USA Staffing

Specialized experience for the Band 53, (GS 13 Equivalent): An applicant must have one year of specialized experience equivalent to at least the (BAND 52) (GS-12 equivalent) in the Federal service. Specialized experience is experience directly related to the position to be filled which has equipped the candidate with particular knowledge, skills, and abilities to successfully perform the duties of the position. Such experience is typically gained in the IT field or through the performance of work where the primary concern is IT. Specialized experience for this position includes all of the following:

Experience in using the NIST Risk Management Framework to conduct security assessments of information security controls to measure the effectiveness of controls and identify gaps; AND
Performing information system security testing and analysis efforts and developing risk mitigation solutions; AND
Performing vulnerability scanning, analysis and remediation activities.

1. Do you have experience using the NIST Risk Management Framework to conduct security assessments of information security controls to measure the effectiveness of controls and identify gaps?

A. Yes

B. No

2. If you answered yes, please list the dates and reference where you gained this experience. (limit 250 characters)

3. Do you have experience performing information system security testing and analysis efforts and analysis efforts and developing risk mitigation solutions?

A. Yes

B. No

4. If you answered yes, please list the dates and reference where you gained this experience. (limit 250 characters)

5. Do you have experience performing vulnerability scanning, analysis and remediation activities?

A. Yes

B. No

6. If you answered yes, please list the dates and reference where you gained this experience. (limit 250 characters)

7. In addition to meeting specialized experience, for all positions, individuals must have IT-related experience demonstrating proficiency in each of the four competencies listed below:

- Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
- Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.; AND
- Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.; AND
- Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. (No Answer)

Do you possess all four competencies listed above in your IT-related experience?

A. Yes

B. No

8. Which of the following security tools do you have experience using and are technically proficient using?

A. Splunk

B. Vulnerability Scanner

C. Antivirus

D. Intrusion Detection System

E. None of the above

9. Which of the following IT security practices have you managed or performed? (Select all that apply)

A. Reviews software, networks, and system architectures and provides guidance to administrators and developers on properly securing

B. Runs vulnerability scanners and interprets results

C. Reviews system configurations and log data for suspicious activities

D. Administer and monitor IT security technologies in support of an analytic environment.

E. None of the above

10. Choose the statements that best describe your experience in administering, monitoring, analyzing, and configuring security for an enterprise system. (Select all that apply)

A. Enterprise Systems Application Audit Trails

B. Network and Host Intrusion Detection Services (NIDS and HIDS)

C. Enterprise Security Information Event Management

D. Microsoft Windows event logging, or other logging services

E. Network monitoring services, computer systems monitoring services, or incident response services for major enterprise with multiple national or international locations connected via the Internet and private networks

F. Security configuration baselines for moderate or high categorized systems

G. Computer applications and operations staff to maintain the security readiness of applications and configurations

H. None of the above

11. Choose the statements that best describe your experience in identifying and implementing application security. (Select all that apply)

A. I have identified security requirements during the requirements analysis and design disciplines of system development.

B. I have performed IV&V for systems or applications to see that they meet all security requirements.

C. I have implemented systems or applications that meet security requirements.

D. None of the above

12. Have you ever personally performed, or led teams responsible for: (Select all that apply)

A. Working with IP networking and networking protocols

B. Working with internet, web, application, and network security techniques

C. Applying knowledge of NIST or other standards and federal laws and regulations related to IT security

D. Configuring and maintaining secure configurations in Red Hat Linux, Solaris and/or Microsoft Operating Systems

E. Applying knowledge of principles, practices, and techniques of IT security continuous monitoring, including automation tools

F. Developing and implementing an IT Security Architecture

G. Designing and operating Risk Management and Incident Handling programs

H. Providing project oversight for contractors who support, maintain, and enhance a large organization’s IT and/or IT security program

I. None of the above

13. From the following list of duties, please select those you have performed related to Splunk administration:

A. Performed installation, configuration management, capacity planning, license management, data integration, data transformation, field extraction, event parsing, data preview and application management of Splunk platform

B. Provided expert analysis and advice on the design and customization of search queries and promote advanced searching, forensics and analytics, developed dashboards, data models, reports and optimized their performance

C. Developed, implemented, and documented configuration standards, policies, and procedures for operating, managing, and ensuring the security of the Splunk infrastructure

D. Participate in incident, problem, and change management processes related to Splunk

E. None of the above

14. Choose the response that MOST accurately reflects your highest level of experience with respect to developing technical documentation related to monitoring administration, intrusion detection and vulnerability analysis of external network connections.

A. I developed and implemented changes to procedures within my group and forwarded these changes to a higher level for agency-wide implementation

B. I implemented changes to procedures within my group based on feedback from internal customers and/or the public

C. I identified the need for changes and made specific recommendations for changes to procedures within my group to higher level management

D. None of the above

15. Choose the response that MOST accurately reflects your highest level of experience with respect to developing technical documentation related to malware detection, host-based intrusion detection and associated endpoint security solutions.

A. I developed and implemented changes to procedures within my organization and forwarded these changes to a higher level for agency-wide implementation

B. I implemented changes to procedures within my organization based on feedback from internal customers and/or the public

C. I identified the need for changes and made specific recommendations for changes to procedures within my organization to higher level management

D. None of the above

16. Which of the following types of documents have you written? (Select all that apply)

A. User and Data Access Procedures

B. Configuration Management Procedures

C. Vulnerability Assessment Reports

D. Technical reports

E. URL Whitelisting

F. None of the above

17. Choose the statement(s) that describe your experience in communicating information to senior management officials. (Select all that apply)

A. I assisted in the preparation of policy recommendations, procedures, or analyses, providing data and background information to senior officials as requested.

B. I developed comprehensive materials for reports, briefings, and meetings for management officials.

C. I communicated program strategies, goals, objectives, and priorities to program personnel within an organization.

D. I prepared briefing materials for management officials.

E. I made recommendations orally.

F. None of the above.

18. I have planned IT projects / initiatives that required me to personally prepare the following: (Select all that apply)

A. Analyses of the effectiveness of existing systems including the feasibility of pursuing alternatives for improvement

B. Cost benefit analyses on which project authorization decisions were based

C. Detailed project plans including multiple deliverables, dependencies, timelines, and key milestones

D. Project proposals including costs, benefits, timetables, and implementation strategies

E. System specifications and statements of work

F. Other documentation necessary to satisfy legal, regulatory and policy requirements

G. None of the above

Terms & Conditions

Your Session is About to Expire!