About this role
Job SummarySee below for important information regarding this job. Position will be filled at any of the locations listed below. Site specific salary information as follows: Battle Creek, MI: $89,508 - $ 116,362 Columbus, OH: $93,400 - $121,422 Dayton, OH: $92,841- $120,696 Fort Belvoir, VA: $102,415- $133,142 New Cumberland, PA: $102,415- $133,142 Ogden, UT: $89,508 - $ 116,362 Philadelphia, PA: $98,630- $128,221 Richmond, VA: $93,499- $121,551
QualificationsTo qualify for an IT Specialist (INFOSEC), your resume and supporting documentation must include: A. Specialized Experience: One year of specialized experience that equipped you with the particular competencies to successfully perform the duties of the position, and is directly in or related to this position. To qualify at the GS-12 level, applicants must possess one year of specialized experience equivalent to the GS-11 level or equivalent under other pay systems in the Federal service, military or private sector. Applicants must meet eligibility requirements including time-in-grade (General Schedule (GS) positions only), time-after-competitive appointment, minimum qualifications, and any other regulatory requirements by the cut-off/closing date of the announcement. Creditable specialized experience includes: Serves as a Subject Matter Expert (SME) in developing and maintaining critical Cyber Security documentation artifacts in support of Audit Compliance, Cyber Inspection, RMF, eMASS, and A&A compliance requirements. Identifies and develops specifications, recommendations, checklists and reporting procedures to assist technical staff in meeting IT security requirements at the application and server level and assists with Plan of Action and Milestones (POAM) development and reporting for NIPRNet and SIPRNet environments. Serves as liaison in working with Cyber Security staff and performs risk analysis of IT security posture, to include vulnerability assessments, reporting of security patches/updates and recommended implementation of corrective or preventive actions, mitigations and remediation. Performs risk analysis of IT security posture, to include vulnerability assessments, reporting of security remediation. B. Education Substitution: Applicants may not qualify for this position based on education in lieu of specialized experience Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
Major DutiesServes as a Subject Matter Expert (SME) for DLA's NIPRNet and SIPRNet enclaves, supporting vulnerability management and cyber compliance for all assigned software, hardware, servers, and end-user devicesSupports Technology Foundation Services (TFS) in developing, maintaining, and updating cyber compliance documentation to include Risk Management Framework (RMF) and Assessment and Authorization (AandA) artifacts.Responsible for Technology Foundation Services (TFS) activities surrounding audit readiness and incorporation of Cybersecurity policies and initiatives instituted by J6, DLA and DoD.Supports DLA Cyber Operational Readiness Assessment (CORA) preparations, to include repeatable processes surrounding the ongoing identification, remediation and reporting of non-compliant NIPRNet and SIPRNet IT assets.Responsible for validation of compliance with established security configurations leveraging defined baselines such as Security Technical Implementation Guides (STIGs) compliancy for TFS managed hardware and software assets.Responsible for ensuring Cyber compliancy for software applications, storage, servers and end-user devices in DLA's NIPRNet and SIPRNet enclaves.Develops and maintains detailed reports and dashboards to communicate vulnerability status, remediation progress, and overall security posture to leadership.Validates system compliance with Cyber security configuration baselines using automated and manual checks.