Clarification from the agency

• U.S. Citizens • Career Transition Assistance Program (CTAP) • lnteragency Career Transition Assistance Program (ICTAP)

Videos

You will plan and execute authorized offensive security engagements that show federal and critical infrastructure partners exactly how a real adversary would attempt to breach them, emulating threat-actor tradecraft against enterprise networks and cloud tenants, and then briefing leaders on how to prioritize fix actions.

Typical work assignments at the full performance level include, but are not limited to:

• Lead full-lifecycle red team and penetration-test engagements against federal enterprise networks, cloud tenants (AWS / Azure / GCP), containerized and serverless workloads, web applications, and CI/CD pipelines - owning scoping, rules of engagement, operator tasking, deconfliction, and final reporting.
• Emulate real-world threat actors - design and run ATT&CK-aligned operations that chain initial access, identity/IAM abuse, privilege escalation, and lateral movement to reach crown-jewel systems, then prove impact without causing harm.
• Build and operate offensive infrastructure as code - stand up and tear down C2, redirectors, phishing, and lab/range environments repeatably with Terraform, Ansible, or comparable tooling, with disciplined OPSEC.
• Develop and extend offensive tooling - custom payloads, C2 profiles, exploit adaptations, and AI/LLM-augmented recon, code-review, and triage workflows - and feed that tradecraft back into team capability.
• Run continuous external attack-surface testing - automate discovery and assessment of internet-facing assets, set severity rubrics, and track exposure reduction across the agencies you support.
• Assess emerging attack surface - infrastructure-as-code and pipeline supply chains, SaaS/identity-provider federation, and AI/ML-integrated applications (prompt injection, model abuse, data-exfil paths).
• Partner with threat intelligence and detection engineering - turn current adversary reporting into testable TTPs, and work purple-team to validate and harden defensive coverage after every operation.
• Brief the people who can act - deliver attack narratives and prioritized, concrete remediation to system owners and senior executives in mission-impact terms; mentor operators and set tradecraft, automation, and OPSEC standards for the team

Conditions of employment

• You must be a U.S. citizen.
• Selective Service - Males born after 12/31/59 must be registered or exempt from Selective Service, see http://www.sss.gov/
• All Federal employees are required to participate in Direct Deposit/Electronic Funds Transfer for salary payments.
• DHS uses E-Verify, an Internet-based system, to confirm the eligibility of all newly hired employees to work in the United States. Learn more about E-Verify, including your rights and responsibilities.
• You must be able to obtain and maintain a security clearance suitable for Federal employment as determined by a background investigation. This may include a credit check, a review of financial issues, as well as certain criminal offenses and illegal use or possession of drugs.
• One-year probationary period may be required.
• This position may be designated as essential personnel. Essential personnel must be able to serve during continuity of operation events without regard to declarations of liberal leave or government closures due to weather, protests, and acts of terrorism or lack of funding. Failure to report for or remain in this position may result in disciplinary or adverse action in accordance with applicable laws, rules, and regulations (5 U.S.C. 7501-7533 and 5 CFR Part 752, as applicable).
• This position has been identified as a drug testing designated position (TDP) for purposes of the CISA's Drug-Free Workplace Program. All applicants tentatively selected for this position will be required to submit to a drug test to screen for illicit/illegal drug use prior to receiving a final offer of employment. A final offer of employment is contingent upon a negative drug test result. After appointment, you may be subject to periodic random drug testing.

Qualifications

Do NOT copy and paste the duties, specialized experience, or occupational assessment questionnaire from this announcement into your resume as that will not be considered a demonstration of your qualifications for this position. Your resume must describe your work and experience, in your own words.

To be considered minimally qualified for this position, you must demonstrate that you have the required competencies and experience for the respective grade level in which you are applying:

BASIC REQUIREMENT:

REQUIRED COMPETENCIES: Experience must be Information Technology (IT)-related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate.You must have IT-related experience demonstrating each of the 9 competencies listed below:

1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
3. Decision Making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals; causes change.
4. Information Management - Identifies a need for and knows where or how to gather information; organizes and maintains information or information management systems.
5. Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations
6. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
7. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
8. Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals.
9. Technical Competence - Uses knowledge that is acquired through formal training or on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues.

AND

SPECIALIZED EXPERIENCE: In addition to meeting the qualification requirement listed above, you must have at least one year of specialized experience at the next lower GS-grade level (or equivalent). Specialized experience is experience that has equipped you with the particular competencies/knowledge, skills, and abilities to successfully perform the duties of the position and is typically in or related to the work of the position to be filled. Such experience is typically gained in the IT field or through the performance of work where the primary concern is IT.

