Clarification from the agency

This announcement is open to all U.S. Citizens. This position may be filled through the Direct Hire Authority for IT Specialist positions. All applicants who meet the qualification requirements will be forwarded to the selecting official for further consideration. Category Rating, Veterans Preference, Schedule A and traditional rating and ranking of applicants does not apply to this vacancy.

APPLICATION LIMIT: This vacancy announcement is limited to the first 200 applications received and will close at 11:59PM Eastern Time on the day that we receive the 200th application, or at 11:59PM Eastern Time on the listed closing date, whichever occurs first. We encourage you to read this entire vacancy announcement prior to submitting your application.

We encourage you to read this entire vacancy announcement prior to submitting your application.

As an Information Technology Specialist (INFOSEC), GS-2210-14, you will be responsible for:

• Serving as the Security Operations Center (SOC) incident response coordinator using tools like Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR)s, and ServiceNOW ticket system, leading the full LiveCycle of incident response, from detection through recovery, while coordinating containment and eradication efforts working with several partners, and continuously improving workflows and playbooks.
• Serving as the senior technical lead by coordinating Pen Testing, Red Team, and Purple Team exercises, the manager tests defenses against simulated attacks. This creates a feedback loop that continually strengthens detection capabilities and hones the team’s technical skills.
• Managing security vulnerabilities and detecting threats to uphold cyber hygiene, managing Continuous Diagnostics and Mitigation (CDM) security baselines.
• Reporting stakeholder communication and presenting through PowerPoint, MS Project, and other briefing tools to deliver daily SOC updates, incident findings, and enterprise security posture insights to executive leadership and non-technical stakeholders, including tailored presentations to the Chief Information (CISO) as needed.

Conditions of employment

• You may be subject to serve a one-year probationary period.
• Must be a US Citizen
• Relocation will not be paid.
• Must complete a Background Investigation and Fingerprint check.
• Males 18 and over must be registered with the Selective Service.

Condition of Employment:

As a condition of employment for accepting this position, you may be required to serve a probationary period or trial period during which we will evaluate your fitness and whether your continued employment advances the public interest. In determining if your employment advances the public interest, we may consider:

• Your performance and conduct;
• The needs and interests of the agency;
• Whether your continued employment would advance organizational goals of the agency or the Government; and
• Whether your continued employment would advance the efficiency of the Federal service.

Upon completion of your probationary period OR trial period your employment will be terminated unless you receive certification, in writing, that your continued employment advances the public interest.

Selective Placement Factor (SPF): This position requires a CISSP or CISA professional certification in IT Security or IT Risk from a recognized, credentialed, professional association upon date of hire and acceptance of this position.

You must meet all qualification requirements within 30 days of the closing date of this vacancy announcement.

Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills, and can provide valuable training and experience that translates directly to paid employment. We will consider all qualifying experience, including any volunteer experience.

Qualifications

Specialized Experience for the GS-14:

One year of experience in either federal or non-federal service that is equivalent to at least a GS-13 performing two (2) out of three (3) of the following duties or work assignments:

1. Experience coordinating Pen Testing, Red Team, and Purple Team exercises, testing defenses against simulated attacks, applying threat intelligence, and updating playbooks to continuously develop the SOC analytics capabilities.
2. Experience in managing a SOC, leading advanced cyber incident triage and response efforts, including detection, investigation, containment, eradication, and recovery, for complex security events such as APTs and data exfiltration attempts, while documenting findings, ensuring alignment with Incident Response (IR) plans and NIST SP 800-61r2, improving SOC workflows, Standard Operating Procedures (SOP)s, and playbooks.
3. Experience in conducting continuous, risk-based vulnerability management, overseeing cyber-hygiene and CDM scans to enforce enterprise-wide baseline security posture.

Basic Experience Requirements:

 You must possess IT related experience (paid or unpaid experience and/or completion of specific, intensive training (e.g., IT certification), as appropriate) demonstrating each of the four competencies listed below. 

1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
2. Customer Service - Works with clients and customers (i.e., any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
3. Oral Communication - Expresses information (e.g., ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (e.g., technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

Knowledge, Skills, and Abilities (KSAs):

The quality of your experience will be measured by the extent to which you possess the following knowledge, skills and abilities (KSAs). You do not need to provide separate narrative responses to these KSAs, as they will be measured by your responses to the occupational questionnaire (you may preview the occupational questionnaire by clicking the link at the end of the Evaluations section of this vacancy announcement).

1. Knowledge of the Cyber Kill Chain, MITRE ATT&CK framework, and common attack methodologies. Expertise in SIEM, EDR, Web Application Firewall (WAF), forensics methodology, and threat intelligence.
2. Knowledge of attacker frameworks (MITRE ATT&CK), the skill to hunt through complex data for hidden threats, and the ability to translate technical findings into business risk, and the ability to facilitate collaboration between Red and Blue teams.
3. Skill in SIEM systems, EDR, including their configuration and optimization, expertise in forensics, pen testing, integrating threat intelligence feeds and managing cyber hygiene initiatives.
4. Ability to communicate complex technical risks clearly to executive and non-technical audiences, think strategically about security operations to align them with business objectives, and apply strong root cause analysis to drive effective decision-making and continuous improvement.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

We will review your application and documentation submitted to ensure you meet the basic qualification requirements. We will refer the best qualified candidates to the Selecting Official of the job for further review and consideration. You will be evaluated to determine if you meet qualifications required, and on the extent to which your application shows that you possess the knowledge, skills and abilities associated with this position as defined below. Please be sure to give examples in your resume and explain how often you used these skills, the complexity of the knowledge you possessed, the level of people you interacted with, and the complexity and sensitivity of the issues you handled.

CTAP/ICTAP candidates must be rated and determined to be well qualified (or above), based on an evaluation of their applications; possessing the knowledge, skills, and abilities which clearly exceed the minimum qualification requirements for the position.

• Your resume should include relevant work experience, applicable education and your contact information. For current or previous federal employees, include the pay plan, series and grade.

You must submit (REQUIRED FOR ALL APPLICANTS):

1. A resume demonstrating your education, experience, training, and accomplishments as it relates to the qualifications for this position and substantiating your responses to the occupational questionnaire. Please limit your resume to 2 pages with the font size no smaller than 10 points.  If your resume is more than 2 pages, only the first 2 pages will be reviewed and considered for the qualifications determination. 

      2. Transcript: This position has a positive education requirement and requires proof of education for eligibility. You must submit an unofficial transcript that includes the following information: name of accredited institution, major(s), grades earned, completion dates, and quarter and semester hours earned. If any required coursework is not easily recognizable on transcripts, or if you believe a portion of a particular course can be credited toward meeting an educational requirement, you must also provide a memorandum on letterhead from the institution's registrar, dean, or other appropriate official stating the percentage of the course that should be considered to meet the requirement and the equivalent number of units. Unofficial transcripts are acceptable; however, if you are selected for the position, you will be required to produce the original official transcripts. This also applies to ED employees.

      3. Career Transition Assistance Plan (CTAP), or Interagency Career Transition Assistance Plan (ICTAP): Visit the https://www2.ed.gov/about/jobs/open/edhires/ictap.html  or https://www2.ed.gov/about/jobs/open/edhires/ctap.html for information on how to apply as a CTAP, or ICTAP eligible. To exercise selection priority for this vacancy, CTAP/ICTAP candidates must meet the basic eligibility requirements and all selective factors. CTAP/ICTAP candidates must be rated and determined to be well qualified (or above) based on an evaluation of the competencies listed in the How You Will Be Evaluated section.

Next steps