Security Engineer

Summary This position is located in the Department of Health & Human Services (HHS), Centers for Medicare & Medicaid Services (CMS), Office of Enterprise Data and Analytics(OEDA). As an IT Specialist (Security), referred to here as a Security Engineer, GS-2210-13, you will support the implementation, assessment, authorization, and continuous monitoring of information security controls. Learn more about this agency Duties Serve as an ISSO supporting the implementation and ongoing maintenance of information security controls for assigned OEDA systems. Provide security engineering support for information systems and services operating within CMS-authorized enterprise platforms, including cloud-based and managed service environments. Provide essential support to the Authorizing Official (AO) and Authorizing Official Designated Representative (AODR) in making risk-based authorization decisions. Conduct continuous monitoring activities for assigned systems, including security event logging, vulnerability scanning, and configuration management to ensure ongoing compliance with security requirements and ATO conditions. Requirements Conditions of employment You must be a U.S. Citizen or National to apply for this position. You will be subject to a background and suitability investigation. Required to obtain and maintain COR/COTR certification. Qualifications ALL QUALIFICATION REQUIREMENTS MUST BE MET BY THE CLOSING DATE OF THIS ANNOUNCEMENT. Your resume (limited to no more than 2 pages) must include detailed information as it relates to the responsibilities and specialized experience for this position. Evidence of copying and pasting directly from the vacancy announcement without clearly documenting supplemental information to describe your experience will result in an ineligible rating. This will prevent you from receiving further consideration. There is a BASIC REQUIREMENT AND MINIMUM QUALIFICATION REQUIREMENT for this position. You must meet both requirements. BASIC REQUIREMENT: You must have IT-related experience, at the GS-12 grade level in the federal government, demonstrating each of the four competencies listed: I have IT-related experience, demonstrated by paid or unpaid experience obtained in either the private or public sector and/or completion of specific, intensive training that demonstrates that I possess each of the following four competencies: (1) Attention to Detail - Is thorough when performing work and conscientious about attending to detail. (2) Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. (3) Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. (4) Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND MINIMUM QUALIFICATION: In order to qualify for the GS-13, you must meet the following: You must demonstrate in your resume at least one year (52 weeks) of qualifying specialized experience equivalent to the GS-12 grade level in the Federal government, obtained in either the private or public sector, to include: 1) Implementing and supporting security controls for cloud-based information systems (AWS, Azure, GCP) in accordance with Federal security requirements, including integrating controls into system architecture and development processes; 2) Applying the NIST Risk Management Framework (RMF) to support system authorization activities, including developing and maintaining security documentation such as System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms); 3) Conducting security control assessments, vulnerability analyses, or compliance reviews of information systems to identify risks, and recommending and supporting implementation of remediation actions; AND 4) Supporting continuous monitoring activities, including tracking POA&Ms, reviewing vulnerability scanning results, and coordinating with system owners and technical teams to address security findings and improve system security posture. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills, and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Click the following link to view the occupational questionnaire: https://apply.usastaffing.gov/ViewQuestionnaire/12928093 Education This job does not have an education qualification requirement. Additional information Bargaining Unit Position: Yes-American Federation of Government Employees, Local 1923 Tour of Duty: Flexible Recruitment Incentive: Not Authorized Relocation Incentive: Not Authorized Financial Disclosure: Not Required Workplace Flexibility at CMS: This position has a regular and recurring reporting requirement to the CMS office listed in this announcement. CMS offers flexible working arrangements and allows employees the opportunity to participate in alternative work schedules at the manager's discretion. The Interagency Career Transition Assistance Plan (ICTAP) and Career Transition Assistance Plan (CTAP) provide eligible displaced federal employees with selection priority over other candidates for competitive service vacancies. To be qualified you must submit the required documentation and be rated well-qualified for this vacancy. Click here for a detailed description of the required supporting documents. A well-qualified applicant is one whose knowledge, skills and abilities clearly exceed the minimum qualification requirements of the position. Additional information about ICTAP and CTAP eligibility is on OPM's Career Transition Resources website at www.opm.gov/rif/employee_guides/career_transition.asp. Expand Hide  additional information Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution. Benefits A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits. Review our benefits Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.