Back to Search New Search


Air Force Civilian Service Linthicum, MD

Job Description


The primary purpose of this position applies technical expertise in information security and skill in selection and application of specialized analytical methods to lead and participate in investigation of suspected and verified intrusions in assets. The incumbent documents and presents findings derived from these time-sensitive analyses to support partners in determining the extent and effects of such attacks as well as identify the methods employed by adversaries and, when possible, their identities. These initial assessments are not only essential to enable the directly-affected partner to take steps to secure assets; these findings also serve as the basis for alerts to other partners to be on guard against similar attacks. Additionally, these analyses provide information critical to other teams more in-depth investigations and efforts to develop and share improved understanding of adversary identities, targets and methods.

·  Malware Analysis Coordination and Collaboration. Captures findings, proven analytical methods and tools, and lessons learned in forms suitable for the organization knowledge base, including identifying and cataloging content in a manner that facilitates its later retrieval and reuse. Consults with colleagues who may draw these materials from knowledge base to support later analyses and related investigative activities. On a continuing basis, actively searches for and establishes links to other relevant inputs to add to the teams and the Centers knowledge base.

·  Cyber Incident Identification, Documentation and Investigations.  Serves as the initial point of contact to report suspected or verified intrusions to IT assets used to manage sensitive information or assets. Draws on well-established working relationships with these partners INFOSEC SMEs to actively elicit information critical to the Analytics Division and other teams investigations of these incidents, and assessments of criticality to operations.

  •       Documentation of Cyber Incident Analyses. Compiles this information in various classified and unclassified forms, the natures of which are indicated by the incumbents expert understanding of the type of response required to support constituencies.  Comprise time-sensitive products released to the Partner community within four hours of a reported incident or security event derived from internal or external sources.  Provide cyber situational awareness to other potentially affected elements, and the community relating to an event or incident reported by Partner through the ICF process.


In order to qualify, you must meet the education and/or experience requirements described below.  Your resume must clearly describe your relevant experience; if qualifying based on education, your transcripts will be required as part of your application.



Your resume must clearly describe your relevant experience; if qualifying based on education, your transcripts will be required as part of your application.

BASIC REQUIREMENTS: Must have a bachelors degree in computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management or degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.


Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. For this position individuals must have IT-related experience demonstrating each of the four competencies listed below.

1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.

2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.

3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.

4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

SPECIALIZED EXPERIENCE FOR GS-12:  At least one (1) year of specialized experience at the next lower grade GS-11 or equivalent.  An example of specialized experience involves knowledge of and skill in applying information security concepts, practices and tools to the analysis of attacks on classified/unclassified computer networks. The incumbent applies a high degree of technical expertise to provide team members and customers with information and insights on the nature of threats to IT assets. Must have experience in computer incident response to identify, solicit and obtain information on the investigation of apparent and validated cyber-attacks.  The incumbent must demonstrate skill in selecting, adapting/extending and applying a full range of technical analysis methods of incident analysis assignment.  Must have the ability to work collaboratively with other subject matter experts and intelligence analysts to evaluate and integrate data derived from reports of intrusions to networks and systems.  Must be skilled in the application of project planning and management concepts and methods to lead technical analyses.  The incumbent must have the ability to communicate technical and programmatic information relevant to cyber threats.  Knowledge of Congressional legislation, regulations and policy governing collaborations between organizational teams and partners. (NOTE: This experience MUST be well documented on your resume or application package.)


To view qualifying educational requirements and/or combination of education and specialized experience click on the following link:

Federal Time-In-Grade (TIG) Requirement for General Schedule (GS) Positions:  Applicants must have served at least 52 weeks at the GS-11 or higher grade (or equivalent in an alternate pay system) within the Federal Civil Service to be considered for referral.  TIG applies if you are in a current GS position or held a GS position within the previous 52 weeks.

KNOWLEDGE, SKILLS AND ABILITIES (KSAs):  Your qualifications will be evaluated on the basis of your level of knowledge, skills, abilities and/or competencies in the following areas: 

1. Experience performing technical analyses involving cyber intrusions and exploitation of data from compromised systems, evaluating malicious code, documenting unusual files and data, and identifying TTPs used by attackers to gain access.

