Job Summary

Please limit your resume to 5 pages. If more than 5 pages are submitted, only the first 5 pages will be reviewed to determine your eligibility/qualifications. This is a Direct Hire Authority (DHA) solicitation utilizing the DHA for AcqDemo Business and Technical Management Career Path (NH)o recruit and appoint qualified candidates to positions in the competitive service. About the Position: This position is located at Aberdeen Proving Ground, MD.

Job Description

• Serves as a Senior Vulnerability Assessment Analyst in accordance with the Army Regulation (AR) 25-2, Information Management Army Cybersecurity and other statutory and regulatory requirements.
• Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
• Conduct and/or support authorized penetration testing on enterprise network assets.
• Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
• Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
• Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
• Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant focus areas (e.g. computing environment, network/infrastructure, enclave boundary and applications).
• Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
• Develops and applies Information Assurance (IA) and cybersecurity requirements for adequacy and effectiveness of security measures, continuity of operations, and protection of systems and system content.
• Develop and submit a cybersecurity plan.
• Provide an assessment of cybersecurity requirements documents to program management.
• Document cybersecurity and risk management framework (RMF) planning in a security plan.
• Recommend appropriate security controls for an acquisition program.
• Establish the continuous risk management framework (RMF) monitoring and cybersecurity strategies.
• Apply knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.
• Apply knowledge of interpreted and compiled computer languages.
• Ability to apply system design tools, methods, and techniques, including automated systems analysis and design tools

Qualifications

Who May Apply: US Citizens In order to qualify, you must meet the experience requirements described below. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; student; social). You will receive credit for all qualifying experience, including volunteer experience. Your resume must clearly describe your relevant experience; if qualifying based on education, your transcripts will be required as part of your application. Additional information about transcripts is in this document. Experience required: To qualify based on your work experience, your resume must describe at least one year of experience which prepared you to do the work in this job. To qualify you must have IT-related experience demonstrating each of the four competencies listed below based on the grade level required of the position being filled: 1) Attention to Detail - Is thorough when performing work and conscientious about attending to detail. 2) Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. 3) Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. 4) Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND Specialized experience: One year of specialized experience which includes:1) Evaluating cybersecurity configurations or compliance within an agency; 2) Analyzing cybersecurity risks or vulnerabilities within agency IT equipment, software and/or networks; and 3) Providing advice or guidance on cybersecurity policies, procedures or regulations.

The U.S. Army Communications-Electronics Command (CECOM) is the Army’s materiel integrator for Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance, and Reconnaissance (C5ISR) readiness. As a major subordinate command of the U.S. Army Materiel Command (AMC), CECOM collaborates with Army Commands, Program Executive Offices, other AMC commands, and industry partners to provide, integrate, and sustain world-class C5ISR hardware, software, and mission command capabilities for the joint warfighter. CECOM maintains a global team of approximately 9,000 Soldiers, civilians, and contractors and is headquartered at Aberdeen Proving Ground (APG), MD.