Skip to main content

Vacancy Details

Grade: 13

No questions specified.

Grade: All Grades

REMINDER: In addition to this questionnaire, you must also submit all information/documents applicable to you as described under "Required Documents." Please read the vacancy announcement carefully. If all the required information is not submitted, you will be found ineligible for this position.
1 Are you currently serving or have served in the last five years in a Political Appointment in the Federal Government? Answer to this question is required
  • Yes
    1.1 Please list the title, agency, and dates of this appointment. Please note you will be required to meet OPM Approval of your appointment if selected. Maximum length of 250 characters.
  • No
2 I certify that, to the best of my knowledge and belief, all of the information on and attached to this application is true, correct, complete, and made in good faith. I understand that false or fraudulent information on or attached to this application may be grounds for not hiring me or for firing me after I begin work and may be punishable by fine or imprisonment. I understand that any information I give may be investigated. Answer to this question is required
  • Yes
  • No
For the GS-13, you must have one year of specialized experience at a level of difficulty and responsibility at the GS-12 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position is defined as experience developing policy, standards, and processes that provide for the efficient and secure operation of agency information technology (IT) systems.
3

Select the choice that best describes your specialized experience:

Answer to this question is required
  • I have one full year or more of specialized experience equivalent in responsibility and scope to the GS-12 level as described above.
  • I do not have one full year of specialized experience equivalent to the definition as described above.
4

Please specify where this experience is documented in your resume by indicating place of employment, job title and length of time performing the duties. We must be able to verify this experience in your resume in order for you to receive credit.

Maximum length of 250 characters. Answer to this question is required

For all positions, individuals must have IT-related experience demonstrating each of the four competencies listed below.

Attention to Detail, such as assessing risks to and vulnerabilities within IT systems and devising and implementing control techniques to insure improved security.

Customer Service, such as working with customers to ensure security requirements are addressed.

Oral Communication, such as furnishing technical assistance and advice to co-workers and customers.

Problem Solving, such as assessing security events to determine cause and impact, and develops and implements corrective actions.

5

Do you possess all four competencies listed above in your IT related experience?
 

Answer to this question is required
  • Yes
  • No
6

Select all the security laws, federal mandates and standards that you have used as part of either performing or supporting IT security compliance activities.
 

Answer to this question is required
  • Federal Information Security Management Act of 2002
  • E-Government Act of 2002
  • Payment Card Industry Data Security Standards
  • National Institute of Standards and Technology (NIST) Special Publications (SP)
  • Federal Information Processing Standards
  • OMB Circulars A-123, and A-130
  • Homeland Security Presidential Directives HSPD-7 and HSPD-12
  • SANS Top 20
  • OWASP Top 10
  • None of the above
7

Select all the items that describe your experience with developing, compiling, and reviewing the following security documentation that supports certification and accreditation for information systems.

Answer to this question is required
  • System Security Plan
  • Contingency Plan and/or Disaster Recovery
  • Risk Assessment
  • Security Assessment Report
  • Security Test and Evaluation Plan
  • Security Authorization Memorandums
  • Plans of Action of Milestones (POAMs)
  • Continuous Monitoring Plans
  • None of the above
8

Select all the items that describe the security tools you have used to support IT security compliance activities to include management of security assessments and authorization documentation, vulnerability management and penetration testing activities.

Answer to this question is required
  • Trusted Agent FISMA (TAF)
  • Tenable Nessus
  • Nmap/Zenmap
  • Splunk
  • Wireshark
  • VMware (Player, Workstation or Server)
  • None of the above
9

Have you utilized a packet capture analysis tool to find web site URLs visited by a user, including whether the site visit was a referral or directly entered into the browser.

Answer to this question is required
  • Yes
  • No
10

Please specify where this experience is documented in your resume by indicating place of employment, job title and length of time performing the duties. We must be able to verify this experience in your resume in order for you to receive credit.

Maximum length of 250 characters. Answer to this question is required
11

Select all the items that describe your experience for communicating technical and non-technical requirements.

Answer to this question is required
  • Develop MS Powerpoint presentation to identify technical and non-technical IT security requirements for projects.
  • Develop dashboards that display bar charts, pie charts, and percentages for completion and/or completion of protections.
  • Develop strategic plans, enforcement plans, and reports with findings and recommendations that identify IT roles and responsibilities for specified projects.
  • Develop narrative responses to include IT security functional requirements, test scripts, gap analysis for security analysis.
  • None of the above
12

Select all the choices that you have experience using a packet capture analysis tool to isolate traffic streams.

Answer to this question is required
  • Protocol.
  • IP address.
  • Time.
  • Other filters.
  • None of the above.
13

Do you have experience using a packet capture analysis tool to reconstruct unencrypted network traffic to isolate and extract the following?

