It Specialist (Infosec)

To qualify for this position, applicants must meet all requirements by the closing date of this announcement, 06/24/2026. You must meet the basic requirement, specialized experience and selective placement factor to qualify for this series as described below: Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND Specialized Experience: You must have one year of specialized experience equivalent to at least the next lower grade GS-12 in the normal line of progression for the occupation in the organization. Examples of specialized experience would typically include, but are not limited to: Experience independently reviewing and analyzing cybersecurity risk management data from multiple sources to identify risks, conduct comprehensive assessments of IT system security controls in accordance with NIST SP 800-37, and perform activities to improve enterprise cybersecurity processes; supporting Risk Management Framework (RMF) functions, including Governance, Risk and Compliance (GRC) activities, and facilitating compliance with OIG FISMA and FISCAM audits; and in conducting security control assessments, developing security authorization packages, and monitoring ongoing compliance with federal cybersecurity requirements. AND Selective Placement Factor: Direct experience applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) to include conducting security control assessments, developing authorization packages, and documenting security requirements for information technology systems at the agency or enterprise level. Direct experience supporting Risk Management Framework (RMF) compliance functions to include Governance, Risk and Compliance (GRC) capabilities and OIG Federal Information Security Management Act (FISMA) and Federal Information System Controls Audit (FISCAM) Audits. For more information on these qualification standards, please visit the United States Office of Personnel Management's website at https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/.

NCWF Code(s): 612 Category-Security Control Assessor I 461 Category- Systems Security Analyst Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks. Provide input to the Risk Management Framework process activities and related documentation ( e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network. Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations. Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk. Insure the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. Ensure all systems security operations and maintenance activities are properly documented and updated as necessary. Develop policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data. Promotion Potential: This position is at its full performance level. Work Schedule: Monday-Friday 8 am-4:30 pm Compressed/Flexible: At the manager's discretion Telework: Telework eligibility will be discussed during the interview process. Virtual: This is not a virtual position. Position Description/PD#: It Specialist (Infosec)/PD20101A Relocation/Recruitment Incentives: Not Authorized Permanent Change of Station (PCS): Not Authorized PCS Appraised Value Offer (AVO): Not Authorized Physical Requirements: The work is sedentary. Some work may require walking and standing in conjunction with travel and to attendance at meetings and conferences away from the work site. Some employees may carry light items, such as papers, books, or small parts, or drive a motor vehicle. The work does not require any special physical effort. Occasional travel may be required. Work Environment: The work area is adequately lighted, heated, and ventilated. The work environment involves everyday risks or discomforts that require normal safety precautions. Some employees may occasionally be exposed to uncomfortable conditions in such places as research and production facilities.