Clarification from the agency

All U.S. Citizens.

GS-13:

• Assist System Owners, Program Managers, and ISSOs with Security Assessment and Authorization (A&A) activities and RMF documentation requirements.
• Apply federal cybersecurity standards and guidance, including NIST SP 800-53 Rev. 5, NIST SP 800-53A, and FISMA requirements.
• Conduct security control assessments, compliance monitoring, and vulnerability tracking in support of system authorization and continuous monitoring programs.
• Support risk remediation activities, including tracking and resolving security findings through Plan of Action and Milestones (POA&M).
• Coordinate with system stakeholders on configuration management, change management activities, and Configuration Control Board (CCB) participation.
• Provide cybersecurity recommendations and guidance to ISSMs, ISSOs, and system stakeholders regarding compliance requirements, security controls, and risk mitigation actions.

GS-14 (In addition to the above):

• Serve as a senior cybersecurity advisor to leadership, providing recommendations regarding system authorization decisions, risk posture, and security control implementation.
• Lead Security Assessment and Authorization (A&A) activities and coordinating with System Owners, ISSOs, and Authorizing Officials to obtain and maintain Authority to Operate (ATO).
• Apply and interpret federal cybersecurity standards and policies, including NIST SP 800-53 Rev. 5, NIST SP 800-53A, FISMA, CNSS, and Intelligence Community security guidance.
• Manage continuous monitoring programs, including vulnerability management, configuration baseline compliance, and remediation tracking through Plan of Action and Milestones (POA&M).
• Coordinate cybersecurity activities across multiple systems or projects simultaneously, ensuring compliance with security policies and operational priorities.
• Provide strategic cybersecurity guidance and technical recommendations to senior leaders and stakeholders regarding security engineering initiatives, risk mitigation strategies, and system authorization status.

Conditions of employment

• Must be a U.S. citizen.
• Must be able to obtain a Top Secret-SCI clearance.

Qualifications

GS-13: Applicant must possess at least one (1) year of SE equivalent to the GS-12 grade level. SE is defined as follows:

• Hands-on experience supporting cybersecurity compliance and RMF authorization activities for information systems. Supporting implementation of the NIST Risk Management Framework (RMF) for federal information systems, including documentation, control implementation, and authorization support.
• Knowledge of, and experience working with, the Risk Management Framework (RMF) process, either as an ISSO, ISSE, ISSR or another role.
• Knowledgeable of assessing the security controls in Federal Information Systems NIST SP 800-53A.
• Ability to coordinate, prioritize and monitor work, including across multiple projects.
• Experience in providing recommendations to senior ISSM's, ISSO's, and ISSM Team on security and engineering projects and initiatives.

GS-14: Applicant must possess at least one (1) year of SE equivalent to the GS-13 grade level. In addition to the above, SE is defined as follows:

• Advanced experience leading cybersecurity risk management and authorization activities for federal information systems, lifecycle, including system categorization, security control selection, implementation, assessment, authorization, and continuous monitoring.
• Leading Security Assessment and Authorization (A&A) activities and coordinating with System Owners, ISSOs, and Authorizing Officials to obtain and maintain system authorization.
• Knowledgeable of the Risk Management Framework NIST Special Publication 800-53 Rev5, FISMA, and its implementation through NIST, CNSS, IC and other government standards
• Knowledgeable of assessing the security controls in Federal Information Systems NIST SP 800-53A.
• Ability to coordinate, prioritize, and monitor work across multiple projects; in addition to providing guidance and recommendations on security and engineering projects and initiatives to leadership.

Desired Skills

Desired skills are NOT mandatory and will NOT be utilized to minimally qualify applicants. Desired Skills are:

• Excellent customer service mindset and reputation.
• Experience communicating in writing and orally.
• Preferred certification in one or more cybersecurity disciplines (e.g., CISSP, CISM, CCSP, NCSF, etc.)
• Preferred prior architecture / systems engineering experience.
• Preferred prior network, cloud system, and application development experience.

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Your application will be evaluated using the FBI's Candidate Rating Procedures. Your resume and supporting documents will be reviewed to verify that you meet the job qualifications listed in this announcement. Applicants must meet the qualification requirements by the closing date of this announcement.

If you are found minimally qualified, your application will move forward to additional phases of the review process.

The five competencies will be used in a Structured Resume Review to objectively evaluate applicant resumes. Do not provide a separate narrative written statement. Rather you must describe in your resume how your past work experience demonstrates that you possess the competencies identified below. Your resume should demonstrate that you possess the following competencies.

Competencies:

• Communication
• Flexibility/Adaptability
• Organizing and Planning
• Information Management
• Technology Awareness

1. Utilizing the Resume Builder, outline your relevant work experience and associated start and end dates. Uploaded resumes will not be reviewed or used for qualification purposes.
2. Other supporting documents (if applicable):
   • College transcripts, if qualifying based on education or if there is a positive education requirement.
   • Former civilian Federal employees must submit a copy of your MOST RECENT SF-50 (Notification of Personnel Action) showing your tenure, grade and step, salary, and type of position occupied (i.e., Excepted or Competitive); or similar Notification of Personnel Action documentation, i.e., Transcript of Service, Form 1150, etc. This is a requirement to verify your Time in Grade (TIG). Actions such as promotion, within grade increase, or reassignment actions must be submitted as your most recent SF 50.
   • Most recent Performance Appraisal; not applicable to current FBI employeesVeterans: DD 214; Disabled Veterans: DD 214, SF-15, and VA letter dated 1991 or later
   • Memorandum for Record (MFR): Work performed outside assigned duties (that would not normally be documented on an SF-50, i. e., back-up duties), has to be documented in detail by an immediate supervisor in order to receive full credit for amount of time worked in that position. If no documentation is furnished no credit will be given for time worked in that position. The following notations must be specified in the documentation:
     • Percent of time worked in the particular position (cannot conflict with main duties.
     • The month/year work beganFrequency worked (i.e., daily, monthly, etc.)
     • Specific duties performed

Next steps