Skip Navigation

Vacancy Questions Preview

Vacancy Questions Preview

Grade: 12
GS-12

Specialized experience is one year of experience at the GS-11 level or equivalent in other public or private sectors, that is directly related to the position and which has equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position must include performing, planning, and analyzing all security related artifacts (system security plans, security test and evaluation, contingency plans, etc.) in accordance with NIST 800-53 standards in order to ensure IT systems are secure This level of work experience would reflect independence in planning and carrying out the assignment, selecting the approach or methodology to be used, resolving most of the conflicts that arise, and coordinating the work with others as necessary.

* 1.Do you have one year of specialized experience equivalent to the GS-11 level as described above?
  1. Yes
  2. No


* 2.Choose the statement(s) that describe your experience in information security.
  1. Conducted risk/vulnerability assessments for planned, and/or installed, information systems
  2. Developed computer security policies and procedures
  3. Conducted information system security evaluations, audits, and reviews
  4. Developed and implemented disaster recovery plans
  5. None of the above


* 3.Select all of the following that you feel proficient in knowledge of the following concepts as each applies to cyber/information security technologies.
  1. Identification and Authentication
  2. Cryptography
  3. Access Controls
  4. Continuous Monitoring
  5. Firewalls
  6. Intrusion Detection/Prevention Systems
  7. Virtual Private Networks
  8. Vulnerability Assessments
  9. None of the above


Grade: 13
GS-13

One year of experience at the GS-12 level or equivalent in other public or private sectors, that is directly related to the position and which has equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position must include experience: -overseeing and analyzing all security related artifacts (system security plans, security test and evaluation, contingency plans, etc.) in accordance with NIST 800-53 standards in order to ensure IT systems are secure; and -analyzing security policies and procedures to develop approaches that address novel or obscure security architectures for which guidelines or precedents were not substantially applicable. This level of work experience would reflect latitude for the exercise of independent judgment to perform and lead the execution of the marked difficulty and responsibility.

* 1.Do you have at least one year of specialized experience equivalent to the GS-12 level as described above?
  1. Yes
  2. No


* 2.Choose the statements that describe your experience in IT policy management and compliance.
  1. Conducted compliance audits and reviews
  2. Developed infrastructure and architecture to support policy
  3. Wrote policy
  4. Monitored Web activity for policy compliance
  5. Acted on policy violations
  6. Implemented IT policy
  7. Waived IT policy requirements
  8. Reported on compliance
  9. None of the above


* 3.I have knowledge of the following laws, regulations, etc., to serve as a technical expert on information matters:
  1. Federal Information Security Management Act
  2. Privacy Act (PA)
  3. Federal Advisory Committee Act
  4. The Federal Records Act, as amended
  5. General Services Administration Regulations
  6. The Information Technology Management Reform Act
  7. The Office of Management and Budget Circular A-130, Management of Federal Information Resources
  8. Government Accountability Office Records Management Guidance for Federal Agencies
  9. Freedom of Information Act (FOIA)
  10. None of the above


* 4.Which of the following information security related tasks have you performed as part of your job?
  1. Prioritized and scheduled organizations to be evaluated for security
  2. Developed security assessment criteria
  3. Developed long range security plans for systems
  4. Planned and conducted systems security evaluations, audits, and reviews
  5. Provided technical advice and leadership on security aspects of network and systems design to ensure implementation of appropriate systems security and policies
  6. None of the Above


* 5.Which of the following types of documents have you written? (Select all that apply)
  1. Talking points
  2. Congressional inquiry responses
  3. Correspondence
  4. Technical reports
  5. Service level agreements
  6. Standard operating procedures
  7. Directives
  8. Federal register notices
  9. Regulatory / statutory material
  10. Policy guidance
  11. Congressional testimony
  12. Analyses of proposed policy, legislative or management initiatives
  13. Option papers / decision memos
  14. Publications
  15. Books
  16. Academic papers
  17. Newspapers or magazine articles
  18. Research papers
  19. Strategic plans
  20. Budget or financial plans
  21. Performance measures
  22. None of the above


* 6.Which of the following best describes your experience communicating verbally?
  1. I have regularly served as a representative in dealing with managers and employees. This included acquiring, clarifying or exchanging facts and information needed to complete assignments.
  2. I have regularly justified, persuaded, negotiated, and/or resolved matters involving significant or controversial policy or program issues. This included communicating effectively with a full range of internal and external individuals or groups (representatives from Agency, Department, other Federal Agencies, industry leaders, congressional staffs, and officials of foreign governments).
  3. I have regularly conducted discussions and/or participated in workgroups as a program representative in which the purpose was to influence, motivate, and/or persuade persons or groups. This included using communication skills to approach individuals or groups who are skeptical or in disagreement in order to obtain the desired effect, e.g. gaining compliance with an established policy or regulation.
  4. I have regularly served as a program representative and participated in discussions in which the purpose was to plan, coordinate, or consult on work efforts or to resolve specific business problems. This included influencing or motivating individuals or groups who are working toward mutual goals and who have basically cooperative attitudes.
  5. None of the above.


