- Position Title
- IT Specialist (INFOSEC)
- Agency
- Office of the Inspector General for the Federal Housing Finance Agency
- Announcement Number
- 23-FHFAIG-24 Opens in new window
- Open Period
- Tuesday, June 13, 2023 to Tuesday, July 11, 2023
For preview purposes only. To apply, please return to the USAJOBS announcement and click the Apply button.
Eligibilities
1.
Do you claim Veterans’ Preference?
2.
Are you a surplus or displaced Federal employee eligible under the Career Transition Assistance Plan (CTAP)? Click CTAP for eligibility and a detailed list of required documents you must submit in order to be eligible.
3.
Are you a displaced Federal employee eligible under the Interagency Career Transition Assistance Plan (ICTAP)? Click ICTAP for eligibility and a detailed list of required documents you must submit in order to be eligible.
4.
Reasonable Accommodations for taking the online assessments are provided on a case-by-case basis only to qualified individuals with a disability covered by the Rehabilitation Act of 1973, as amended.
Do you have a disability (physical or mental) that you believe will interfere with completing the online assessments and require a Reasonable Accommodation?
Preferences
1.
Select the lowest grade you are willing to accept for this position.
2.
Are you currently serving or have served in the last five years in a Political Appointment in the Federal Government?
3.
If you were born a male after December 31, 1959, and are at least 18 years of age, have you registered with the Selective Service System (select "Not applicable" if this question does not apply to you)?
Assessment 1
For the EL-12, you must have one year of specialized experience at a level of difficulty and responsibility at the EL-11/GS-11 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes experience performing IT security work demonstrating experience with, and applying, Federal Information Security Modernization Act, Office of Management and Budget (OMB) Circular No. A-130, Appendix III, and National Institute of Standards and Technology (NIST) standards and guidelines when conducting performance audits over information technology/cyber security, in accordance with generally accepted government auditing standards (GAGAS) or equivalent non-federal auditing standards and guidelines.
Examples of such experience could include:
- Serving as a core member of a project team or subject matter expert in conducting research of reports, laws, regulations, policies, and procedures related to IT or IT security;
- Working as part of a team developing plans for IT audits or IT Security assessments;
- Working on a team involved with IT security control test work (e.g., vulnerability assessment, penetration tests, FISMA control testing, cloud security control assessment);
- Drafting workpapers or sections of report documenting IT audit or IT security assessment findings..
AND
In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below:
- Attention to Detail, such as monitoring implementation of recommended corrective actions.
- Customer Service, such as participating in briefings concerning contractors and proposals.
- Oral Communication, such as conducting briefings with management to discuss issues, status, and findings of IT audits.
- Problem Solving, such as planning and conducting security control test work.
Examples of such experience could include:
- Serving as a core member of a project team or subject matter expert in conducting research of reports, laws, regulations, policies, and procedures related to IT or IT security;
- Working as part of a team developing plans for IT audits or IT Security assessments;
- Working on a team involved with IT security control test work (e.g., vulnerability assessment, penetration tests, FISMA control testing, cloud security control assessment);
- Drafting workpapers or sections of report documenting IT audit or IT security assessment findings..
AND
In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below:
- Attention to Detail, such as monitoring implementation of recommended corrective actions.
- Customer Service, such as participating in briefings concerning contractors and proposals.
- Oral Communication, such as conducting briefings with management to discuss issues, status, and findings of IT audits.
- Problem Solving, such as planning and conducting security control test work.
1.
For the EL-12, select the answer that best describes your experience.
2.
Please give the dates/resume reference when you gained this experience so it may be found to ensure you receive proper credit.
For the EL-11, you must have one year of specialized experience at a level of difficulty and responsibility at the EL-09/GS-09 level in the Federal service or equivalent, which have equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes experience performing structured IT audit security work using testing tools to develop more in-depth experience promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations visions and goals.
Examples of this experience could include:
- Experience assisting more experienced staff in preparing proposals or plans for IT audits or IT security assessments.
- Participate in IT security control test work (e.g., vulnerability assessment, penetration tests, FISMA control testing, cloud security control assessment).
- Experience conducting pre-audit research of prior audit/evaluation reports, laws, regulations, and procedures related to IT or IT security assessments.
AND
In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below in their IT-related experience:
- Attention to Detail, such as reviewing work products prepared by team members to ensure accuracy and sufficiency of support for identified weaknesses.
- Customer Service, such as reviewing and approving payment of contractor invoices.
- Oral Communication, such as providing on-the-job training on use of electronic audit documentation system.
