IT CYBERSECURITY SPECIALIST (INFOSEC)

Summary This announcement is issued under the Direct Hire Authority (DHA) to recruit for positions for which there is a critical hiring need. Selectee(s) will receive a career or career-conditional appointment in the competitive service and may be required to serve a one-year probationary period. Learn more about this agency Duties Typical work assignments include, but are not limited to: GS-09: Participate in defining elements of project scope, objectives, and success criteria for cybersecurity process and tooling enhancements; contribute to drafting user stories and acceptance criteria. Assist in gathering and documenting functional requirements from customers and partners; capture integration needs for secure, scalable, and automatable cybersecurity solutions. Respond to taskings to establish and maintain communication with internal/external stakeholders (government partners, vendors, researchers) to align on priorities, timelines, risks, and coordinated cybersecurity response activities. Support needs analyses and feasibility studies to identify opportunities for improved cybersecurity business processes and automation aligned with CSD missions. Assist with basic risk analyses and trade-off assessments; help prepare recommendations for cybersecurity control enhancements. Participate in developing and maintaining cybersecurity policies, Standard Operating Procedures (SOPs), programs, and implementation guidelines aligned to CSD subdivision missions. Support development of performance measures and continuous improvement plans that strengthen cybersecurity information sharing, coordinated response, and timely reduction of risk to critical infrastructure. develop and maintain methods to monitor and measure cybersecurity risk, compliance, and assurance activities. GS-11: Contribute to and coordinate segments of projects that improve cybersecurity vulnerability intake, triage, disclosure workflows, and public notifications, in support of CSD's Vulnerability Management and CVD missions. Independently develop and evaluate portions of cost estimates and design alternatives for cybersecurity process and tooling enhancements, including automation; provide advice to project leads on design concepts and changes. Conduct needs analyses to identify and recommend new or improved cybersecurity business process solutions; document user stories, acceptance criteria, and integration requirements for secure, scalable, and automatable outcomes. Perform risk analyses and feasibility studies for cybersecurity solutions; draft functional requirements and specifications aligned to CSD subdivision mission objectives and applicable directives. Draft and maintain cybersecurity policies, SOPs, programs, and implementation guidance; collaborate with stakeholders to review and improve existing and proposed policies for clarity, consistency, and mission alignment. Define and track performance measures; recommend continuous improvement actions that enhance cybersecurity information sharing and risk reduction across critical infrastructure. Develop and apply methods to monitor and measure cybersecurity risk, compliance, and assurance activities; assess security impacts of system/process changes and recommend control enhancements. GS-12: Lead definition of project scope, objectives, and success criteria for complex initiatives that improve cybersecurity vulnerability intake, triage, coordinated vulnerability disclosure workflows, and public notifications. Provide authoritative advice on project costs, design concepts, and design changes; develop and evaluate comprehensive cost estimates and design alternatives for cybersecurity process and tooling enhancements, including automation and orchestration. Establish and maintain effective communication channels with internal CSD subdivisions and external stakeholders (government partners, vendors, researchers) to drive coordinated cybersecurity response activities. Lead needs analyses, trade-off analyses, and feasibility studies to develop, document, and refine functional requirements and specifications for secure, scalable, and automatable cybersecurity solutions that advance CSD missions. Consult with customers and partners to elicit and validate functional requirements; oversee documentation of user stories, acceptance criteria, and integration needs across systems and services. Develop, implement, and maintain cybersecurity policies, programs, SOPs, and implementation guidelines; ensure alignment with CSD subdivision mission objectives and applicable directives, standards, and governance. Chair or facilitate cross-functional working groups to develop and evaluate existing and proposed policies, ensuring clarity, consistency, and alignment with CSD's cybersecurity mission. Define, implement, and report on performance measures and continuous improvement plans that strengthen cybersecurity information sharing, operational collaboration, coordinated response, and the timely reduction of risk to critical infrastructure. Design and oversee methods to monitor and measure cybersecurity risk, compliance, and assurance activities; assess and approve security impacts of system/process changes and prescribe control enhancements. Requirements Conditions of employment You must be a U.S. citizen. Selective Service - Males born after 12/31/59 must be registered or exempt from Selective Service, see http://www.sss.gov/ All Federal employees are required to participate in Direct Deposit/Electronic Funds Transfer for salary payments. DHS uses E-Verify, an Internet-based system, to confirm the eligibility of all newly hired employees to work in the United States. Learn more about E-Verify, including your rights and responsibilities. You must be