Clarification from the agency

All US Citizens

In this role, you will be at the forefront of defending the SEC against sophisticated cyber threats, shaping the future of our SOC, and mentoring the next generation of cyber defenders. You'll have the opportunity to work with cutting-edge technology, collaborate with top experts, and make a real impact on our mission and the broader cybersecurity community.

In this role as a Senior Incident Response Lead, you will be responsible for:

• Leading the end-to-end incident response lifecycle, including preparation, detection, analysis, containment, eradication, recovery, and post-incident review, following established frameworks such as NIST SP 800-61 and MITRE best practices.
• Overseeing triage, investigation, and coordination of responses to security incidents, ensuring timely escalation and communication with stakeholders.
• Ensuring all incident handling activities are documented, repeatable, and compliant with legal, regulatory, and audit requirements.
• Developing, maintaining, and executing incident response plans, standard operating procedures (SOPs), and playbooks tailored to the organization's threat landscape and business priorities.
• Performing in-depth forensic analysis of endpoints, networks, cloud environments, and applications to determine root cause, impact, and remediation steps for security incidents.
• Utilizing advanced detection and response tools (EDR, SIEM, SOAR, threat intelligence platforms) to identify and analyze threats.
• Collaborating with IT, legal, compliance, and business units to ensure effective incident management and communication.
• Identifying gaps in detection, response, and recovery processes; recommend and implement improvements.
• Measuring and reporting on incident response metrics (e.g., mean time to detect/respond/recover, true/false positive rates, incident trends) to drive continuous improvement

Conditions of employment

• CITZENSHIP: You must be a US Citizen.
• SELECTIVE SERVICE: Males born after 12/31/59 must be registered or exempt from Selective Service (see https://www.sss.gov/).
• SECURITY CLEARANCE: Entrance on duty is contingent upon completion of a pre-employment security investigation. Favorable results on a Background Investigation may be a condition of employment or selection to another position.
• PERMANENT CHANGE OF STATION (PCS): Moving/Relocation expenses are not authorized.
• DIRECT DEPOSIT: All Federal employees are required to have Federal salary payments made by direct deposit to a financial institution of their choosing.
• PROBATIONARY PERIOD: This appointment may require completion of a one-year probationary period.
• The selectee is required to report to the duty station(s) listed.
• The duties of this position may require the incumbent to carry a cell phone and be on call 24 hours a day, seven days a week on a rotational basis, based on the needs of the organization.

Qualifications

Applicants are responsible for confirming all required materials are submitted by the closing date of the announcement. Please check the How You Will Be Evaluated and Required Documents sections carefully, as missing documents will render the application incomplete and ineligible for review.

Qualifying experience may be obtained in the private or public sector. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. All qualification requirements must be met by the closing date of this announcement.

BASIC REQUIREMENT: For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below:

1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

MINIMUM QUALIFICATION REQUIREMENT: In addition to meeting the basic requirement, applicants must also meet the minimum qualification requirement below:

SK-14: Applicant must have at least one year of specialized experience equivalent to the GS/SK-13 level:

1. Analyzing telemetry data to identify the root cause of a cyber incident;
2. Working with different groups to handle a cyber incident;
3. Delivering reports that explain what happened and what the team learned; and
4. Providing technical direction to team members during security and cyber incidents.

ACCOMPLISHMENT RECORD COMPETENCIES: Your Accomplishment Record narratives should address the following competencies. See the How You Will Be Evaluated section below for more information:

• Cyber Defense Analysis: Uses defensive measures and information collected from a variety of sources to identify, analyze, andreport events that occur or might occur within the network to protect information, information systems, and networks from threats.
• Critical Thinking: Considers a variety of factors, general and subject matter-specific, when making decisions and determining next steps.
• Technical Communication: Translates technical information into non-technical terms and accurately convey technical information to end users (e.g., staff, management) and outside parties, including the technical documentation of applications, systems, Standard Operating Procedures, etc.
• Artificial Intelligence and Machine Learning: Uses principles, methods, and tools to design or implement systems that perform and apply human-like intelligence functions such as those that use neural networks, deep learning, natural language processing, and image recognition.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

You will be evaluated for this position based on how well you meet the qualifications listed in this announcement.

This position is being advertised through the Office of Personnel Management's (OPM) Delegated Direct-Hire Authority (5 U.S.C. Section 3304 and 5 CFR Part 337, Subpart B) and is open to All U.S. Citizens. Under this authority, competitive rating, ranking and veterans' preference procedures do not apply.

Your resume and application package will first be reviewed to determine whether you meet the minimum qualification requirements outlined in the announcement. If you are found minimally qualified, the Office of Human Resources will contact you to request an Accomplishment Record. You will have 3 business days from the date of the request to submit it. Failure to submit the Accomplishment Record on time will remove you from further consideration. Because of the short turnaround time, you are strongly encouraged to begin preparing your Accomplishment Record in advance.

Once your Accomplishment Record is received, a rating panel will review both your resume and your narrative responses. Your Accomplishment Record must clearly demonstrate your proficiency in the competencies listed in the Qualifications section.

Click here for guidance on writing your Accomplishment Record.

Your resume must provide evidence that supports the claims in your Accomplishment Record. Each narrative must describe one specific, relevant example from your experience or training. Responses are limited to 300 words per competency; any text beyond this limit will not be reviewed.

You must provide one document containing your narrative responses for all four competencies. Failure to address each competency annotated on the announcement or failure to provide the correct document will result in loss of further consideration. Please note: A Performance Appraisal does not satisfy the requirement for an Accomplishment Record.

Required Accomplishment Record Format:

Applicant First Name and Last Name
Competency Title

• Position title and dates from your resume that this experience was obtained
• Describe the situation (i.e., the challenged faced, the problem solved)
• Describe the specific actions you took
• State the outcome, results, or long-term impact of your accomplishment
• Name and email address of someone who can verify this information

Reference checks may be conducted as part of the final selection process, and you will be notified before any contacts are made.

Basis for Rating: The rating panel will evaluate applicants' accomplishment records and resume, and then place them into one of the following categories:

• Pass - Meets the minimum qualification requirements and has at least a moderate amount of skills and experience in most of the job related competencies.
• Fail - Meets the minimum qualification requirements, but has only limited experience in several of the job related competencies.

Passing applicants will be referred to the hiring office for further review and consideration. The hiring office may directly contact recommended candidates for interview(s).

To preview the Questionnaire, click https://apply.usastaffing.gov/ViewQuestionnaire/12988382