling broad security governance requirements in coordination with agency/organization counterparts.
• Developing and implementing SOC strategies and best practices, aligning them with industry standards regulations, frameworks, and customer experience requirements.
• Building and communicating Zero Trust security modernization strategies and overseeing threat intelligence gathering and analysis, staying updated on emerging threats and trends to enhance the organization's defensive capabilities.
• Overseeing cybersecurity incident response in one or more hybrid cloud environments, with duties that include all five portions of the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover).
• Providing guidance on how to architect/design, leverage, and operate, various operational platforms, including Identity, Credential, Access Management (ICAM), Security Information and Event Management, and Security Orchestration, Automation & Response (SIEM/SOAR), and Privileged Access Management solutions as well as be a catalyst to accelerate capabilities for an integrated Zero Trust future.
• Managing and optimizing security technologies, including SIEM, IDS/IPS, endpoint security solutions, and other SOC tools, to maximize their effectiveness.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.