able to obtain and maintain a security clearance suitable for Federal employment as determined by a background investigation. This may include a credit check, a review of financial issues, as well as certain criminal offenses and illegal use or possession of drugs. One-year probationary period may be required. This position may be designated as essential personnel. Essential personnel must be able to serve during continuity of operation events without regard to declarations of liberal leave or government closures due to weather, protests, and acts of terrorism or lack of funding. Failure to report for or remain in this position may result in disciplinary or adverse action in accordance with applicable laws, rules, and regulations (5 U.S.C. 7501-7533 and 5 CFR Part 752, as applicable). This position has been identified as a drug testing designated position (TDP) for purposes of the CISA's Drug-Free Workplace Program. All applicants tentatively selected for this position will be required to submit to a drug test to screen for illicit/illegal drug use prior to receiving a final offer of employment. A final offer of employment is contingent upon a negative drug test result. After appointment, you may be subject to periodic random drug testing. Qualifications Do NOT copy and paste the duties, specialized experience, or occupational assessment questionnaire from this announcement into your resume as that will not be considered a demonstration of your qualifications for this position. Your resume must describe your work and experience, in your own words. To be considered minimally qualified for this position, you must demonstrate that you have the required education or competencies and experience for the respective grade level in which you are applying: EDUCATION: Degree in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems, or networks. All academic degrees and coursework must be from accredited or pre-accredited institutions. A transcript must be submitted with your application if you are basing your qualifications on education. Applications submitted without this information may not be considered. You qualify at the GS-09 grade level, if you have: Master's degree or equivalent graduate degree or two (2) full years of progressively higher-level graduate education leading to a master's degree or equivalent graduate degree. You qualify at the GS-11 grade level, if you have: Ph.D. or equivalent doctoral degree or three (3) full years of progressively higher-level graduate education leading to a Ph.D. or equivalent doctoral degree. OR REQUIRED COMPETENCIES: Experience must be Information Technology (IT)-related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. You must have IT-related experience demonstrating each of the required competencies listed below: You qualify at the GS-09 grade level, if you have: Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations Reasoning - Identifies rules, principles, or relationships that explain facts, data, or other information; analyzes information and makes correct inferences or draws accurate conclusions. Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals. You qualify at the GS-11 grade level, if you have: Attention to Detail Customer Service Interpersonal Skills Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Teamwork Technical Competence - Uses knowledge that is acquired through formal training or on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues. You qualify at the GS-12, if you have: Attention to Detail Customer Service Decision Making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals; causes change. Information Management - Identifies a need for and knows where or how to gather information; organizes and maintains information or information management systems. Interpersonal Skills Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving Teamwork Technical Competence AND SPECIALIZED EXPERIENCE: In addition to meeting the qualification requirement listed above, you must have at least one year of specialized experience at the next lower GS-grade level (or equivalent). Specialized experience is experience that has equipped you with the particular competencies/knowledge, skills, and abilities to successfully perform the duties of the position and is typically in or related to the work of the position to be filled. Such experience is typically gained in the IT field or through the performance of work where the primary concern is IT. GS-09 You qualify at the GS-09 grade level if you have at least one (1) year of specialized experience at the GS-07 grade level (or equivalent) performing at least two the following duties: Assisting with providing ongoing problem-solving support of information systems; or Providing support to ensure compliance of automated information system security protocols; or Assisting with conducting risk assessments of installed information systems to identify protection needs of activities; or Assisting with assessments of new system designs methodologies to improve software quality GS-11 You qualify at the GS-11 grade level if you have at least one (1) year of specialized experience at the GS-09 grade level (or equivalent) performing at least two the following duties: Assessing new system design methodologies to improve software quality; or Conducting risk assessments of installed information systems to identify protection needs of activities; or Ensuring integration of security protocols and risk management considerations throughout the IT system engineering life cycle including planning, design, development, test, and integration; or Ensuring continuous improvement efforts are considered and built into the program, including development and refinement of IT/cyber security policies and procedures and associated guidance documents GS-12 You qualify at the GS-12 grade level if you have at least one (1) year of specialized experience at the GS-11 grade level (or equivalent) performing at least three of the following duties: Controlling authorization level for all personnel requiring user access to automated information systems; or Evaluating the security impact of system changes to existing or proposed computerized systems; or Conducting studies of new automated information systems equipment to prepare effective security procedures; or Ensuring compliance of automated information system security protocols and procedures; or Supporting IT/cyber risk management to include risk identification, response plan, and mitigation strategies for project level risk. