IT Specialist (INFOSEC), GS-2210-14, FPL GS-14 (Direct Hire)

IT Specialist (INFOSEC), GS-2210-14, FPL GS-14 (Direct Hire)

Department: Department of Education

Location(s): Washington, District of Columbia

Salary Range: $143913 - $187093 Per Year

Job Summary: This position is in the U.S. Department of Education (ED), Federal Student Aid (FSA), Technology Directorate (TD). The Technology Directorate provides information technology services for all FSA systems, promoting the effective and secure use of technology to achieve FSA's strategic objectives through sound planning, investments, integrated technology architectures and standards, effective systems development, production support, and cybersecurity services.

Major Duties:

• APPLICATION LIMIT: This vacancy announcement is limited to the first 200 applications received and will close at 11:59PM Eastern Time on the day that we receive the 200th application, or at 11:59PM Eastern Time on the listed closing date, whichever occurs first. We encourage you to read this entire vacancy announcement prior to submitting your application. We encourage you to read this entire vacancy announcement prior to submitting your application. As an Information Technology Specialist (INFOSEC), GS-2210-14, you will be responsible for: Serving as the Security Operations Center (SOC) incident response coordinator using tools like Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR)s, and ServiceNOW ticket system, leading the full LiveCycle of incident response, from detection through recovery, while coordinating containment and eradication efforts working with several partners, and continuously improving workflows and playbooks. Serving as the senior technical lead by coordinating Pen Testing, Red Team, and Purple Team exercises, the manager tests defenses against simulated attacks. This creates a feedback loop that continually strengthens detection capabilities and hones the team's technical skills. Managing security vulnerabilities and detecting threats to uphold cyber hygiene, managing Continuous Diagnostics and Mitigation (CDM) security baselines. Reporting stakeholder communication and presenting through PowerPoint, MS Project, and other briefing tools to deliver daily SOC updates, incident findings, and enterprise security posture insights to executive leadership and non-technical stakeholders, including tailored presentations to the Chief Information (CISO) as needed.

Qualifications: Specialized Experience for the GS-14: One year of experience in either federal or non-federal service that is equivalent to at least a GS-13 performing two (2) out of three (3) of the following duties or work assignments: Experience coordinating Pen Testing, Red Team, and Purple Team exercises, testing defenses against simulated attacks, applying threat intelligence, and updating playbooks to continuously develop the SOC analytics capabilities. Experience in managing a SOC, leading advanced cyber incident triage and response efforts, including detection, investigation, containment, eradication, and recovery, for complex security events such as APTs and data exfiltration attempts, while documenting findings, ensuring alignment with Incident Response (IR) plans and NIST SP 800-61r2, improving SOC workflows, Standard Operating Procedures (SOP)s, and playbooks. Experience in conducting continuous, risk-based vulnerability management, overseeing cyber-hygiene and CDM scans to enforce enterprise-wide baseline security posture. Basic Experience Requirements: You must possess IT related experience (paid or unpaid experience and/or completion of specific, intensive training (e.g., IT certification), as appropriate) demonstrating each of the four competencies listed below. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (i.e., any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (e.g., ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (e.g., technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. Knowledge, Skills, and Abilities (KSAs): The quality of your experience will be measured by the extent to which you possess the following knowledge, skills and abilities (KSAs). You do not need to provide separate narrative responses to these KSAs, as they will be measured by your responses to the occupational questionnaire (you may preview the occupational questionnaire by clicking the link at the end of the Evaluations section of this vacancy announcement). Knowledge of the Cyber Kill Chain, MITRE ATT&CK framework, and common attack methodologies. Expertise in SIEM, EDR, Web Application Firewall (WAF), forensics methodology, and threat intelligence. Knowledge of attacker frameworks (MITRE ATT&CK), the skill to hunt through complex data for hidden threats, and the ability to translate technical findings into business risk, and the ability to facilitate collaboration between Red and Blue teams. Skill in SIEM systems, EDR, including their configuration and optimization, expertise in forensics, pen testing, integrating threat intelligence feeds and managing cyber hygiene initiatives. Ability to communicate complex technical risks clearly to executive and non-technical audiences, think strategically about security operations to align them with business objectives, and apply strong root cause analysis to drive effective decision-making and continuous improvement.

How to Apply: Step 1: Create a USAJOBS account (if you do not already have one) at www.usajobs.gov. Step 2: Create a resume using the USAJOBS resume builder or upload a resume into your USAJOBS account. Ensure that your resume demonstrates your education, experience, training, and accomplishments as it relates to the qualifications for this position and substantiates your responses to the occupational questionnaire. Step 3: Upload any required documents into your USAJOBS account (must be less than 3MB and in one of the following document formats: GIF, JPG, JPEG, PNG, RTF, PDF, or Word (DOC or DOCX)). Step 4: Click "Apply Online" and follow the prompts to complete the occupational questionnaire and attach any required documents. Verify that uploaded documents from USAJOBS transfer into the agency's hiring system. You will have the opportunity to upload any additional required documents in the agency's hiring system. Click “Finish” to submit your application. NOTE: You may update your application or required documents at any time while the announcement is open by logging into your USAJOBS account, clicking on "Application Status," clicking on the position title, clicking "Update Application,” and following the prompts. In order to receive consideration for this position, you must submit your complete application, including all required documents, by 11:59 PM Eastern Time on the closing date of the vacancy announcement. If the vacancy announcement has an application limit, we recommend that you submit your complete application at the time of initial application. We will not accept any required documentation after the closing date of the vacancy announcement. If you have any questions regarding submitting your application, please contact the HR Specialist listed under the Agency Contact Information.

Application Deadline: 2026-03-27