Summary
This position is located in the Department of Health & Human Services (HHS), Centers for Medicare & Medicaid Services (CMS), Office of Information Technology (OIT), Info Security & Privacy Group (ISPG), Division of Cyber Threat & Security Operations.
As an IT Specialist (Security), referred to here as an Ethical Hacker, GS-2210-9/11/12, you will conduct ethical hacking, vulnerability assessments, and security evaluations of CMS information technology systems, networks, and applications.
Duties
Help
Conduct authorized ethical hacking and vulnerability assessments in accordance with the National Institute of Standards and Technology (NIST), HHS, CMS, and the Office of Management and Budget (OMB) requirements, guidance, and directives. Participate in simulated cyberattacks using the same techniques as malicious hackers to identify potential vulnerabilities and weaknesses in systems, networks, and applications. Develop strategies for comprehensive security testing and vulnerability identification across the enterprise. Prepare internal and external reports to support IT operations, such as the Federal Information Security Act (FISMA), Chief Financial Officer, and others as directed. Analyze short, medium, and long-range projects for solutions of complex operational or policy issues in areas such as penetration testing, vulnerability assessment, social engineering testing, network security evaluation, and others as directed. Requirements
Help
Conditions of employment
You must be a U.S. Citizen or National to apply for this position. You will be subject to a background and suitability investigation. Qualifications
ALL QUALIFICATION REQUIREMENTS MUST BE MET BY THE CLOSING DATE OF THIS ANNOUNCEMENT.
Your resume (limited to no more than 2 pages) must include detailed information as it relates to the responsibilities and specialized experience for this position. Evidence of copying and pasting directly from the vacancy announcement without clearly documenting supplemental information to describe your experience will result in an ineligible rating. This will prevent you from being considered further.
In order to qualify for the GS-09 , you must meet the IT Competencies below
AND
the following: You must demonstrate in your resume at least one year (52 weeks) of qualifying specialized experience equivalent to the GS-07 grade level in the Federal government, obtained in either the private or public sector, to include:
Participating in penetration testing engagements, red team operations, or advance persistent threat (APT) simulations across enterprise networks, cloud environment, and critical infrastructure to identify security vulnerabilities or attack vector;
AND Assisting team members with conducting vulnerability research and assessments to identify systemic weaknesses and architectural flaws;
AND Assisting team members on custom exploit development or creating or modifying security bypassing testing tools and scripts (e.g., Python, PowerShell, Ruby, Bash) to address unique testing scenarios and automate security assessment workflows. See Education Field for substitutions available at the GS-09 Level.
In order to qualify for the GS-11,
you must meet the IT Competencies below
AND
the following: You must demonstrate in your resume at least one year (52 weeks) of qualifying specialized experience equivalent to the GS-09 grade level in the Federal government, obtained in either the private or public sector), to include:
Participating in penetration testing engagements, red team operations, or advance persistent threat (APT) simulations across enterprise networks, cloud environment, and critical infrastructure to identify security vulnerabilities or attack vectors;
AND Collaborating with team or project members in evaluating security architectures, information technology (IT) system designs, or security controls across IT environments including hybrid cloud infrastructures, zero-trust architectures, and multi-tier applications to identify systemic weaknesses and architectural flaws;
AND Collaborating with team or project members in applying exploitation techniques, custom exploit development, or creating or modifying security bypassing testing tools and scripts (e.g., Python, PowerShell, Ruby, Bash) to address unique testing scenarios and automate security assessment workflows;
AND Conducting vulnerability research and assessments to present findings and make recommendations to the supervisor or team lead. See Education Field for substitutions available at the GS-11 Level.
