Skip to main content

Vacancy Details

Grade: 13

...
For the GS-13 all candidates are required to have one year of Specialized experience at the GS-12 level or equivalent in other public or private sectors, that is directly related to the position as listed in this announcement and which has equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position is defined as experience developing policy, standards, and processes that provide for the efficient and secure operation of agency information technology (IT) systems
1 Select the choice that best describes your specialized experience: Answer to this question is required
  • I have one full year or more of specialized experience equivalent in responsibility and scope to the GS-12 level as described above.
  • I do not have one full year of specialized experience equivalent to the definition as described above.
2 Please specify where this experience is documented in your resume by indicating place of employment, job title and length of time performing the duties. We must be able to verify this experience in your resume in order for you to receive credit. Maximum length of 250 characters. Answer to this question is required
3 Select all the items that best describe your experience performing tasks relating to execution of IT security compliance principles in support of compiling artifacts in response to A-123 and A-130 audits, continuous monitoring of information system with completion of network and/or system account reviews to perform the following tasks. Answer to this question is required
  • Research, gather and provide artifacts for audit request
  • Develop project plans for completion of IT security projects and activities for completion of security assessments of security controls for proposed and modified applications and information systems
  • Conduct network account reviews to identify access privileges and status of account access (disabled accounts, inactive accounts for certified and accredited information systems
  • Conduct site surveys for IT Compliance in accordance with NIST standards to develop reports with findings and recommendations
  • None of the above
4 Select the items that best describe your experience performing analysis and technical support for security controls. Answer to this question is required
  • Evaluate the security impact of system(s) changes, including interfaces with other automated systems
  • Oversee firewall, web gateway, advanced threat detection, security incident and event management system, and intrusion detection system management
  • Review enterprise security access management controls
  • Provide information security analysis and technical support for security controls in integrated project teams through the system development life cycle
  • None of the above

Grade: 14

...
For the GS-14 all candidates are required to have one year of Specialized experience at the GS-13 level or equivalent in other public or private sectors, that is directly related to the position as listed in this announcement and which has equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position is defined as experience designing and maintaining information security architecture for an agency’s information technology, infrastructure, including WAN, LAN, Internet, extranet, and intranet.
1 Select the choice that best describes your specialized experience: Answer to this question is required
  • I have one full year or more of specialized experience equivalent in responsibility and scope to the GS-13 level as described above.
  • I do not have one full year of specialized experience equivalent to the definition as described above.
2 Please specify where this experience is documented in your resume by indicating place of employment, job title and length of time performing the duties. We must be able to verify this experience in your resume in order for you to receive credit. Maximum length of 250 characters. Answer to this question is required
3 From the list below select the security tools that you have used in the past year as part of either penetration testing or network security incident response: Answer to this question is required
  • Nessus
  • Nmap/Zenmap
  • Mandiant Web Historian
  • Sniffer Infinistream
  • Splunk
  • Wireshark
  • EnCase
  • Snort
  • NetWitness Investigator
  • Symantec Web Gateway
  • Sniffer Application Playback
  • VMWare (Player, Workstation or Server)
  • None of the above
4 Select all the following tasks you have experience using a Security Incident and Event Management system. Answer to this question is required
  • Search for potential security events
  • Correlate security events
  • Create actionable information such as determining event sources and times
  • None of the above
5 Select all the choices you have experience analyzing outbound network traffic manually or with an automated advanced threat protection solution to find signs of: Answer to this question is required
  • Data breaches or data loss
  • Malicious traffic such as command and control or Indicators of Compromise
  • Inappropriate use
  • Criminal activity
  • None of the above
6 Do you have experience triaging and responding to cyber security incidents according to the US-CERT incident response model. Answer to this question is required
  • Yes
  • No
7 Please specify where this experience is documented in your resume by indicating place of employment, job title and length of time performing the duties. We must be able to verify this experience in your resume in order for you to receive credit. Maximum length of 250 characters. Answer to this question is required
8 Select all you have experience using Nmap/ZenMap to perform the following. Answer to this question is required
  • Enumerate a TCP/IP network
  • Identify open ports
  • Identify vulnerabilities
  • Identify operating systems and running services
  • None of the above
9 Select the items that best describe your experience managing and operating information security systems. Answer to this question is required
  • Provide security incident identification, response and remediation capabilities for a wide area network, including hands-on experience with intrusion detection and prevention technologies
  • Advise system owners during the Security Authorization and Assessment (Certification and Accreditation) process on appropriate mitigation and implementation strategies
  • Provide secure system architecture solutions for general support systems and enterprise integrated applications, including controls devoted to public facing websites to include e-Commerce, non-commerce and data warehousing
  • None of the above
10 Do you have experience implementing, monitoring and analyzing security solutions for SCADA/Industrial Control System environments? Answer to this question is required
  • Yes
  • No
11 Please specify where this experience is documented in your resume by indicating place of employment, job title and length of time performing the duties. We must be able to verify this experience in your resume in order for you to receive credit. Maximum length of 250 characters. Answer to this question is required
12 Do you have experience implementing, monitoring and analyzing security solutions for Payment Card Industry (PCI) environments? Answer to this question is required
  • Yes
  • No
13 Please specify where this experience is documented in your resume by indicating place of employment, job title and length of time performing the duties. We must be able to verify this experience in your resume in order for you to receive credit. Maximum length of 250 characters. Answer to this question is required
14 Select the items that best describe your experience using strategic thinking to research and assess information. Answer to this question is required
  • Perform research and feasibility analyses of security services available within industry for applicability within an agency
  • Assess and recommend measures to protect physical facilities where computers, software, and peripherals are used
  • Identify problem, determine the accuracy and relevance of information, use sound judgment to generate and evaluate alternatives and make recommendations regarding information security
  • Assess designs and plans and selects, implements, and tests information security controls during system development, as part of a formal System Development Life Cycle
  • None of the above
15 Select the items that best describe your experience using strategic thinking to develop and implement new approaches in compliance with regulations. Answer to this question is required
  • Design, engineer, and integrate information security technologies into systems and networks in a multiple-site WAN environment that includes expertise with firewall technology and requires ensuring compliance with applicable security standards
  • Develop and implement new approaches and procedures regarding security measures that are in compliance with regulations
  • Make sound, well informed and objective decisions, perceives the impact and implication of decisions, commits to action, even in uncertain situations, to accomplish organizational goals
  • None of the above

