IT Specialist (INFOSEC/APPSW

This position is located with Bonneville Power Administration (BPA), in the Critical Business Systems (CBS) Operations and Development (JC) organization of Information Technology (J), Chief Administrative Office (N).

Please read the entire announcement and all the instructions before you begin an application.

External Application Link(s):

23-BPA-35231-12007804-DH: https://www.usajobs.gov/job/731750700

Open & Close date: Open: 06/14/2023 Close: 06/23/2023

LOCATION(s) Portland, OR

SALARY: $ 105,666 - $ 137,363 per year

DUTIES:

As an IT Specialist (INFOSEC/APPSW), you will:

• Lead the development of secure software development practices and procedures.
• Ensure secure design practices are applied to new and existing critical business systems (CBS) applications, systems, and code modules.
• Assess and recommend remediation of existing application, system or code module security weaknesses.
• Assess CBS applications, systems, and code for adherence to applicable standards and federal guidance.
• Report to CBS management on the state of CBS software security as requested.
• Act as consultant to software development staff on documenting CBS systems in terms of National Institute of Standards and Technology (NIST) security controls, including in the creation of System Security Plans.
• Research and stay abreast of cyber threat trends as they relate to software development.
• Research, stay abreast of, and recommend tools and best practices for improving the quality of the security of CBS processes (e.g., code review tools, bill of materials (BOM) tools, etc.).
• Act as consultant on understanding how the applications interact with surrounding technical environment including operating systems, and the entire open systems interconnection (OSI) stack to further application-level security.

REQUIREMENTS: Conditions of Employment

When you apply you will be asked a series of questions to determine your eligibility for employment and your qualification for this position specifically. You must answer all of these questions completely and truthfully.

• Must be a U.S. Citizen or National.
• This employer participates in the e-Verify program.
• All males born after December 31st, 1959, must abide by laws regarding Selective Service registration.
• If you are a current federal employee, appointed under the direct-hire authority, you will be given a new appointment.
• You will be required to serve a mandatory one (1) year probationary period unless you meet the exceptions in 5 CFR part 315.802.
• A preliminary background check must be completed before a new employee can begin work. Current Federal employees or other individuals with an existing completed background investigation may not be required to undergo another background check.
• This position does not support remote work. You will be required to report physically to the official reporting worksite as specified by the supervisor, but no less than 2 days per pay period.
• The following certifications, in descending order, are preferred:
  i. Relevant SANS Certification
  ii. GIAC Secure Software Programmers certification (GSSP)
  iii. Certified Secure Software Lifecycle Professional (CSSLP)
  iv. Secure Software Practitioner (SSP)
  v. Certified Application Security Engineer (CASE)

QUALIFIACTIONS:

BASIC REQUIREMENT:
You must have IT-related experience demonstrating each of the four (4) competencies listed below. The experience must be IT related and may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate.

• Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
• Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
• Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
• Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

To meet this requirement, you must demonstrate "Advanced" level proficiency in each of the four competencies listed above as follows:

Advanced - You can perform the actions associated with each of these competencies without assistance. You are recognized within your immediate organization as "a person to ask" when difficult questions arise regarding each of these competencies. Focus is on broad organizational/professional issues; You have consistently provided practical/relevant ideas and perspectives on process or practice improvements which may easily be implemented; You are capable of coaching others in the application of each of these competencies by translating complex nuances relating to each competency into easy to understand terms; You participate in senior level discussions regarding these competencies; You assist in the development of reference and resource materials in these competencies.

SPECIALIZED EXPERIENCE REQUIREMENTS: A qualified candidate's online application and resume must demonstrate at least one year of specialized experience equivalent to the next lower grade level (GS-12) in the Federal service. Specialized experience for this position is defined as: (a) engineering the security of software systems ensuring compliance with applicable information security management standards; (b) analyzing business, architecture, and security requirements of an organization to develop, assess, and implement software programs; (c) and testing, troubleshooting, developing, and designing software using Microsoft platforms (e.g. Microsoft Visual Studio C#, MS-SQL Server 2016, and Windows Server 2012 or greater).

"Experience" refers to paid and unpaid experience. Examples of qualifying unpaid experience may include volunteer work done through National Service programs (such as Peace Corps and AmeriCorps); as well as work for other community-based philanthropic and social organizations. Volunteer work helps build critical competencies, knowledge, and skills; and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.

REQUIRED DOCUMENTS:

To apply for this position, you MUST provide a complete application package.

(See Required Documents section on application).

HOW TO APPLY:

23-BPA-35231-12007804-DH: https://www.usajobs.gov/job/731750700

Please read the entire announcement and all the instructions before you begin an application.

To apply for this position, you must complete the initial online application, to include submission of the required documentation specified in the Required Documents section. A complete application package must be submitted by 11:59 PM (EST) on the announcement closing date to receive consideration.