Skip to main content

Vacancy Details

Grade: 14

No questions specified.

Grade: All Grades

GS-14 Specialized experience includes:  Reviewing and validating Cybersecurity Assets network and architecture identifying network threats or vulnerabilities, providing solutions and resolving issues; managing the completion of assessment and authorization packages for government systems; independently overseeing audit execution and the development of concepts and approaches, guides, and resources; conducting audit reviews; and reporting progress.
1 GS-14: You must have 1 year of specialized experience at or equivalent to the GS-13 grade level in the Federal service. Specialized experience is experience that has equipped the applicant with the particular knowledge, skills, and abilities to perform successfully the duties of the position and is typically in or related to the work of the position to be filled. Choose the one response that best describes your highest level of experience. Answer to this question is required
  • I have at least one year of specialized experience at or equivalent to the GS-13 level in the Federal service performing the above listed tasks
  • My experience does not meet the above description.
2 Select the one response that reflects your experience serving as a network security technical advisor: Answer to this question is required
  • Experience developing, recommending, and implementing organization-wide technical and operational policies and procedures designed to insure the consistency, compatibility, effectiveness, and efficiency of network security capabilities and operations used throughout an organization.
  • Experience providing advice and consultation to an organization's top level officials on technical and operational policies and on emerging technological innovations, implications, and other issues related to the organization's network security of information systems technology.
  • Experience serving as an expert and technical advisor to top level officials and spokesperson within an organization for advanced technical network security matters relating to the development, testing, evaluation, and utilization of all new organization network security architectures and computing technologies.
  • Experience as the technical interface with other professionals engaged in research and development of advanced network security technology.
  • My experience does not match any of the choices listed above.
3 I have experience working with customers on network security issues to: Answer to this question is required
  • Assess customers during a network security incident.
  • Provide information of assistance.
  • Resolve customer problems or satisfy their needs.
  • Follow-up on complaints and resolutions of customer issues
  • Identify and evaluate problems and draw conclusions to resolve them.
  • None of the above.
4 Choose the best answer to describe how you managed the design and implementation of enterprise level and network intrusion detection and prevention systems. Answer to this question is required
  • I have not had education, training or experience in performing this task.
  • I have had training in performing this task, but have not yet performed it on the job.
  • I have only evaluated and conducted market research of enterprise level host and network intrusion detection and prevention systems for my current or previous agency/company.
  • I have assisted in the design and implementation of enterprise level host and network intrusion detection and prevention systems at my agency/company.
  • I have managed the design and implementation of enterprise level host and network intrusion detection and prevention systems for my agency/company.
  • None of the above.
5

Select the response that best describes your experience in developing reports that present and summarize risks facing organization, allowing for trend analysis and greater understanding about significant enterprise risk issues.        

Answer to this question is required
  • I have developed reports that identify, analyze and /or address risk management issues within a work unit.
  • I have developed reports that identify, analyze and /or address risk management issues beyond a work unit.
  • I have contributed to the development of reports that identify, analyze and /or address risks on an enterprise wide basis.
  • None of the above.
6

Do you have experience in the development and implementation or oversight of IT operating system related to quality control, compliance, counterparty approval/evaluation or risk management processes?

Answer to this question is required
  • Yes
  • No
7 Do you have experience conducting independent risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and measures needed to protect government automated information, and to complete system certification and accreditation for each system? Answer to this question is required
  • Yes
  • No
8 I have experience in the following: Answer to this question is required
  • Disaster recovery and business continuity resumption planning
  • Computer security auditing and reporting
  • Risk management and risk assessments
  • Contract and vendor negotiation
  • None of the above
9 I have experience with the following:(check all that apply) Answer to this question is required
  • Extracting, reverse-engineering, and analyzing information extracted from personal, server, mini, or mainframe computer systems.
  • Planning, organizing, conducting or coordinating evidentiary support activities where a computer or other electronic means is used in the commission of a crime.
  • Planning, coordinating, and resolving highly complex IT and investigative problems.
  • Findings ways to reduce computer security related vulnerabilities directly as a result of audits and/other computer security reviews.
  • Performing technical reviews of IT project proposals for their technical viability, cyber security vulnerabilities, and adherence to policy and computer security requirements.
  • Designing and implementing intrusion detection and analysis tools.
  • Developing programs to support legally sufficient forensic data recovery activities and forensic examination of electronic media.
  • None of the above.
10 I have prepared the following written materials (check all that apply): Answer to this question is required
  • Computer security policies or standard operating procedures for an organization.
  • Briefing materials for on current industry computer security trends or controversial issues relevant to audit findings.
  • IT security audit reports.
  • IT technical documents.
  • None of the above.
11 Independently led or supervised an audit execution and the development of concepts and approaches, guides, and resources; conduct audit reviews; and report progress. Answer to this question is required
  • Yes
  • No
12 I have directed the development of audit reports, ensuring compliance with standards and protocols as well as the development of appropriate corrective action. Answer to this question is required
  • I have no education, training, or experience in performing this task/competency.
  • I have had education and training in performing this task/competency, but have not yet performed it on the job.
  • I have performed this task/competency on the job, with close supervision from a supervisor or senior employee.
  • I have performed this task/competency as a regular part of a job, independently and usually without review by supervisor, manager or senior employee.
  • I have supervised performance of this task/competency and/or I have trained others so they can perform this task/competency or others normally consult me as an expert for assistance in performing this task/competency.
13

