Information Technology Specialist (INFOSEC)

You must meet both the Basic Requirement and the Specialized Experience to qualify for this series as described below. BASIC REQUIREMENT Applicants must have IT-related education or experience demonstrating each of the four competencies listed below at a proficiency equivalent to the next lower grade level in federal service. Attention to Detail – Is thorough when performing work and conscientious about attending to detail. Customer Service – Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication – Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving – Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. SPECIALIZED EXPERIENCE REQUIREMENTS In addition to the basic requirement, a qualified candidate’s online application and resume must also demonstrate at least one year of specialized experience equivalent to the next lower grade level in the Federal service. Specialized experience for these positions are defined as: GS-09: You must have one year of specialized experience equivalent to the next lower grade (GS-07). Specialized experience for this position is defined as meeting at least 2 of 3 of the following: Identifying basic anomalies or errors in network or system services; Assisting in taking actions to mitigate security risks, such as installing security patches, running anti-virus or other utilities; Assisting in documenting security problems. OR Master’s degree or equivalent graduate degree or 2 full years of progressively higher-level graduate education leading to a master’s degree or equivalent graduate degree; your education must demonstrate the knowledge, skills, and abilities necessary to do the work. OR Combination of education and experience as described above. Less than one year of specialized experience may be combined with graduate education in excess of the amount required for the next lower grade level (i.e., credit hours beyond the first two years of full-time study may be credited). GS-11: You must have one year of specialized experience equivalent to the next lower grade (GS-09). Specialized experience for this position is defined as meeting at least 2 of 3 of the following: Assisting in implementing corrective or preventive actions network or system services; Taking actions to mitigate security risks, such as installing security patches, running anti-virus or other utilities; Documenting and initiating response to security problems. OR Ph.D. or equivalent doctoral degree or 3 full years of progressively higher level graduate education leading to a Ph.D. or equivalent doctoral degree; your education must demonstrate the knowledge, skills, and abilities necessary to do the work. OR Combination of education and experience as described above. Less than one year of specialized experience may be combined with graduate education in excess of the amount required for the next lower grade level (i.e., credit hours beyond the first two years of full-time study may be credited). GS-12: You must have one year of specialized experience equivalent to the next lower grade (GS-11). Specialized experience for this position is defined as meeting at least 2 of 4 of the following: Carrying out activities leading to security certification or accreditation; Conducting integrated analysis of multiple audit logs (e.g., firewall, Web server); Participating in identifying and writing specifications to meet IT security requirements at the applications or network server level; Providing input in drafting information systems security documentation (e.g. systems security plans, risk assessments, disaster recovery plans, business continuity plans, user security guides). GS-13: You must have one year of specialized experience equivalent to the next lower grade (GS-12). Specialized experience for this position is defined as meeting at least 2 of 4 of the following: Evaluating, recommending, implementing, and disseminating IT security tools, procedures, and practices to protect information assets; Planning and coordinating the delivery of an IT security awareness training program for end users at all levels in the organization; Updating an organization’s contingency or disaster recovery plans to respond to new security requirements or changes in the IT architecture; Coordinating development and implementation of policies and standards for classified or confidential network systems regarding sharing and safeguarding classified or confidential information. GS-14: You must have one year of specialized experience equivalent to the next lower grade (GS-13). Specialized experience for this position is defined as meeting at least 2 of 4 of the following: Recommending new or revised security measures and countermeasures based on the results of accreditation reviews; Evaluate new security authentication technologies such as public key infrastructure certificates, secure cards, and biometrics; Identifying and specifying information systems security requirements associated with migrations to new environments; Developing specifications to ensure compliance with security requirements at the systems or LAN level. GS-15: You must have one year of specialized experience equivalent to the next lower grade (GS-14). Specialized experience for this position is defined as meeting at least 2 of 4 of the following: Leading the development of long-range plans for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities; Identifying the need for changes based on new security technologies or threats, testing and implementing new policies, and instituting measures to ensure awareness and compliance; Planning and coordinating the development of specifications to meet security requirements at the company/agency or wide area network (WAN) level; Integrating security programs across disciplines including defining the scope and detail for security plans and policies applicable to the security program. NOTE: There is no substitution of education for specialized experience at the GS-12 through GS-15 levels. “Experience” refers to paid and unpaid experience. Examples of qualifying unpaid experience may include: volunteer work done through National Service programs (such as Peace Corps and AmeriCorps); as well as work for other community-based philanthropic and social organizations. Volunteer work helps build critical competencies, knowledge, and skills; and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. OPM Qualification Standards for the GS-2210 series are at the following website: OPM Qualification Standards.