IT Specialist (InfoSec)
What you'd do
This position is located in the Department of Health and Human Services, Health Resources and Services Administration, headquartered in Rockville, Maryland. This announcement will close at 11:59 PM, on the day that 50 applications have been received or the closing date of the announcement, whichever comes first.
Major duties
WHAT YOU'LL BE DOING DAY TO DAY As an IT Specialist (InfoSec), you will use your knowledge and experience to optimize business results and customer experience by: Engineer, design and implement information security threat response tools to prevent, detect, analyze and respond to malicious activity and/or anomalies across on-premises, hybrid, and cloud environments, including infrastructureas-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (Saas). Develop and track security operations performance metrics (e.g., detection coverage, mean time to detect, mean time to respond, alert fidelity) to evaluate tool effectiveness, process maturity, and overall security operations performance, and provide data-driven recommendations for continuous improvement. Maintain security operations tools at optimal operating performance and provide senior-level engineering support including assessing tool effectiveness, detection quality, and operational impact using defined security operations metrics to inform optimization and modernization efforts. Perform threat detection engineering, analysis, and forensics. Develop, tune and implement threat detection analytics and CND content for on-premises and cloud environments, including identity-centric, API, and control-plane telemetry aligned with Zero Trust Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
What you need to qualify
WHAT WE ARE LOOKING FOR Basic Qualifications: The 2210 series has an Individual Occupational Requirement that must be met and can be viewed here. There is no Group Coverage Qualification Standard for this series. BASIC REQUIREMENT: Individuals must have IT-related experience demonstrating each of the nine competencies listed below: Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Decision Making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals; causes change. Information Management - Identifies a need for and knows where or how to gather information; organizes and maintains information or information management systems. Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals. Technical Competence - Uses knowledge that is acquired through formal training or on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues. NOTE: Your resume must support your response to this question. Failure to provide sufficient evidence of the required competencies in your resume may result in an ineligible rating. Minimum Qualifications: You must have one year specialized experience to perform successfully the duties of the position. To be creditable, specialized experience must have been equivalent to at least the GS-13 grade level in the Federal service performing ALL of the following: Engineering, designing, integrating, and implementing enterprise security operations tools across on-premises, hybrid, and cloud environments, including SIEM, SOAR, EDR, IDS/IPS, and digital forensics platforms, ensuring alignment with defense-in-depth and Zero Trust principles. Evaluating, testing, and validating security technologies; translating functional requirements into technical solutions; developing use cases and test plans; overseeing installation, configuration, troubleshooting, and optimization of security tools; and ensuring interoperability across enterprise infrastructure, identity systems, and cloud environments. Developing, tracking, and analyzing security operations performance metrics to assess detection quality, operational effectiveness, and process maturity, and making data-driven recommendations to improve SOC capabilities. Developing, tuning, and implementing threat detection analytics and cyber defense content; conducting event correlation, adversary technique analysis, network traffic and packet analysis; identifying anomalous activity; and performing trend analysis to identify detection gaps and improve enterprise monitoring coverage. Conducting advanced incident response and digital forensics activities including evidence collection and imaging, malware analysis, validation of IDS alerts, identification of exploited vulnerabilities, and analysis of network, cloud, and identity telemetry to determine scope, impact, and remediation strategies. Documenting experience: IN DESCRIBING YOUR EXPERIENCE, PLEASE BE CLEAR AND SPECIFIC. WE WILL NOT MAKE ASSUMPTIONS REGARDING YOUR EXPERIENCE. Qualifications are based on breadth/level of experience. In addition to describing duties performed, applicants must provide the exact dates of each period of employment (from MM/YY to MM/YY) and the number of hours worked per week if part time. As qualification determinations cannot be made when resumes do not include the required information, failure to provide this information may result in disqualification. Applicants are encouraged to use the USAJOBS Resume Builder to develop their federal resume. Do not copy and paste the duties, specialized experience, or occupational application questionnaire from this announcement into your resume as that will not be considered a demonstration of your qualifications for this position. In accordance with Office of Personnel Management policy, federal employees are assumed to have gained experience by performing duties and responsibilities appropriate for their official series and grade level as described in their position description. Experience that would not normally be part of the employee's position is creditable, however, when documented by satisfactory evidence, such as a signed memorandum from the employee's supervisor or an SF-50 or SF-52 documenting an official detail or other official assignment. The documentation must indicate whether the duties were performed full time or, if part time, the "percentage of times" the other duties were performed. It is expected that this documentation is included in the employee's official personnel record. In order to receive credit for experience in your resume that is not within the official series and grade level of your official position, you must provide a copy of the appropriate documentation of such experience as indicated above. Experience refers to paid and unpaid experience, including volunteer work done through national Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; community; student; social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to gain employment. You will receive credit for all qualifying experience, including volunteer experience. If such experience is on a part-time basis, you must provide the average number of hours worked per week as well as the beginning and ending dates of the experience so it can be fully credited. OPM Qualification General Policies Website This announcement will close at 11:59 PM, on the day that 50 applications have been received or the closing date of the announcement, whichever comes first.
Before you apply
Federal applications are different: your resume should be 3–5 pages and mirror the language of this announcement. Read our federal resume guide first — it's the #1 reason qualified people get screened out.
Don't miss the next one.
Get an email the moment a similar federal job opens — postings can close in as little as 5 days.