I have had experience educating and/or providing training on how to conduct audits within IT.

Answer to this question is required
  • I have no education, training, or experience in performing this task/competency.
  • I have had education and training in performing this task/competency, but have not yet performed it on the job.
  • I have performed this task/competency on the job, with close supervision from a supervisor or senior employee.
  • I have performed this task/competency as a regular part of a job, independently and usually without review by supervisor, manager or senior employee.
  • I have supervised performance of this task/competency and/or I have trained others so they can perform this task/competency or others normally consult me as an expert for assistance in performing this task/competency.
14

I have successfully taken actions to resolve issues brought about as a result of an IT audit.

Answer to this question is required
  • I have no education, training, or experience in performing this task/competency.
  • I have had education and training in performing this task/competency, but have not yet performed it on the job.
  • I have performed this task/competency on the job, with close supervision from a supervisor or senior employee.
  • I have performed this task/competency as a regular part of a job, independently and usually without review by supervisor, manager or senior employee.
  • I have supervised performance of this task/competency and/or I have trained others so they can perform this task/competency or others normally consult me as an expert for assistance in performing this task/competency.
15 Manages the completion of security authorization packages containing key elements including the systems security plan, the security assessment report and the plan of action and milestones. Answer to this question is required
  • I have no education, training, or experience in performing this task/competency.
  • I have had education and training in performing this task/competency, but have not yet performed it on the job.
  • I have performed this task/competency on the job, with close supervision from a supervisor or senior employee.
  • I have performed this task/competency as a regular part of a job, independently and usually without review by supervisor, manager or senior employee.
  • I have supervised performance of this task/competency and/or I have trained others so they can perform this task/competency or others normally consult me as an expert for assistance in performing this task/competency.
16

Implements security controls for a system (including those planned for implementation within explicit timeframes as indicated in the plan of action and milestones) and ensures adequate security is provided.

Answer to this question is required
  • I have no education, training, or experience in performing this task/competency.
  • I have had education and training in performing this task/competency, but have not yet performed it on the job.
  • I have performed this task/competency on the job, with close supervision from a supervisor or senior employee.
  • I have performed this task/competency as a regular part of a job, independently and usually without review by supervisor, manager or senior employee.
  • I have supervised performance of this task/competency and/or I have trained others so they can perform this task/competency or others normally consult me as an expert for assistance in performing this task/competency.
17 Validates the assertion of adequate security, determines the risk to the organization associated with operating the system, and decides if that risk is acceptable. Answer to this question is required
  • I have no education, training, or experience in performing this task/competency.
  • I have had education and training in performing this task/competency, but have not yet performed it on the job.
  • I have performed this task/competency on the job, with close supervision from a supervisor or senior employee.
  • I have performed this task/competency as a regular part of a job, independently and usually without review by supervisor, manager or senior employee.
  • I have supervised performance of this task/competency and/or I have trained others so they can perform this task/competency or others normally consult me as an expert for assistance in performing this task/competency.
18 After the security authorization package has been assembled, analyzes information gathered from across the organization to provide the authorizing official with enough credible information to support a risk-based decision. Answer to this question is required
  • I have no education, training, or experience in performing this task/competency.
  • I have had education and training in performing this task/competency, but have not yet performed it on the job.
  • I have performed this task/competency on the job, with close supervision from a supervisor or senior employee.
  • I have performed this task/competency as a regular part of a job, independently and usually without review by supervisor, manager or senior employee.
  • I have supervised performance of this task/competency and/or I have trained others so they can perform this task/competency or others normally consult me as an expert for assistance in performing this task/competency.