This position is with the Office of Information Technology, Division of Information Security. The purpose of this position is to plan, develop, organize, coordinate, and manage information technology security incident response activities. The incumbent reports to the Supervisory I/T Specialist or designee.
To qualify for this position, your resume must state sufficient experience and/or education, to perform the duties of the specific position for which you are applying. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; social). You will receive credit for all qualifying experience, including volunteer and part time experience. You must clearly identify the duties and responsibilities in each position held and the total number of hours per week. BASIC REQUIREMENTS Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. In addition to the Basic Requirements, you must also meet the Minimum Qualifications stated below. MINIMUM QUALIFICATIONS GS-13: One (1) year of specialized experience equivalent to at least the GS-12 grade level. Your resume must demonstrate at least one (1) year of specialized experience equivalent to at least the next lower grade level in the Federal service obtained in either the private or public sector performing the following type of work and/or tasks: Experience evaluating, developing and implementing cybersecurity policies, standard operating procedures, and guidelines based on National Institute of Standards and Technology (NIST) acceptable practices/standards. Experience capturing and analyzing network traffic, network signature development, network behavioral analysis, and conducting log analysis and anomaly detection for incident response. Experience conducting threat hunting and incident response capabilities and detection gap-analysis to identify courses of action for national mission capability enhancements. Experience correlating incident data to identify exploited vulnerabilities or system weaknesses and make recommendations that enable expeditious remediation. NOTE: You must meet all examples of specialized experience listed above. SELECTIVE FACTOR A selective factor is a competency/knowledge, skill, ability (KSA) or special qualification without which a candidate could not perform the duties of this position in a satisfactory manner. There is a selective factor applied in addition to the basic requirements and minimum qualifications for this position. Applicants who do not meet this selective factor are ineligible for further consideration. This position requires the following certification: Active/Valid Certified Information Systems Security Professional (CISSP) certification NOTE: Proof of certification must be submitted with your application package. Time In Grade Federal employees in the competitive service are also subject to the Time-In-Grade Requirements: Merit Promotion (status) candidates must have completed one year of service at the next lower grade level. Time-In-Grade provisions do not apply under the Excepted Service Examining Plan (ESEP). You must meet all qualification requirements within 30 days of the closing date of the announcement.
Total Compensation Package - Check out IHS's outstanding total compensation package for this job: IT Specialist Total Compensation | Pay (ihs.gov) POLICY & PROCEDURES Draft policies and related standards in accordance with the National Institute of Standards and Technology (NIST), the Department of Health and Human Services (HHS), the National Cybersecurity and Communications Integration Center (NCCIC) and other applicable federal government requirements, guidance, and directives. Develop procedures for first responders for handling information security incidents. Validate and maintain incident response plans and processes to address potential threats. Support the agency Chief Information Officer (CIO) in making decisions by providing written analysis of an incident with its effects on the agency security posture. INCIDENT INVESTIGATION & RESPONSE Provide technical support to agency-wide information technology technicians to resolve cyber defense incidents. Perform cyber defense incident triage, to include determining scope, and potential impact, identifying the specific vulnerability, and making recommendations. Track and document cyber defense incidents from initial detection through final resolution. Provide investigation findings to relevant business units to help improve information security posture. Recommend new systems and processes to fill gaps and to streamline and/or automate incident response processes. Initiate and/or engage in information technology security investigations or audit functions relating to the work of individuals employed by Indian Health Service (IHS) including duties which directly affect the internal security of IHS. Participate in or has access to investigations involving Personal Identifiable Information (PII) and/or Protected Health Information (PHI) to ensure that other employees' duties are discharged honestly and with integrity. Provide timely detection, identification, and alerting possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. REPORTING Prepare internal and external reports that may include providing audit liaison support to information technology operations, such as the Federal Information Security Act (FISMA), Chief Financial Officer, and others as directed. Provide internal reporting to the supervisor on information technology incident response activities, such as periodic, but no less frequently than quarterly, reports capturing the status of IHS systems' security posture with IHS and HHS security metrics. Individually or as a team member, participate in surveys, studies and other investigations of management practices and administrative operations to determine the adequacy of present systems and to improve organizational operations. Conceptualize and develop study plans, conduct fact-finding, analyze data, prepare and present findings and recommendations. SUBJECT MATTER EXPERTISE Prepare position papers, executive submittals, presentations, memoranda, and other correspondences, as directed, in response to the most far-reaching proposals that relate to investigative findings, enterprise-wide information security policies and standard requirements or modifies existing organizational arrangements. Analyze short, medium, and long-range projects for solutions of complex operational or policy issues in areas such as information security, information security reporting, systems development life cycle, quality assurance, and others as directed. Monitor organizational, legislative, administrative, and technological changes that affect information system standards and related processes and impact upon future planning to meet the needs of the Agency. Monitor information security related websites to stay up to date on current attacks and trends. Analyze potential impact of new threats and communicate risks to relevant business units. Provide technical expertise of current and evolving best practices in cybersecurity and the broader information technology industry.