This position is located in the Department of Technology Services (DTS), IT Security Office (ITSO), Security Engineering Division in Washington, DC.

Duties

The incumbent of this position serves as the Chief, IT Vulnerability Management (ITVM) Branch which is tasked with providing strategic direction in support of the Division's mission, ensuring that objectives are achieved, ascertaining that risks are managed appropriately, and verifying that the agency's resources are used responsibly. The Branch makes decisions concerning investments in security measures, aligning cyber security risk management with other aspects of enterprise risk management, and managing the organization's cyber security posture. The incumbent applies an exceptionally high level of acquired subject matter expertise, technical acumen, and a wide range of programmatic techniques to accomplish major duties and associated responsibilities through individual performance and leadership of the combined efforts of directly assigned personnel. The incumbent will perform multiple and varying assignments under the Chief, SED Division. Duties of the position include, but are not limited to: Performing the full range of first line supervisory duties. Conducting risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs. Promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals. Assessing security events to determine impact and implementing corrective actions. Conducting systems security verification and validation to ensure they meet risk acceptance requirements. Developing and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures. Ensuring the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services. Providing for appropriate recommendations on the acquisition of vendor-supplied software and hardware. Adapting current testing processes to align with rapid development, security, and operations (DevSecOps) processes. Developing security requirements that can be added to functional requirements so that security is built into products from the beginning. Providing resources and tools that will make it easier for development teams to adopt security requirements from the start. Managing the internal and external vulnerability scanning programs (i.e., CISA Cyber Hygiene and Bug Bounty Program) conducted by internal and external teams. Staying current with emerging threats by collaborating with internal and external (i.e., CISA, FBI) to perform software centric, attacker centric, and asset centric threat modeling. Serving as both the leader and subject matter expert for the development, management, and execution of ITVM services and work products. Performing additional duties as the contracting officer representative (COR), project planning, budget planning, scheduling, oversight of concurrent tasking, service delivery, and reporting. Performing research to identify potential vulnerabilities in and threats to existing web, applications, database, and operating system technologies, and provides timely, clear, technically accurate notification to management of the risk potential and options for remediation. Providing analogous services for new or emerging technologies being considered for judiciary use. Managing, operating, and maintaining the security testing infrastructure and testing tools. Researching and identifying new tools that can improve the testing process and/or support enterprise development activities. Performing contracting activities, administration, and management of these tools and licenses. Creating and making recommendations for improvements to IT security resources maintained by ITSO, such as security guidelines, hardening standards, and best practices. Providing input on enterprise security tools in their configurations and implementations. Demonstrating strong project management as well as oral and written communication skills. Providing complete and accurate project status updates to the SED Division Chief and promptly communicates any barriers to task completion. Responding to inquiries from System Owners, IT Directors, Court Unit Executives, and other judicial employees on information security related issues. Explaining technical security terms, concepts, and techniques to both technical and non-technical audiences.

Requirements

Qualifications

Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions. Specialized Experience: Applicants must have at least one full year (52 weeks) of specialized experience which is in or directly related to the line of work of this position. Specialized experience is demonstrated experience in ALL areas defined below: Conducting information security testing in web applications, infrastructure assets and technologies, mobile applications, custom developed software implementations, virtual technologies, and common application platforms. Conducting risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs. Promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals. Leading a team of cybersecurity professionals responsible for testing application and information systems as part of the organizations development, security, and operations (DevSecOps) processes.

Education

This position does not require education to qualify.

Contacts

• Address Department of Technology Services One Columbus Circle, NE Washington, DC 20544 US
• Name: Kymberli Camber
• Phone: (210) 301-6303
• Email: [email protected]