GS-13
You qualify at the GS-13 grade level if you have at least one (1) year of specialized experience at the GS-12 grade level (or equivalent) performing at least three of the following duties

1. Planning and executing authorized penetration tests or red team operations against enterprise networks, web applications, cloud tenants containerized/Kubernetes workloads, or operational technology - from scoping and rules-of-engagement through exploitation and reporting; OR
2. Performing external attack-surface reconnaissance and enumeration - Open Source Information gathering, Domain Name System (DNS)/subdomain discovery, exposed-service and credential discovery, cloud-asset and SaaS-tenant attribution - to identify realistic initial-access paths; OR
3. Gaining and expanding access using adversary tradecraft: phishing/social engineering, credential abuse, identity-provider attack paths (role assumption, token theft, federation abuse), Active Directory exploitation, privilege escalation, and lateral movement; OR
4. Working with infrastructure-as-code and Continuous Integration/Development (CI/CD) both as an attack surface (secrets in Terraform state or Ansible vaults, pipeline/runner compromise, supply-chain injection) and as your own tooling - provisioning offensive infrastructure repeatably via Terraform, Ansible, or comparable; OR
5. Applying Artificial Intelligence (AI)/Large Language Model (LLM) assisted tooling to offensive workflows - automating reconnaissance, triage, source-code/configuration review, or reporting - and/or testing applications that integrate AI/Machine Learning (ML) components (prompt injection, data exfiltration via model features, model-abuse paths); OR
6. Translating technical findings into written reports and live out-briefs that give system owners root cause, business impact, and concrete remediation; partnering with detection-engineering counterparts to validate and improve defensive coverage.

GS-14
You qualify at the GS-14 grade level if you have at least one (1) year of specialized experience at the GS-13 grade level (or equivalent) performing at least three of the following duties:

1. Serving as engagement lead for full-lifecycle red team or penetration-test operations - owning scoping, Rules of Engagement (RoE) negotiation, tradecraft selection, operator tasking, deconfliction, and final reporting - including operations against multi-account cloud estates and hybrid on-prem/cloud environments; OR
2. Designing adversary-emulation plans that map a named or composite threat actor's Tactics, Techniques, and Procedures (TTPs) (e.g., MITRE ATT&CK-aligned) to a target's environment, cloud control plane, crown-jewel assets, and detection posture; OR
3. Developing or extending custom offensive tooling, payloads, or Command & Control (C2) profiles to meet engagement objectives or defeat specific controls; contributing that tradecraft back to team capability; OR
4. Building and running offensive automation at program scale: codifying attack infrastructure, ranges, and continuous attack-surface testing as infrastructure-as-code (e.g.,Terraform, Ansible, Packer, or comparable); defining methodology, severity rubrics, and exposure-reduction metrics; OR
5. Integrating Artificial Intelligence (AI)/Large Language Model (LLM) capabilities into team tradecraft - developing or governing AI-augmented recon, code-review, and reporting workflows; setting safe-use guardrails - and leading assessments of AI/Machine Learning (ML) systems as a target attack surface; OR
6. Briefing senior executives and system owners on operation results in mission-impact terms; mentoring operators and setting tradecraft, automation, and Operational Security (OPSEC) standards for the team.

Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.

All qualification requirements must be met by the closing date of this announcement.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Your qualifications will be evaluated based on your application materials (e.g., resume, supporting documents), your responses on the application questionnaire, and your responses to all assessments required for this position.

You will be assessed on the following competencies (knowledge, skills, abilities, and other characteristics):

• Accountability
• Attention to Detail
• Customer Service
• Decision Making
• Flexibility
• Influencing/Negotiating
• Integrity/Honesty
• Interpersonal Skills
• Learning
• Reading Comprehension
• Reasoning
• Self-Management
• Stress Tolerance
• Teamwork

The USA Hire Assessment includes a cut score based on the minimum level of required proficiency in these critical general competencies. You must meet or exceed the cut score to be considered. You will not be considered for the position if you score below the cut score or fail to complete the assessment.

Overstating your qualifications and/or experience in your application materials or application questionnaire may result in your removal from consideration.

Interagency/Career Transition Assistance Program (I/CTAP): If you have never worked for the federal government, you are not I/CTAP eligible. View information about I/CTAP eligibility on OPM's Career Transition Resources website. To be considered under I/CTAP, you must be rated eligible based on minimum qualifications for this position. In addition, you must submit the supporting documents listed under the required documents section of this announcement.

Veterans' preference procedures are not applicable when candidates are selected through Direct Hire Authority (DHA).

To preview the application questionnaire, click here: https://apply.usastaffing.gov/ViewQuestionnaire/12970665