Summary

The Office of Information Technology is seeking a IT Specialist (INFOSEC) (Senior Incident Response Lead). In this role, you will be responsible for leading the detection, analysis, and response to cyber incidents that threaten the confidentiality, integrity, and availability of enterprise assets. This position requires deep technical expertise, strong leadership, and the ability to coordinate across teams to ensure rapid, effective, and consistent incident response.

Duties

Help

In this role as a Senior Incident Response Lead, you will be responsible for:

• Leading the end-to-end incident response lifecycle, including preparation, detection, analysis, containment, eradication, recovery, and post-incident review, following established frameworks such as NIST SP 800-61 and MITRE best practices.
• Overseeing triage, investigation, and coordination of responses to security incidents, ensuring timely escalation and communication with stakeholders.
• Ensuring all incident handling activities are documented, repeatable, and compliant with legal, regulatory, and audit requirements.
• Developing, maintaining, and executing incident response plans, standard operating procedures (SOPs), and playbooks tailored to the organization's threat landscape and business priorities.
• Performing in-depth forensic analysis of endpoints, networks, cloud environments, and applications to determine root cause, impact, and remediation steps for security incidents.
• Utilizing advanced detection and response tools (EDR, SIEM, SOAR, threat intelligence platforms) to identify and analyze threats.
• Collaborating with IT, legal, compliance, and business units to ensure effective incident management and communication.
• Identifying gaps in detection, response, and recovery processes; recommend and implement improvements.
• Measuring and reporting on incident response metrics (e.g., mean time to detect/respond/recover, true/false positive rates, incident trends) to drive continuous improvement

Requirements

Help

Conditions of employment

• CITZENSHIP: You must be a US Citizen.
• SELECTIVE SERVICE: Males born after 12/31/59 must be registered or exempt from Selective Service (see https://www.sss.gov/).
• SECURITY CLEARANCE: Entrance on duty is contingent upon completion of a pre-employment security investigation. Favorable results on a Background Investigation may be a condition of employment or selection to another position.
• PERMANENT CHANGE OF STATION (PCS): Moving/Relocation expenses are not authorized.
• DIRECT DEPOSIT: All Federal employees are required to have Federal salary payments made by direct deposit to a financial institution of their choosing.
• PROBATIONARY PERIOD: This appointment may require completion of a one-year probationary period.
• The selectee is required to report to the duty station(s) listed.
• The duties of this position may require the incumbent to carry a cell phone and be on call 24 hours a day, seven days a week on a rotational basis, based on the needs of the organization.

Qualifications

Applicants are responsible for confirming all required materials are submitted by the closing date of the announcement. Please check the HowYou Will Be Evaluated and Required Documents sections carefully, as missing documents will render the application incomplete and ineligible for review.

Qualifying experience may be obtained in the private or public sector. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. All qualification requirements must be met by the closing date of this announcement.

BASIC REQUIREMENT: For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below:

1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
3. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.

MINIMUM QUALIFICATION REQUIREMENT: In addition to meeting the basic requirement, applicants must also meet the minimum qualification requirement below:

SK-14: Applicant must have at least one year of specialized experience equivalent to the GS/SK-13 level:

1. Analyzing telemetry data to identify the root cause of a cyber incident;
2. Working with different groups to handle a cyber incident;
3. Delivering reports that explain what happened and what the team learned; and
4. Providing technical direction to team members during security and cyber incidents.

ACCOMPLISHMENT RECORD COMPETENCIES: Your Accomplishment Record narratives should address the following competencies. See the How You Will Be Evaluated section below for more information:

• Cyber Defense Analysis: Uses defensive measures and information collected from a variety of sources to identify, analyze, andreport events that occur or might occur within the network to protect information, information systems, and networks from threats.
• Critical Thinking: Considers a variety of factors, general and subject matter-specific, when making decisions and determining next steps.
• Technical Communication: Translates technical information into non-technical terms and accurately convey technical information to end users (e.g., staff, management) and outside parties, including the technical documentation of applications, systems, Standard Operating Procedures, etc.
• Artificial Intelligence and Machine Learning: Uses principles, methods, and tools to design or implement systems that perform and apply human-like intelligence functions such as those that use neural networks, deep learning, natural language processing, and image recognition.

Additional information

Supplementary vacancies may be filled in addition to the number stated in this announcement and may be filled from any division or office within the agency.

SEC COMPENSATION PROGRAM: Total salary (base pay + locality) is dependent upon duty location. The overall salary range listed above is provided for informational purposes; a selectee's initial pay will be established below the maximum rate of the range. The pay for current SEC employees will be determined according to the procedures specified in the agency's policy. Please click here for a compensation overview.

Benefits

Help

A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.

Review our benefits

Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.