IT Cybersecurity Specialist (Vulnerability Assessment Test Principal)

US Government, Department of Transportation

Incumbent will perform a mixture of routine and multiple, varying assignments as a Cybersecurity Vulnerability Assessment Service Test Principal within the Cybersecurity Vulnerability Assessment Services Group (AMK-233) supporting the Cybersecurity Federal Shared Services Provider (FSSP) Branch (AMK-230).

 

For more details on elgibility, requirements, and evaluation. Please click “Apply Now”, which will take you to the US Gov job platform.

 

Job Grade: J
Total Openings:

Duties:

As Vulnerability Assessment Test Principal, applies comprehensive technical knowledge and experience in the hands-on performance of Penetration Testing activities and performs exploits on discovered vulnerabilities. Identifies, documents and reports advanced persistent threats (APT). Leverages deep knowledge of APTs and forensic artifacts to rapidly contain the threat. Provides oversight of independent Penetration Test Assessments, Vulnerability Assessments in support of Continuous Monitoring Assessment (CMA) and other information security assessment related tasks under limited direction of a Manager. Exhibits constant professionalism, attention to detail and a predictable in-office presence to effectively mentor team members. Provides input to management regarding employee performance. Approves leave in a limited capacity. Monitors and reports on the progress and status of assignments being accomplished by the Vulnerability Assessment Group, ensuring contractual and service level agreements are being met. Provides inter-program coordination with customers at local, agency-wide, departmental and interagency offices.Coaches Vulnerability Assessment Group team members in the selection, application and training of appropriate problem-solving methods and techniques; provides advice on work methods, practices, and procedures and assists team members in identifying approaches to effectively assess the security posture of Federal systems. Generates targeted response solutions to improve the organization's security posture. Shares experiences with team members enabling them to learn to hunt smarter with threat intelligence and specialized tools. Ensures Vulnerability Assessment work is completed in accordance with established priorities and in compliance with governing federal guidelines. Defines, organizes, and assigns resources to accomplish organizational objectives. Allocates resources to accomplish large work activities within established schedules.Processes customer inquiries for cybersecurity vulnerability assessment services. In consultation with Management and other subject matter experts (SME’s), establishes the scope, complexity and schedule for proposed projects and workloads.Provides oversight to ensure deliverables are in compliance with service level, leadership expectations, quality standards, and Federal Information Security Management/Modernization Acts (FISMA), necessitating extensive knowledge of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800 series, specifically NIST SP 800-53 and Federal Information Processing Standards (FIPS).Communicates results to all levels internally (within an LOB/SO or across LOB/SOs) and externally. Plays a lead role in drafting, reviewing, and editing reports or contractual documents for final approval prior to external distribution. Presents briefings to obtain consensus/approval on policies.Provides guidance to lower-level staff on how to solve difficult technical issues. Resolves all but unique technical problems without the intervention of management or a more experienced technical specialist. Develops plans, techniques, and policies to address current or anticipated problems and issues. Works with management to solve problems.The position is directly involved with the analysis and monitoring of security controls for High Value Asset (HVA) systems — critical and high impact infrastructure and/or systems — as defined by the Department of Homeland Security (DHS), supporting our nation's critical cybersecurity posture. Assessment activities will routinely identify shortfalls in Agency employee performance, wherein the security posture of systems is being adversely impacted.May perform Cybersecurity Incident Response actions and activities.This position may require travel up to 25%.

Qualifications:

To view the complete qualification standard, applicants should reference – U.S. Office of Personnel Management Information Technology (IT) Management Series, 2210. https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/2200/information-technology-it-management-series-2210-alternative-a/To qualify for this position at the FV-J (FG/GS-14) level, you must demonstrate in your application that you possess at least one year of specialized experience equivalent to FV-I (FG/GS-13) level. Specialized experience is experience that has equipped you with the particular knowledge, skills, and abilities to perform successfully the duties of the position. And meet the Selective Placement Factor.Specialized Experience: may include but is not limited to: comprehensive technical knowledge and experience in the hands-on performance of Penetration Testing activities and performs exploits on discovered vulnerabilities. Provides oversight to ensure deliverables are in compliance with service level, leadership expectations, quality standards, and Federal Information Security Management/Modernization Acts (FISMA), necessitating extensive knowledge of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800 series, specifically NIST SP 800-53 Rev. 4 and Federal Information Processing Standards (FIPS). In addition, must have experience with at least two of the following systems: Python programming, Linux Server, and Firewall Administration, Kerberos, Splunk, and Digital Forensics.ANDSelective Placement Factor: Applicants must currently hold the (ISC)2 Certified Information Systems Security Professional (CISSP) certification plus one or more of the following industry-recognized Cybersecurity certifications:Global Information Assurance Certification Penetration Tester (GIAC-GPEN)Global Information Assurance Certification Exploit Researcher and Advanced Penetration Tester (GXPN)Global Information Assurance Certification Web Application Penetration Tester (GWAPT)EC Council Certified Penetration Testing Professional (CPENT)EC Council Licensed Penetration Testing (LPT) MasterANDIndividuals must have IT-related experience demonstrating each of the four competencies listed below. The experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate.1. Attention to Detail – Is thorough when performing work and conscientious about attending to detail.2. Customer Service – Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.3. Oral Communication – Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.4. Problem Solving – Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.Applicants should include examples of Specialized Experience in their work history and must submit proof documentation of the certification(s) they hold.Qualifications must be met by the closing date of this vacancy announcement.

Job Requirements:

We are not accepting applications from noncitizens.

Job Overview