Grade: All Grades

REMINDER: In addition to this questionnaire, you must also submit all information/documents applicable to you as described under "Required Documents." Please read the vacancy announcement carefully. If all the required information is not submitted, you will be found ineligible for this position.
1 Are you currently serving or have served in the last five years in a Political Appointment in the Federal Government? Answer to this question is required
  • Yes
    1.1 Please list the title, agency, and dates of this appointment. Please note you will be required to meet OPM Approval of your appointment if selected. Maximum length of 250 characters.
  • No
2 I certify that, to the best of my knowledge and belief, all of the information on and attached to this application is true, correct, complete, and made in good faith. I understand that false or fraudulent information on or attached to this application may be grounds for not hiring me or for firing me after I begin work and may be punishable by fine or imprisonment. I understand that any information I give may be investigated. Answer to this question is required
  • Yes
  • No

For all positions, individuals must have IT-related experience demonstrating each of the four competencies listed below.

Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

3

Do you possess all four competencies listed above in your IT related experience?

Answer to this question is required
  • Yes
  • No
4 Select all the security laws, federal mandates and standards that you have used as part of either performing or supporting IT security compliance activities. Answer to this question is required
  • Federal Information Security Management Act of 2002
  • E-Government Act of 2002
  • Payment Card Industry Data Security Standards
  • National Institute of Standards and Technology (NIST) Special Publications (SP)
  • Federal Information Processing Standards
  • OMB Circulars A-123, and A-130
  • Homeland Security Presidential Directives HSPD-7 and HSPD-12
  • SANS Top 20
  • OWASP Top 10
  • None of the above
5 Select all the items that describe your experience with developing, compiling, and reviewing the following security documentation that supports certification and accreditation for information systems. Answer to this question is required
  • System Security Plan
  • Contingency Plan and/or Disaster Recovery
  • Risk Assessment
  • Security Assessment Report
  • Security Test and Evaluation Plan
  • Security Authorization Memorandums
  • Plans of Action of Milestones (POAMs)
  • Continuous Monitoring Plans
  • None of the above
6 Select all the items that describe the security tools you have used to support IT security compliance activities to include management of security assessments and authorization documentation, vulnerability management and penetration testing activities. Answer to this question is required
  • Trusted Agent FISMA
  • Tenable Nessus
  • Nmap/Zenmap
  • Splunk
  • Wireshark
  • VMware (Player, Workstation or Server)
  • None of the above
7 Have you utilized a packet capture analysis tool to find web site URLs visited by a user, including whether the site visit was a referral or directly entered into the browser. Answer to this question is required
  • Yes
  • No
8 Please specify where this experience is documented in your resume by indicating place of employment, job title and length of time performing the duties. We must be able to verify this experience in your resume in order for you to receive credit. Maximum length of 250 characters. Answer to this question is required
9 Select all the items that describe your experience for communicating technical and non-technical requirements. Answer to this question is required
  • Develop MS Powerpoint presentation to identify technical and non-technical IT security requirements for projects.
  • Develop dashboards that display bar charts, pie charts, and percentages for completion and/or completion of protections.
  • Develop strategic plans, enforcement plans, and reports with findings and recommendations that identify IT roles and responsibilities for specified projects.
  • Develop narrative responses to include IT security functional requirements, test scripts, gap analysis for security analysis.
  • None of the above
10 Select all the choices that you have experience using a packet capture analysis tool to isolate traffic streams. Answer to this question is required
  • Protocol
  • IP address
  • Time
  • Other filters
  • None of the above
11 Do you have experience using a packet capture analysis tool to reconstruct unencrypted network traffic to isolate and extract the following? Answer to this question is required
  • Email
  • Whole web sites