In order to qualify for the GS-12 , you must meet the IT Competencies below
AND
the following: You must demonstrate in your resume at least one year (52 weeks) of qualifying specialized experience equivalent to the GS-11 grade level in the Federal government, obtained in either the private or public sector, to include:
Planning, leading, or executing penetration testing engagements, red team operations, or advance persistent threat (APT) simulations across enterprise networks, cloud environment, and critical infrastructure to identify security vulnerabilities or attack vectors;
AND Evaluating security architectures, information technology (IT) system designs, or security controls across IT environments including hybrid cloud infrastructures, zero-trust architectures, and multi-tier applications to identify systemic weaknesses and architectural flaws;
AND Applying exploitation techniques, custom exploit development, or creating or modifying security bypassing testing tools and scripts (e.g., Python, PowerShell, Ruby, Bash) to address unique testing scenarios and automate security assessment workflows;
AND Conducting vulnerability research and assessments to present findings and make recommendations leadership. IT-related Competencies for Experience Only Qualifications:
Attention to Detai l - Is thorough when performing work and conscientious about attending to detail. Customer Service
- Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication
- Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem-Solving
- Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
Experience refers to both paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
Click the following link to view the occupational questionnaire: https://apply.usastaffing.gov/ViewQuestionnaire/12885784
Education
Education Substitute for GS-09: You may qualify for this position with education and/or experience OR a combination of experience and education.
Substitution of Education for Experience:
You may substitute education for specialized experience at the GS-09 level by possessing a Master's or equivalent graduate degree or two full years of progressively higher level graduate education leading to such a degree or equivalent graduate degree in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development of adaptations of applications, systems or networks. (TRANSCRIPTS REQUIRED AT TIME OF APPLICATION).
- OR -
Combination of Experience and Education:
Only graduate education in excess of the amount required for the GS-07 grade level may be used to qualify applicants for positions at the grade GS-09. Therefore, only education in excess of one full year of graduate-level education may be used to combine education and experience.
TRANSCRIPTS are required to verify satisfactory completion of the educational requirement related to substitution of education for experience and combination of experience and education. Please see "Required Documents" section below for what documentation is required at the time of application.
Education Substitute for GS-11: You may qualify for this position with education and/or experience OR a combination of experience and education.
Substitution of Education for Experience:
You may substitute education for specialized experience at the GS-11 level by possessing a Ph.D. or equivalent doctoral degree or 3 full years of progressively higher level graduate education leading to a Ph.D. or equivalent doctoral degree in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development of adaptation of applications, systems or networks. (TRANSCRIPTS REQUIRED)
Combination of Experience and Education:
Only graduate education in excess of the amount required for the GS-09 grade level may be used to qualify applicants for positions at the grade GS-11. Therefore, only education in excess of a master's or equivalent graduate degree, or 2 full years of progressively higher-level graduate education leading to such a degree, may be used to combine education and experience.
TRANSCRIPTS are required to verify satisfactory completion of the educational requirement related to substitution of education for experience and combination of experience and education. Please see "Required Documents" section below for what documentation is required at the time of application.
Additional information
Bargaining Unit Position:
Yes - American Federation of Government Employees, Local 1923.
Tour of Duty:
Flexible.
Recruitment Incentive:
Not Authorized.
Relocation Incentive:
Not Authorized.
Financial Disclosure:
Not Required.
Workplace Flexibility at CMS:
This position has a regular and recurring reporting requirement to the CMS office listed in this announcement. CMS offers flexible working arrangements and allows employees the opportunity to participate in alternative work schedules at the manager's discretion.
The Interagency Career Transition Assistance Plan (ICTAP) and Career Transition Assistance Plan (CTAP)
provide eligible displaced federal employees with selection priority over other candidates for competitive service vacancies. To be qualified you must submit the required documentation and be rated well-qualified for this vacancy. Click here for a detailed description of the required supporting documents. A well-qualified applicant is one whose knowledge, skills and abilities clearly exceed the minimum qualification requirements of the position. Additional information about ICTAP and CTAP eligibility is on OPM's Career Transition Resources website at www.opm.gov/rif/employee_guides/career_transition.asp.
Salary Ranges by Location:
Seattle, Washington - $69,373 - $130,786 (Seattle Salary Table) Woodlawn, MD - $70,623 - $133,142 (Woodlawn Salary Table)
Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution.
Help
A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.
Review our benefits
Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.