Grade: All Grades
* 1.Which of the following statements best describes your experience in the certification and accreditation process?
  1. I have coordinated, assembled, and submitted an accreditation package.
  2. I have written a document that was included in an accreditation package.
  3. I have reviewed an accreditation package.
  4. I have no experience in certification and accreditation.


* 2.Are you a Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), or do you hold an equivalent certification?
  1. I hold a CISSP certification.
  2. I hold an equivalent security certification.
  3. I hole a CAP certification.
  4. I hold another technical certification.
  5. I do not hold a CISSP or equivalent certification.


* 3.Select from the following which you have had experience in testing. (Select all that apply)
  1. System Security Plans
  2. Security Test and Evaluations
  3. Contingency Plans
  4. None of the above


* 4.Which of the following statements best describes your ability to perform risk benefit analysis?
  1. I have experience with projects that required an understand of complex system requirements, balance them against a personal understanding of security risks, and develop pro and con arguments in support of risk based decisions.
  2. I have experience researching system requirements and risks using publicly available search tools and developing pro and con arguments in support of risk based decisions.
  3. I have experience working on a team to collaboratively develop risk based decisions.
  4. None of the above.


* 5.I have implemented or evaluated the security controls related to the following functional areas. (Select all that apply)
  1. Certification and Accreditation
  2. Configuration Management
  3. Security Incident Management
  4. Security Training
  5. Remediation/Plans of Actions and Milestones
  6. Remote Access
  7. Identity Management
  8. Continuous Monitoring
  9. Contractor Oversight
  10. Contingency Planning
  11. None of the above


* 6.Which of the following describes your network security understanding or experience:
  1. I have actively configured and administered in transport and/or security devices.
  2. I have an understanding of how transport and/or security devices are configured and their role within a network.
  3. I have a basic understanding of the role/purpose transport and/or security devices within a given network and the protections they afford.
  4. I have no system administration, systems engineering or network engineering experience.


* 7.Do you have any experience reviewing regulations, standards, and mandates underling the requirements of securing a Federal Information Techonology system?
  1. Yes
  2. No


* 8.Choose all of the Information security authorities, regulations with which you are very familiar.
  1. National Institute of Standards & Technology
  2. Federal Information Systems Security Act
  3. Public Law
  4. Presidential Directives
  5. Committee on National Security Systems instructions
  6. Intelligence Community Directives
  7. None of the above


* 9.Which of the following best describes your experience with Federal information security requirements:
  1. I can use Federal information security requirements to design a new system.
  2. I can evaluate the validity of a system’s proposed design against Federal information security requirements.
  3. I can use Federal information security requirements to assess an existing system.
  4. I have class work experience with Federal information security requirements.
  5. I have reading knowledge of Federal information security requirements.
  6. I have no experience with the Federal Security requirements.


* 10.Which of the following best reflects your experience with information security reporting requirements for the Federal Information Security Management Act (FISMA)?
  1. I have had experience providing input for the reports.
  2. I have had experience preparing the reports.
  3. I have had experience preparing and briefing on the reports.
  4. I have had responsibility for submitting the reports and for addressing any questions.
  5. None of the above.


* 11.From the list below, select the information security documents you have created (or provided written input).
  1. Security plan
  2. Incident response plan
  3. Plan of actions and milestones
  4. Response to audit/findings
  5. Risk assessments
  6. Disaster recovery plan
  7. None of the above


* 12.Choose all examples that match your experience in preparing written material.
  1. I have written analytical reports for internal audiences.
  2. I have written analytical reports for external audiences.
  3. I have written briefing material on policies and procedures for a broad internal audience.
  4. I have written briefing material on policies and procedures for a broad external audience.
  5. I have written to defend a position and persuade a skeptical audience.
  6. I have prepared and presented issue papers and/or briefings to program personnel, subject-matter groups and/or management officials at all levels.
  7. I have reviewed and edited reports for accuracy, grammar, adherence to policy, organization of material, clarity of expression, and appropriateness for intended audiences.
  8. None of the above.


* 13.In which of the following events have you communicated verbally or made oral presentations?
  1. Speeches
  2. Conferences
  3. Meetings
  4. One-on-one discussions
  5. Telephone inquiries
  6. Training
  7. Technical assistance
  8. Interviews
  9. Executive briefings
  10. Technical briefings
  11. None of the above






This is a Federal job application system. Providing false information, creating fake IDs, or failing to answer all questions truthfully and completely may be grounds for not hiring, for disbarment from Federal employment, or for dismissal after the applicant begins work. Falsifying a Federal job application, attempting to violate the privacy of others, or attempting to compromise the operation of this system may be punishable by fine or imprisonment (US Code, Title 18, section 1001).