Clarification from the agency

This position is open to All United States Citizens. This is a Direct-Hire Public Notice.

• Conducts assessments of controls, threats and vulnerabilities, determine deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develop and/or recommend appropriate mitigation countermeasures in all situations.
• Plan and conduct cybersecurity assessment and authorization activities as systems are deployed to production for the first time and after they are transitioned to continuous monitoring. Develop assessment and authorization strategies, concepts, processes for managing cybersecurity risks through DevSecOps methods. Review assessment and authorization documents and artifacts to confirm that the level of risk is within acceptable limits for each software application, system, and network. Develop cybersecurity compliance processes and/or assessments for external services (e.g., cloud service providers, external data centers).
• Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risks. Provide input to the Risk Management Framework process activities and related documentation (e.g., security categorization worksheets, system security plans, configuration management plans, business impact analysis, contingency plans, concept of operations, operational procedures, maintenance training materials, security categorization worksheets, configuration management plans).
• Verify that controls are implemented as stated, any deviations and gaps are documented, and required actions to correct those deviations are tracked through Plan of Action and Milestones (POA&Ms). Ensure that POA&Ms or remediation plans are in place for vulnerabilities identified during security and privacy control assessments, audits, inspections, and etc.

Conditions of employment

Registration with the Selective Service.

U.S. Citizenship is required.  

Employment Conditions.

Completion of Confidential Financial Disclosure may be required.

 Background Investigation (BI) required

Qualifications

• Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

• Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

• Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

• Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

This is a Direct-Hire Public Notice.  Applications will be accepted for the location identified in the public notice.  Veteran’s preference and traditional rating and ranking of applicants DO NOT apply to positions filled under this public notice. 

All complete applications (transcripts must be included, if applicable) will be verified for eligibility requirements and will be submitted to the hiring official upon request.

https://www.opm.gov/policy-data-oversight/hiring-information/direct-hire-authority/#url=Governmentwide-Authority

Upon the submission of your application package to USAJobs.gov, you will receive an automatic reply informing you that your application has been submitted, received and is being processed. If you provided an email address, you will receive an email message acknowledging the receipt of your application. Your application will remain active through the open period of this Public Notice. You will not receive any additional notifications, and your resume may not be reviewed for qualifications unless a position is requested to be filled by the hiring official. After you submit your application, you will be contacted only if further evaluation or interviews are required or upon your selection.”

If requested by Management, your application will be reviewed to determine whether you meet the qualification requirements outlined in this announcement. Therefore, it is imperative that your resume contain sufficiently detailed information upon which to make the qualification determination. Please ensure that your resume contains specific information such as position titles, beginning and ending dates of employment for each position, average number of hours worked per week, and if the position is/was in the Federal government, you should provide the position series and grade level.

You do not need to respond separately to these KSAs. Your resume will serve as responses to the KSAs.

1. Knowledge of Security Assessment and Authorization process.
2. Skill applying IT principles, concepts, methods, standards, and practices.
3. Skill in applying methods for evaluating, implementing, and disseminating IT security tools and procedures to coordinate activities designed to ensure, protect, and restore IT systems, services, and capabilities.
4. Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
5. Skill in performing security impact/risk assessments and preparing Security Assessment Reports.
6. Skill applying theories and new developments to information security problems not susceptible to treatment by accepted method and design new ways to conduct valid and reliable assessments.