This position is located in the Department of Health & Human Services (HHS), Centers for Medicare & Medicaid Services (CMS), Office of Information Technology (OIT), Info Security & Privacy Group (ISPG), Division of Cyber Threat & Security Operations.
As an IT Specialist (Security), referred to here as an Ethical Hacker, GS-2210-9/11/12, you will conduct ethical hacking, vulnerability assessments, and security evaluations of CMS information technology systems, networks, and applications.
Duties
Help
Conduct authorized ethical hacking and vulnerability assessments in accordance with the National Institute of Standards and Technology (NIST), HHS, CMS, and the Office of Management and Budget (OMB) requirements, guidance, and directives. Participate in simulated cyberattacks using the same techniques as malicious hackers to identify potential vulnerabilities and weaknesses in systems, networks, and applications. Develop strategies for comprehensive security testing and vulnerability identification across the enterprise. Prepare internal and external reports to support IT operations, such as the Federal Information Security Act (FISMA), Chief Financial Officer, and others as directed. Analyze short, medium, and long-range projects for solutions of complex operational or policy issues in areas such as penetration testing, vulnerability assessment, social engineering testing, network security evaluation, and others as directed. Requirements
Help
Conditions of employment
You must be a U.S. Citizen or National to apply for this position. You will be subject to a background and suitability investigation. Qualifications
ALL QUALIFICATION REQUIREMENTS MUST BE MET BY THE CLOSING DATE OF THIS ANNOUNCEMENT.
Your resume (limited to no more than 2 pages) must include detailed information as it relates to the responsibilities and specialized experience for this position. Evidence of copying and pasting directly from the vacancy announcement without clearly documenting supplemental information to describe your experience will result in an ineligible rating. This will prevent you from being considered further.
In order to qualify for the GS-09 , you must meet the IT Competencies below
AND
the following: You must demonstrate in your resume at least one year (52 weeks) of qualifying specialized experience equivalent to the GS-07 grade level in the Federal government, obtained in either the private or public sector, to include:
Participating in penetration testing engagements, red team operations, or advance persistent threat (APT) simulations across enterprise networks, cloud environment, and critical infrastructure to identify security vulnerabilities or attack vector;
AND Assisting team members with conducting vulnerability research and assessments to identify systemic weaknesses and architectural flaws;
AND Assisting team members on custom exploit development or creating or modifying security bypassing testing tools and scripts (e.g., Python, PowerShell, Ruby, Bash) to address unique testing scenarios and automate security assessment workflows. See Education Field for substitutions available at the GS-09 Level.
In order to qualify for the GS-11,
you must meet the IT Competencies below
AND
the following: You must demonstrate in your resume at least one year (52 weeks) of qualifying specialized experience equivalent to the GS-09 grade level in the Federal government, obtained in either the private or public sector), to include:
Participating in penetration testing engagements, red team operations, or advance persistent threat (APT) simulations across enterprise networks, cloud environment, and critical infrastructure to identify security vulnerabilities or attack vectors;
AND Collaborating with team or project members in evaluating security architectures, information technology (IT) system designs, or security controls across IT environments including hybrid cloud infrastructures, zero-trust architectures, and multi-tier applications to identify systemic weaknesses and architectural flaws;
AND Collaborating with team or project members in applying exploitation techniques, custom exploit development, or creating or modifying security bypassing testing tools and scripts (e.g., Python, PowerShell, Ruby, Bash) to address unique testing scenarios and automate security assessment workflows;
AND Conducting vulnerability research and assessments to present findings and make recommendations to the supervisor or team lead. See Education Field for substitutions available at the GS-11 Level.