- Problem Solving, such as participating in audits of disaster recovery exercises to identify weaknesses in continuity of operations and make recommendations for ensuring the safeguarding of information systems and their availability in the event of a disaster.
OR
You may substitute education for specialized experience as follows: Ph.D. or equivalent doctoral degree, or 3 full years of progressively higher level graduate education leading to a Ph.D. or equivalent doctoral degree. Attach a copy of transcript or list of college courses designating semester or quarter hours earned to ensure proper credit. The degree is in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.
Examples of this experience could include:
- Experience assisting more experienced staff in preparing proposals or plans for IT audits or IT security assessments.
- Participate in IT security control test work (e.g., vulnerability assessment, penetration tests, FISMA control testing, cloud security control assessment).
- Experience conducting pre-audit research of prior audit/evaluation reports, laws, regulations, and procedures related to IT or IT security assessments.
AND
In addition to meeting specialized experience, applicants must have proficiency in each of the four competencies listed below in their IT-related experience:
- Attention to Detail, such as reviewing work products prepared by team members to ensure accuracy and sufficiency of support for identified weaknesses.
- Customer Service, such as reviewing and approving payment of contractor invoices.
- Oral Communication, such as providing on-the-job training on use of electronic audit documentation system.
- Problem Solving, such as participating in audits of disaster recovery exercises to identify weaknesses in continuity of operations and make recommendations for ensuring the safeguarding of information systems and their availability in the event of a disaster.
OR
You may substitute education for specialized experience as follows: Ph.D. or equivalent doctoral degree, or 3 full years of progressively higher level graduate education leading to a Ph.D. or equivalent doctoral degree. Attach a copy of transcript or list of college courses designating semester or quarter hours earned to ensure proper credit. The degree is in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.
3.
For the EL-11, select the answer that best describes your experience.
4.
Please give the dates/resume reference when you gained this experience/education so it may be found to ensure you receive proper credit.
Specialized experience for the EL-09 is defined as one year of experience at the EL-07/GS-07 level, or equivalent, that is directly related to the position and which has equipped the candidate with the particular knowledge, skills, and abilities to successfully perform the duties of the position. Specialized experience for this position includes performing highly structured, entry level IT security audit work designed to develop broader and more in-depth knowledge and skill needed to perform higher level assignments, such as ensuring the integrity and availability of systems and networks through analysis of information systems security programs, policies, and procedures.
Examples of such experience could include:
-Experience applying operational standards to identify, isolate and resolve issues.;
-Experience participating in audit, assessment, evaluation or analytical reviews in accordance with an established process.;
-Experience assisting with the audit analysis and testing of IT systems security controls.
AND
In addition to meeting specialized experience, applicants must have IT-related proficiency in each of the four competencies listed below.
-Attention to Detail, such as preparation of supporting documents for an IT audit.
-Customer Service, such as serving as liaison with auditee representatives for a team.
-Oral Communication, such as assisting with preparation of pre-audit and exit conferences.
-Problem Solving, such as assisting with pre-audit research.
OR
You may substitute education for specialized experience as follows: Master's degree or equivalent graduate degree or 2 full years or progressively higher level graduate education leading to a Master's or equivalent graduate degree, in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.
Examples of such experience could include:
-Experience applying operational standards to identify, isolate and resolve issues.;
-Experience participating in audit, assessment, evaluation or analytical reviews in accordance with an established process.;
-Experience assisting with the audit analysis and testing of IT systems security controls.
AND
In addition to meeting specialized experience, applicants must have IT-related proficiency in each of the four competencies listed below.
-Attention to Detail, such as preparation of supporting documents for an IT audit.
-Customer Service, such as serving as liaison with auditee representatives for a team.
-Oral Communication, such as assisting with preparation of pre-audit and exit conferences.
-Problem Solving, such as assisting with pre-audit research.
OR
You may substitute education for specialized experience as follows: Master's degree or equivalent graduate degree or 2 full years or progressively higher level graduate education leading to a Master's or equivalent graduate degree, in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.
5.
For the EL-9, select the answer that best describes your experience.
6.
Please give the dates/resume reference when you gained this experience/education so it may be found to ensure you receive proper credit.
7.
Select the following choice(s) you have performed as part of your regular duties. Select all that apply:
8.
Which of the following have you performed and or assisted in the following IT security control test work? Select all that apply.
9.
Select the audit functions you have perform on a regular basis.
Select “Yes” or “No” to the following question(s).
10.
I have experience serving as the auditor-in-charge or performs assigned segments of highly technical and complex audits of IT systems and information systems security programs and practices, ensuring the audit work conforms with applicable professional standards and policy.