2. Experience in application of information security concepts, practices and tools to the analysis of attacks on classified/unclassified computer networks, including identification of threat actors, mechanism employed and targeting patterns.

3. Experience in computer incident response, which demonstrates understanding of information required by other

INFOSEC subject matter experts to define appropriate and effective tactics, techniques and procedures to counter and mitigate the effects of identified threats to computer system security and integrity.

4. Ability to work collaboratively with other cyberspace technical subject matter experts and intelligence analysts to evaluate and integrate data derived from reports of intrusions to classified and unclassified computer networks and systems.

5. Skill in application of project planning and management concepts and methods to lead broad-based technical

analyses requiring the collaborative effort of various SMEs.

6. Ability to communicate complex technical and programmatic information, often in the form of verbal and visual operational updates, situation reports and briefings.

PART-TIME OR UNPAID EXPERIENCE: Credit will be given for appropriate unpaid and or part-time work.  You must clearly identify the duties and responsibilities in each position held and the total number of hours per week. VOLUNTEER WORK EXPERIENCE:  Refers to paid and unpaid experience, including volunteer work done through National Service Programs (i.e., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; student and social).  Volunteer work helps build critical competencies, knowledge and skills that can provide valuable training and experience that translates directly to paid employment.  You will receive credit for all qualifying experience, including volunteer experience.

ARE YOU USING YOUR EDUCATION TO QUALIFY? You MUST provide transcripts to support your educational claims.  Education must be accredited by an accrediting institution recognized by the U.S. Department of Education. 

FOREIGN EDUCATION: Education completed in foreign colleges or universities may be used to meet the requirements. You must show proof the education credentials have been deemed to be at least equivalent to that gained in conventional U.S. education program.  It is your responsibility to provide such evidence when applying.


1.  Must obtain and maintain a Top Secret (SCI) clearance.

2.  This position has been designated by the Air Force as a Testing Designated Position (TDP) under the Air Force Civilian Drug Testing Program. Illegal drug use by employees in sensitive positions presents a clear threat to the mission of the Air Force, national security, and public safety. Therefore, the incumbent is required to: (a) refrain from the use of illegal drugs, and (b) if requested, submit to urinalysis testing. The incumbent may be selected for random drug testing and may be subject to reasonable suspicion testing and safety mishap or accident testing.

3.  Information Assurance Certification is a condition of employment. This position includes IA work as a paramount duty requirement. Per DoD 8570.01-M, the incumbent of this position must achieve the appropriate IA certification within 12 months of assignment of these duties. (A waiver of this 12 month requirement may be granted per DoD 8570.01-M, C3.2.4.2 or C3.2.4.3.) Failure to receive the proper IA certification may result in removal from this position.

4. The incumbent will be required to be available for other than normal duty hours, to include weekends, to support exercises and crisis response. 5.  May be required to travel by military or commercial aircraft in the performance of TDY.


The Department of Defense offers an excellent benefits program.  In addition to your take-home pay, click here for an overview of benefits currently offered to Federal employees.Direct Deposit: All federal employees are required to have direct deposit.

Other Information

Interagency Career Transition Assistance Program (ICTAP):  For information on how to apply as an ICTAP eligible click here.  To be BEST-qualified and exercise selection priority for this vacancy, displaced Federal employees must be rated at 90 or above on the rating criteria for this position.

Employed Annuitants (Reemployed Annuitants): Applicants in receipt of an annuity based on civilian employment in the Federal Service are subject to the DoD Policy on The Employment of Annuitants.  Click here for more information.

90-Day Register: This announcement may result in a 90-day register that may be used to fill like vacancies for 90 days after the closing date. Applicants may be referred for consideration as vacancies occur.Incentives:  Leave Accrual Incentive may or may not be used.

Job Details

Date Posted July 11, 2018
Date Closes August 10, 2018
Requisition 465779100
Located In Linthicum, MD
SOC Category 00-0000.00

This job is related other jobs in these career categories