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. All qualification requirements must be met by the closing date of this announcement. Education No Educational Substitution: There is no substitution of education for experience at the GS-12 grade level. You must meet the qualifications listed in the "Requirements" section of this announcement. If you are relying on your education to meet qualification requirements, you MUST submit a copy of your transcripts if you want to substitute your education for experience. Unofficial transcripts will be accepted that includes your name, the name of the educational institution, course title(s), number of credits, grade, and date of completion. An official transcript will be required if you are selected. Education must be from an accredited institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education. Graduate Education: One academic year of graduate education is the number of credits hours your graduate school has determined to represent one academic year of full-time study. Such study may have been performed on a full-time or part-time basis. If you cannot obtain your graduate school's definition of one year of graduate study, 18 semester hours (or 27 quarter hours) should be considered as satisfying the requirement for one year of full-time graduate study. Foreign Education: Education completed in foreign colleges or universities may be used to meet the qualification requirements. You must show the education credentials have been evaluated by a private U.S. organization that specializes in interpretation of foreign educational credentials and such education has been deemed equivalent to that gained in an accredited U.S. education program. It is your responsibility to provide such evidence with your application. See Recognition of Foreign Qualifications for more information. Additional information Other incentives may be authorized. If you receive a conditional offer of employment for this position, you will be required to complete an Optional Form 306, Declaration for Federal Employment, and to sign and certify the accuracy of all information in your application, prior to entry on duty. False statements on any part of the application may result in withdrawal of offer of employment, dismissal after beginning work, fine, or imprisonment. Additional vacancies may be filled with this announcement. A one-year probationary period may be required during which we will evaluate your fitness and whether your continued employment advances the public interest. We may consider your performance and conduct, the needs and interests of the agency, whether your continued employment would advance organizational goals of the agency or the Government, and whether your continued employment would advance the efficiency of the Federal service. Upon completion of your probationary period your employment will be terminated unless you receive certification, in writing, that your continued employment advances the public interest. If selected below the full performance level, you may be noncompetitively promoted to the next higher grade level after meeting all regulatory requirements, and upon the recommendation of management. Promotion is neither implied nor guaranteed. Reasonable Accommodation (RA) Requests: If you believe you have a disability (i.e., physical or mental), covered by the Rehabilitation Act of 1973 as amended that would interfere with completing the USA Hire Competency Based Assessments, you will be granted the opportunity to request a RA in your online application. Requests for RA for the USA Hire Competency Based Assessments and appropriate supporting documentation for RA must be received prior to starting the USA Hire Competency Based Assessments. Decisions on requests for RA are made on a case-by-case basis. If you meet the minimum qualifications of the position, after notification of the adjudication of your request, you will receive an email invitation to complete the USA Hire Competency Based Assessments, based on your adjudication decision. You must complete all assessments within 48 hours of receiving the URL to access the USA Hire Competency Based Assessments, if you received the link after the close of the announcement. To determine if you need a RA, please review the Procedures for Requesting a Reasonable Accommodation for Online Assessments. Current or Former Political Appointees: The Office of Personnel Management (OPM) must authorize employment offers made to current or former political appointees. If you are currently, or have been within the last 5 years, a political Schedule A, Schedule C, Non-career SES or Presidential Appointee employee in the Executive Branch, you must disclose this information to the Human Resources Office. Expand Hide  additional information Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution. Benefits A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits. Review our benefits Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.