|Preferred GIAC Certifications||GICSP, GRID, GDSA, or other GIAC advanced certification|
Joining the Cybersecurity and Infrastructure Security Agency (CISA) means being part of the team focused on securing the Nation's physical and cyber infrastructure against threats to public health and safety, economy, and national security. Within CISA, the Infrastructure Security Division focuses on protecting critical infrastructure from all hazards by managing risk and enhancing resilience through collaboration with the critical infrastructure community, which includes private sector owners, operators, and employees; State, local, tribal, and territorial officials; and other Federal agencies.
Visit www.dhs.gov/cisa to learn more about CISA and how you can be part of the team to Defend Today; Secure Tomorrow.
This is an agency-wide position, which is comprised of several geographically separated divisions with a nationwide force: Infrastructure Security Division, Cybersecurity Division, Emergency Communications Division, National Risk Management Center and several organizational units. Typical work assignments include:
Advise senior state and local management government officials (e.g., Chief Information Security Officer [CISO]) on risk levels and security posture;
Advise senior management on cost-benefit analysis of information security programs, programs and processes;
Review risk management programs by using evaluation results to create or enhance the effectiveness of the partner's information sharing;
Deliver key mitigation capabilities to owners and operators that are designed to reduce risks to the nation's critical cyber infrastructure, in particular, elections infrastructure;
Participate in cybersecurity partnerships with and across critical infrastructure owners, operators and state, local, tribal and territorial government.
Promote collaborative efforts to reduce risks and threats to critical information, enterprise, communications, and control systems;
Participate as a presenter in regional local conferences and symposia relating to cybersecurity initiatives; and
Build regional and local cybersecurity coalitions to promote information sharing.
Attention to Detail:
In addition to the above requirement, you must have at least one year of specialized experience at the GS- 13 grade level performing the following duties:
1) Coordinating and providing technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents and mitigate network vulnerabilities;
2) Performing risk assessments, vulnerability assessments and/or penetration tests (NESSUS, NMAP, Kali Linux, Packet sniffers, NIST 800-53, NIST RMF, etc.);
3) Building cybersecurity programs or leading cybersecurity teams (Information Assurance);
4) Utilizing a variety of frameworks (i.e. NIST CSF/RMF, COBIT, NIST 800 Series, ISO 270001, CERT Resiliency Management Model (RMM), etc) to assist organizations in evaluating their security programs; and
5) Communicating complex technical issues to audiences of various levels of understanding and experience via written and verbal methodologies.