Vacancy Summary

Qualifications

KNOWLEDGE, SKILLS, AND ABILITIES:

Knowledge of information system security operations, techniques, and standards.

Ability to communicate in writing.

Knowledge of cybersecurity principles, methods, and tools.

ADDITIONAL REQUIREMENTS:

I have experience conducting audits, security assessments, or technical reviews and knowledge of penetration testing principle, tools, and techniques.

I have experience conducting vulnerability scans, analyzing vulnerabilities to determine risk, and prioritizing vulnerabilities using the Common Vulnerability Scoring System (CVSS).

I have experience and have performed the tasks in the NIST Risk Management Framework (RMF) as part of the System Development Life Cycle (SDLC).

MINIMUM FEDERAL QUALIFICATION REQUIREMENTS:

Grade 13:

Qualifying experience for the GS-13 level requires IT-related experience that demonstrates each of the following four competencies: Attention to Detail; Customer Service; Oral Communication; and Problem Solving; AND one (1) year of specialized experience at least equivalent to the GS-12 level. Specialized experience is experience that is in or directly related to the line of work of the position to be filled and that has equipped the applicant with the particular competencies/knowledge, skills, and abilities to successfully perform the duties of the position. Experience must be IT-related and may be paid or unpaid experience.

Example of specialized experience for positions at the GS-13 level, typically gained in the IT field or through performance of work where the primary concern is IT, includes experience analyzing a number of alternative approaches when advising management concerning major aspects of IT system design. The experience demonstrates accomplishment of IT project assignments requiring knowledge of IT requirements and techniques pertinent to the position to be filled.

Court Services and Offender Supervision Agency

Information Technology Specialist (Information Security), GS-2210-13

Announcement Number:	OD-17-061-DEU-EB	Application Deadline:	08/24/2017
Locations:	Washington, Dist of Columbia	Open Date:	08/03/2017
Salary Range:	Min: 94796.0 - Max: 123234.0	Location Notes:	Washington, DC
Pay Schedule:	Annual	Who May Apply:	US Citizens
Time Limit:	Permanent - No time limit	Promotion Potential:	13
Number of Vacancies:	1	Work Schedule:	Full Time

Agency Marketing Statement:

A FEDERAL CAREER LIKE NO OTHER!!! Are you ready to increase public safety, prevent crimes, reduce recidivism, and support the fair administration of justice in close collaboration with the District of Columbia's community? The Court Services and Offender Supervision Agency's (CSOSA) has an opening for an Information Technology Specialist (Information Security), to join our dedicated team and gain invaluable experience working in the public interest to support the fair administration of justice.
A FEDERAL CAREER LIKE NO OTHER!!! Are you ready to increase public safety, prevent crimes, reduce recidivism, and support the fair administration of justice in close collaboration with the District of Columbia's community? The Court Services and Offender Supervision Agency's (CSOSA) has an opening for an Information Technology Specialist (Information Security), to join our dedicated team and gain invaluable experience working in the public interest to support the fair administration of justice.

Notes:

LOCATION: Court Services and Offender Supervision Agency (CSOSA), Office of the Director, Washington, DC.

If you would like to learn more about CSOSA, we encourage you to visit our website at www.csosa.gov.

This vacancy announcement may be used to fill future vacancies within one year.

As a part of the applicant assessment process for this job opportunity announcement, all applicants MUST provide a response to the following statements in narrative form: 1.) Describe your experience with managing plan of action milestones. 2.) Describe your experience conducting audits, security assessments, or other technical reviews and knowledge of penetration testing principle, tools, and techniques. 3.) Describe your experience conducting vulnerability scans, analyzing vulnerabilities to determine risk, and prioritizing vulnerabilities using the Common Vulnerability Scoring System (CVSS).
LOCATION: Court Services and Offender Supervision Agency (CSOSA), Office of the Director, Washington, DC. If you would like to learn more about CSOSA, we encourage you to visit our website at www.csosa.gov. This vacancy announcement may be used to fill future vacancies within one year. As a part of the applicant assessment process for this job opportunity announcement, all applicants MUST provide a response to the following statements in narrative form: 1.) Describe your experience with managing plan of action milestones. 2.) Describe your experience conducting audits, security assessments, or other technical reviews and knowledge of penetration testing principle, tools, and techniques. 3.) Describe your experience conducting vulnerability scans, analyzing vulnerabilities to determine risk, and prioritizing vulnerabilities using the Common Vulnerability Scoring System (CVSS).

Duties:

Serves as the Agency Information Systems Security Officer (ISSO) responsible for ensuring the Agency Information Security Program requirements are planned and implemented across the General Support System, and mission critical and non-critical business applications, internal and external.

Oversees and manages all external audits, security assessments, and penetration testing activities. Conducts scheduled or ad-hoc compliance reviews, internal audits and ongoing monitoring activities (where applicable).

Provides technical assistance to remediate critical vulnerabilities and security weaknesses through the completion of Plans of Action and Milestones (POA&Ms). Conducts and documents risk and vulnerability assessments of planned and installed IT systems to determine level of risk to confidentiality, integrity, and availability of Agency systems and data.
Serves as the Agency Information Systems Security Officer (ISSO) responsible for ensuring the Agency Information Security Program requirements are planned and implemented across the General Support System, and mission critical and non-critical business applications, internal and external. Oversees and manages all external audits, security assessments, and penetration testing activities. Conducts scheduled or ad-hoc compliance reviews, internal audits and ongoing monitoring activities (where applicable). Provides technical assistance to remediate critical vulnerabilities and security weaknesses through the completion of Plans of Action and Milestones (POA&Ms). Conducts and documents risk and vulnerability assessments of planned and installed IT systems to determine level of risk to confidentiality, integrity, and availability of Agency systems and data.
Serves as the liaison for DHS Shared Cybersecurity Services Program, including the coordination of deployment, training, and implementation of data feeds, tools, and services. Coordinates, collects, and tracks data/responses to Annual FISMA CIO Metrics, DHS CDM Program Office, and other Government-wide Initiatives and/or Agency-specific Data Calls.

Participates in software development projects by guiding software developer in applying security engineering principle throughout the system development life cycle, to include requirements definition, analysis, design/architecture, development, and testing for new systems or major enhancements to existing systems.

Reviews and recommends approval of preliminary and detailed systems designs/architecture to ensure alignment with security requirements and compliance Agency IT security policies, procedures, and guidance.
Serves as the liaison for DHS Shared Cybersecurity Services Program, including the coordination of deployment, training, and implementation of data feeds, tools, and services. Coordinates, collects, and tracks data/responses to Annual FISMA CIO Metrics, DHS CDM Program Office, and other Government-wide Initiatives and/or Agency-specific Data Calls. Participates in software development projects by guiding software developer in applying security engineering principle throughout the system development life cycle, to include requirements definition, analysis, design/architecture, development, and testing for new systems or major enhancements to existing systems. Reviews and recommends approval of preliminary and detailed systems designs/architecture to ensure alignment with security requirements and compliance Agency IT security policies, procedures, and guidance.