  • Binary or other files
  • Images and videos
  • None of the above
12 Select the items that describe your experience conducting and analyzing IT security standards and regulatory requirements and support for IT disaster recovery (DR) and continuity of operations planning (COOP) for the following. Answer to this question is required
  • Review and analyze IT security standards to identify impact and recommendation strategy to meet compliance requirements.
  • Participate in IT DR exercises to include review of IT DR plans, identify IT security requirements/activities.
  • Recommend and provide guidance for inclusion of IT security methodology/practices for COOP.
  • Update and/or develop test scenarios for IT security DR exercises.
  • None of the above.
13 Select the items that describe your experience performing Continuous Monitoring activities to maintain current status of system inventories. Answer to this question is required
  • Develop a fiscal year Continuous Monitoring Plan for information systems, IT security controls for systems at the program or system level.
  • Track agency system inventories and activities for compliance within established repository to include completion of annual reviews and assessments.
  • Load documentation/artifacts in repository containing system inventories.
  • Inform IT Security team of pending events; annual assessments and annual reviews that support continuous monitoring.
  • None of the above.
14 Select the items that best describe your experience communicating in writing technical requirements related to information security. Answer to this question is required
  • Design security system architectures and implement security solutions in accordance with established procedures
  • Analyze and document security architecture to identify vulnerabilities and develop findings and recommendations for mitigating system vulnerabilities
  • Design and prepare technical reports and related documentation for security architecture
  • Document, review, and provide timely and accurate procedural support for the Change Management process, in support of service change requests
  • None of the above
15 Check ALL the types of enterprise- level IT security systems you have configured and deployed. Answer to this question is required
  • Firewalls
  • Intrusion Detection or Prevention Systems (IDS/IPS)
  • Anti-Virus or Malicious Code Protection
  • Disk and Media Encryption
  • Data Loss Prevention (DLP)
  • Virtual Private Networks (VPN)
  • Vulnerability and Compliance Scanning
  • Security Event and Incident Management (SEIM)
  • Application Whitelisting
  • None of the above
16 Select the highest level of involvement that you have had related to Agency or Bureau government data call initiatives: Answer to this question is required
  • Served as the lead staff member who designed and developed data extraction routines, interfaces or queries
  • Served as primary team member routinely running all data call procedures and reporting results
  • Served as backup team member occasionally running all data call procedures and reporting results
  • No verifiable experience in this area
17 Select all the items that describe your experience performing vulnerability assessment and management and penetration testing activities. Answer to this question is required
  • Identify of system and application vulnerabilities to include missing or outdated patches
  • Conduct vulnerability scans and analyze results to present findings and recommendations related to identified weaknesses
  • Develop recommendations to mitigate system and application vulnerabilities based on completed scans
  • Complete dashboards containing pertinent information to brief IT management and staff for vulnerability management program
  • Work with ITD personnel to develop penetration testing documentation for testing of IT security controls
  • None of the above
18 Select all the items that describe your experience with performing risk management activities and presentation of findings and recommendations to mitigate risk. Answer to this question is required
  • Complete comprehensive sensitivity assessments and risk assessments for applications, hardware devices or systems
  • Complete security assessment reports for security authorizations (certification/accreditation) of information systems and applications with clear identification of risk levels, residual risk, and gap analysis
  • Complete Security Testing and Evaluation for security authorizations (certification/accreditation) to present test results, projected outcome, and mitigation strategies
  • Develop recommendations to mitigate identified risk management weaknesses for mitigation
  • None of the above