Answer to this question is required
  • Email.
  • Whole web sites.
  • Binary or other files.
  • Images and videos.
  • None of the above.
14

Select the items that describe your experience conducting and analyzing IT security standards and regulatory requirements and support for IT disaster recovery (DR) and continuity of operations planning (COOP) for the following.

Answer to this question is required
  • Review and analyze IT security standards to identify impact and recommendation strategy to meet compliance requirements.
  • Participate in IT DR exercises to include review of IT DR plans, identify IT security requirements/activities.
  • Recommend and provide guidance for inclusion of IT security methodology/practices for COOP.
  • Update and/or develop test scenarios for IT security DR exercises.
  • None of the above.
15

Select the items that describe your experience performing Continuous Monitoring activities to maintain current status of system inventories.

Answer to this question is required
  • Develop a fiscal year Continuous Monitoring Plan for information systems, IT security controls for systems at the program or system level.
  • Track agency system inventories and activities for compliance within established repository to include completion of annual reviews and assessments.
  • Load documentation/artifacts in repository containing system inventories.
  • Inform IT Security team of pending events; annual assessments and annual reviews that support continuous monitoring.
  • None of the above
16

Select all the items that describe your experience performing tasks relating to execution of IT security compliance principles in support of compiling artifacts in response to A-123 and A-130 audits, continuous monitoring of information system with completion of network and/or system account reviews to perform the following tasks.

Answer to this question is required
  • Research, gather and provide artifacts for audit request.
  • Develop project plans for completion of IT security projects and activities for completion of security assessments of security controls for proposed and modified applications and information systems.
  • Conduct network account reviews to identify access privileges and status of account access (disabled accounts, inactive accounts for certified and accredited information systems.
  • Conduct site surveys for IT Compliance in accordance with (NIST)National Institute of Standards and Technology standards to develop reports with findings and recommendations
  • None of the above
17

Select the items that best describe your experience performing analysis and technical support for security controls.

Answer to this question is required
  • Evaluate the security impact of system(s) changes, including interfaces with other automated systems.
  • Oversee firewall, web gateway, advanced threat detection, security incident and event management system, and intrusion detection system management.
  • Review enterprise security access management controls.
  • Provide information security analysis and technical support for security controls in integrated project teams through the system development life cycle.
  • None of the above
18

Select the items that best describe your experience communicating in writing technical requirements related to information security.

Answer to this question is required
  • Design security system architectures and implement security solutions in accordance with established procedures.
  • Analyze and document security architecture to identify vulnerabilities and develop findings and recommendations for mitigating system vulnerabilities.
  • Design and prepare technical reports and related documentation for security architecture.
  • Document, review, and provide timely and accurate procedural support for the Change Management process, in support of service change requests.
  • None of the above.
19

Check ALL the types of enterprise- level IT security systems you have configured and deployed.

Answer to this question is required
  • Firewalls
  • Intrusion Detection or Prevention Systems (IDS/IPS)
  • Anti-Virus or Malicious Code Protection
  • Disk and Media Encryption
  • Data Loss Prevention (DLP)
  • Virtual Private Networks (VPN)
  • Vulnerability and Compliance Scanning
  • Security Event and Incident Management (SEIM)
  • Application Whitelisting
  • None of the above
20

Select the highest level of involvement that you have had related to Agency or Bureau government data call initiatives:

Answer to this question is required
  • Served as the lead staff member who designed and developed data extraction routines, interfaces or queries.
  • Served as primary team member routinely running all data call procedures and reporting results
  • Served as backup team member occasionally running all data call procedures and reporting results
  • No verifiable experience in this area
21

Select all the items that describe your experience performing vulnerability assessment and management and penetration testing activities.

Answer to this question is required
  • Identify of system and application vulnerabilities to include missing or outdated patches.
  • Conduct vulnerability scans and analyze results to present findings and recommendations related to identified weaknesses.
  • Develop recommendations to mitigate system and application vulnerabilities based on completed scans.
  • Complete dashboards containing pertinent information to brief IT management and staff for vulnerability management program.
  • Work with ITD personnel to develop penetration testing documentation for testing of IT security controls.
  • None of the above
22

Select all the items that describe your experience with performing risk management activities and presentation of findings and recommendations to mitigate risk.

Answer to this question is required
  • Complete comprehensive sensitivity assessments and risk assessments for applications, hardware devices or systems.
  • Complete security assessment reports for security authorizations (certification/accreditation) of information systems and applications with clear identification of risk levels, residual risk, and gap analysis.
  • Complete Security Testing and Evaluation for security authorizations (certification/accreditation) to present test results, projected outcome, and mitigation strategies
  • Develop recommendations to mitigate identified risk management weaknesses for mitigation
  • None of the above