Public Notice for Information Technology Cybersecurity Specialist (Direct Hire)

Qualifications Reference: EMP-1.7 & OPM General Schedule Qualification Standards. U.S. Office of Personnel Management Information Technology (IT) Management Series, 2210 (Alternative A): https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/2200/information-technology-it-management-series-2210-alternative-a/

FV-G through K (or equivalent): For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled.

1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

3. Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendation.

FV-G. Applicants must demonstrate in your application that you have IT-related experience demonstrating each of the four competencies listed below. The experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. OR Education: Successful completion of a Bachelor Degree from an accredited college or university in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or a degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.

FV-H. To qualify for this position you must demonstrate in your application that you possess at least one year (52 weeks) of specialized experience equivalent to FV-G, FG/GS-5-9. Specialized experience is experience that has equipped you with the particular knowledge, skills, and abilities to perform successfully the duties of the position. Specialized experience may include but not limited to: experience developing/maintaining IT security documentation in accordance with National Institute of Standards and Technology; participating in the implementation/dissemination of IT security tools and procedures sufficient to develop, implement, and coordinate activities designed to ensure, protect, and restore IT systems and services; OR Education; Ph.D. or equivalent doctoral degree or 3 full years of progressively higher level graduate education leading to a Ph.D. or equivalent doctoral degree.

FV-I. To qualify for this position, you must demonstrate in your application that you possess at least one year (52 weeks) of specialized experience equivalent to FV-H (FG/GS10-12). Specialized experience is experience that has equipped you with the particular knowledge, skills, and abilities to perform successfully the duties of the position. Specialized experience may include but is not limited to: Experience with aviation ecosystem cybersecurity to include identifying, assessing, and analyzing cyber threats and vulnerabilities, and recommending corrective action for reducing cyber risks and improving risk mitigation strategies for NAS systems; providing technical support processes and procedures for the management/protection of personally identifiable information (e.g., transmission, storage and management) in information systems; providing support for development of cybersecurity policies and procedures and acquisition tasks, evaluate security authorization packages to make recommendations for authorization.

FV-J. To qualify for this position, you must demonstrate in your application that you possess at least one year (52 weeks) of specialized experience equivalent to FV-I (FG/GS-13) level. Specialized experience is experience that has equipped you with the particular knowledge, skills, and abilities to perform successfully the duties of the position. Specialized Experience: may include but is not limited to: management of ISS projects that require extensive knowledge of IT hardware/software technology; experience preparing ISS systems documentation for certification/accreditation in accordance with FISMA, FedRAMP, and/or other Federal IS guidelines or regulations; providing technical guidance and interpretation of IT cybersecurity policies, processes and procedures and privacy guidance for the management of personally identifiable information received, transmitted, and stored in information systems; leading the development of system security plans, procedures, privacy threshold assessments, and contingency planning; experience monitoring and evaluating system compliance with IT security requirements; and conducting audits/assessments of NAS information systems.

FV-K. To qualify for this position you must demonstrate in your application that you possess at least one year (52 weeks) of specialized experience equivalent to FV-J (FG/GS-14) level. Specialized experience is experience that has equipped you with the particular knowledge, skills, and abilities to perform successfully the duties of the position. Specialized experience may include but is not limited to: providing leadership or guidance/consulting in the areas of Cybersecurity Integration, Outreach and Planning across various environments e.g., facilities or system operations; serving as the principle entity for an organization or line of business/staff office for security outreach activities; developing common messaging and guidance for awareness to stakeholders; briefs security authorization stakeholders and executives; overseeing projects concerned with the development of security plans, policy and procedures, privacy threshold assessments, and contingency planning to support system implementation, authorization and continuous monitoring; and experience in applying knowledge of security standards, best practices and NAS system architectures to ensure that cybersecurity is integrated into every aspect of the NAS lifecycle (e.g. research and development through acquisition through implementation and operations through decommissioning).

Selective Placement Factors: Some positions at FV-H and above may require one or more of industry-recognized cybersecurity certifications e.g., ISACA Certified Information Systems Auditor (CISA); (ISC)2 Certified Information Systems Security Professional (CISSP); (ISC)2 Certified Cloud Security Professional (CCSP); (ISC)2 Certified Authorization Professional (CAP); ISACA Certified Information Security Manager (CISM); ISACA Certified in Risk and Information Systems Control (CRISC); Global Information Assurance Certification Penetration Tester (GIAC-GPEN); Global Information Assurance Certification Exploit Researcher and Advanced Penetration Tester (GXPN); Global Information Assurance Certification Web Application Penetration Tester (GWAPT); and EC Council Certified Penetration Testing Professional (CPENT). Please indicate possession of certifications in your application.