In order to qualify for the GS-12 , you must meet the IT Competencies below
AND
the following: You must demonstrate in your resume at least one year (52 weeks) of qualifying specialized experience equivalent to the GS-11 grade level in the Federal government, obtained in either the private or public sector, to include:
Planning, leading, or executing penetration testing engagements, red team operations, or advance persistent threat (APT) simulations across enterprise networks, cloud environment, and critical infrastructure to identify security vulnerabilities or attack vectors;
AND Evaluating security architectures, information technology (IT) system designs, or security controls across IT environments including hybrid cloud infrastructures, zero-trust architectures, and multi-tier applications to identify systemic weaknesses and architectural flaws;
AND Applying exploitation techniques, custom exploit development, or creating or modifying security bypassing testing tools and scripts (e.g., Python, PowerShell, Ruby, Bash) to address unique testing scenarios and automate security assessment workflows;
AND Conducting vulnerability research and assessments to present findings and make recommendations leadership. IT-related Competencies for Experience Only Qualifications:
Attention to Detai l - Is thorough when performing work and conscientious about attending to detail. Customer Service
- Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication
- Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem-Solving
- Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
Experience refers to both paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
Click the following link to view the occupational questionnaire: https://apply.usastaffing.gov/ViewQuestionnaire/12885784
Education
Education Substitute for GS-09: You may qualify for this position with education and/or experience OR a combination of experience and education.
Substitution of Education for Experience:
You may substitute education for specialized experience at the GS-09 level by possessing a Master's or equivalent graduate degree or two full years of progressively higher level graduate education leading to such a degree or equivalent graduate degree in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development of adaptations of applications, systems or networks. (TRANSCRIPTS REQUIRED AT TIME OF APPLICATION).
- OR -
Combination of Experience and Education:
Only graduate education in excess of the amount required for the GS-07 grade level may be used to qualify applicants for positions at the grade GS-09. Therefore, only education in excess of one full year of graduate-level education may be used to combine education and experience.
TRANSCRIPTS are required to verify satisfactory completion of the educational requirement related to substitution of education for experience and combination of experience and education. Please see "Required Documents" section below for what documentation is required at the time of application.
Education Substitute for GS-11: You may qualify for this position with education and/or experience OR a combination of experience and education.
Substitution of Education for Experience:
You may substitute education for specialized experience at the GS-11 level by possessing a Ph.D. or equivalent doctoral degree or 3 full years of progressively higher level graduate education leading to a Ph.D. or equivalent doctoral degree in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development of adaptation of applications, systems or networks. (TRANSCRIPTS REQUIRED)
Combination of Experience and Education:
Only graduate education in excess of the amount required for the GS-09 grade level may be used to qualify applicants for positions at the grade GS-11. Therefore, only education in excess of a master's or equivalent graduate degree, or 2 full years of progressively higher-level graduate education leading to such a degree, may be used to combine education and experience.
TRANSCRIPTS are required to verify satisfactory completion of the educational requirement related to substitution of education for experience and combination of experience and education. Please see "Required Documents" section below for what documentation is required at the time of application.
Additional information
Bargaining Unit Position:
Yes - American Federation of Government Employees, Local 1923.
Tour of Duty:
Flexible.
Recruitment Incentive:
Not Authorized.
Relocation Incentive:
Not Authorized.
Financial Disclosure:
Not Required.
Workplace Flexibility at CMS:
This position has a regular and recurring reporting requirement to the CMS office listed in this announcement. CMS offers flexible working arrangements and allows employees the opportunity to participate in alternative work schedules at the manager's discretion.
The Interagency Career Transition Assistance Plan (ICTAP) and Career Transition Assistance Plan (CTAP)
provide eligible displaced federal employees with selection priority over other candidates for competitive service vacancies. To be qualified you must submit the required documentation and be rated well-qualified for this vacancy. Click here for a detailed description of the required supporting documents. A well-qualified applicant is one whose knowledge, skills and abilities clearly exceed the minimum qualification requirements of the position. Additional information about ICTAP and CTAP eligibility is on OPM's Career Transition Resources website at www.opm.gov/rif/employee_guides/career_transition.asp.
Salary Ranges by Location:
Seattle, Washington - $69,373 - $130,786 (Seattle Salary Table) Woodlawn, MD - $70,623 - $133,142 (Woodlawn Salary Table)
Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution.
Help
A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.
Review our benefits
Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.