Cyber Security Degree Programs

Cyber Security Supervisor in Las Vegas, NV at OnPoint Consulting

pfstartteam — Tue, 17 Apr 2012 18:55:05 +0000

Cyber Security Supervisor
Location:	Las Vegas, NV
Job Code:	266
# of openings:	1

Description
Duties: Lead cyber security operations for a network and security operations center. Direct activities and provide thought leadership regarding cyber security, intrusion detection and investigation analysis. Perform risk and vulnerability assessments, as well as troubleshooting and tier 3 analysis in support of IT and network operations. Validate system configuration, test vulnerabilities, and analyze monitoring logs for internal and external intrusion events. Perform oversight of require cyber security documentation and site certifications. Support customer interface, requirements analysis, and development of policies, procedures in support of best practices. Mentor, train and develop junior analysts and engineers. Responsibilities: Supervise small team of 2-4 personnel Support Federal cyber security certification and documentation requirements, and manage compliance monitoring for Internet use and security policies Conduct and support C&A (Certification & Accreditation) self-assessments, site surveys, and audits using best practice and NIST (National Institute of Standards & Technology) guidance Technical security auditor for enterprise environment Validate system configurations, monitor internal networks for abuse or intrusion by insiders Support solution design and architecture analysis Risk analysis and vulnerability assessments Required Skills: Expert level problem solving and root cause analysis skills Strong skills with networking protocols and security, intrusion detection systems, and cyber security information management tools and concepts. Minimum of 10 experience with Windows administration Minimum of 8 years experience with information security including intrusion detection, investigation analysis, and Federal cyber regulatory requirements Strong understanding of ITIL V4 Processes Customer service focus, and strong interface/communication skills Ability to identify gaps and proactively improve system inefficiencies Excellent written and verbal communication skills. Qualifications/Education: Bachelor of Science Degree in Computer Science, Information Technology or related engineering discipline. CISSP (Certified Information Systems Security Professional. Qualified applicants must have a current secret or higher level clearance, or be able to pass the appropriate background investigations to attain one. U.S. Citizenship is required. The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, skills, or working conditions. OnPoint Consulting is an equal opportunity employer who firmly supports and recognizes the value of diversity and inclusion in the workplace. Candidates for positions with OnPoint Consulting must be authorized to work in the United States without benefit of visa sponsorship. Candidates for this position will undergo a pre-employment background investigation.

Apply Here

Cyber Security Analyst at SEI Networked Systems Survivability in Pittsburgh, PA

pfstartteam — Tue, 17 Apr 2012 18:49:33 +0000

Job Description

Cyber Security Analyst-9103

Job Function

Administration/Management

Primary Location

United States-Pennsylvania-Pittsburgh

FT/PT Status

Regular Full Time

Organization

SEI NETWORKED SYSTEMS SURVIVABILITY

Minimum Education Level

Bachelor’s Degree or equivalent

Salary

Negotiable

Description

The goal of the Enterprise Threat and Vulnerability Management (ETVM) team is to assist organizations in improving their security posture and incident response capability by researching technical threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. ETVM team members are domain experts in insider threat, security assessments, and incident response; team capabilities include threat analysis and modeling; development of security metrics and assessment methodologies; and creation and delivery of training, courses, and workshops. The selected individual will be part of ETVM’s Threat Research Team, and will conduct analysis of cyber threat data from industry, government and public sources. The individual will be responsible for fusing numerous data sets, developing analytical techniques, and synthesizing the results to create actionable intelligence. The individual will explore and develop cutting edge technology solutions to address national and industry-wide cyber security problems. The selected individual will participate in the development and execution of new security assessment methodologies, including innovative new methods for conducting operational threat assessments, risk and vulnerability assessments, and penetration testing / red team exercises. The selected individual also conducts research on best practices on difficult information technology solutions and provides reference architecture papers to assist Federal agencies in deploying those solutions. The selected individual will develop and apply data-driven research methods and models to solve complex problems in the cyber security domain. The individual will be expected to contribute to the state of the practice in the operational cyber threat domain; to develop professional standards and training; and to mentor other staff on threat analysis and mitigation solution principles. The selected individual may also assist on compliance validation teams which entail conducting on-site assessments, pre- and post-assessment analysis, preparation of technical reports and briefings to customers. The individual will work as a member of collaborative project teams and will work closely with customers from a variety of organizations, including government agencies and critical infrastructure providers.

Qualifications

Minimum:

Education: MS in computer science, software engineering, information systems, or a related technical field with five (5) years of experience or BS in computer science, software engineering, information systems, or a related technical field with eight (8) years’ experience or equivalent.
Experience: Experience as a system or network administrator, software engineer, information systems analyst, database administrator or similarly technical occupation.
Skills: Understanding of information technology and telecommunications systems; working knowledge of network security and survivability/resiliency issues; working knowledge of cyber security domain, including common classes of threat actors, vectors and targets; ability to conduct analytical studies and investigations of cyber threats; experience conducting cyber security assessments including threat assessments; outstanding written and oral communication skills; experience with corporate security teams, incident response teams, security operations centers or the intelligence community investigating and responding to threats; demonstrated research skills; ability to design detailed analysis methodologies and explain them to technical and non-technical collaborators; demonstrated ability to prepare papers and presentations for technical and non-technical audiences; reasoning and problem-solving skills; ability to work independently with limited supervision; ability to recognize and deal appropriately with confidential and sensitive information; participate in conferences and meetings; contribute to customer presentations and technology transfer activities; strong interest in security analysis R&D; ability to create instructional materials and conduct training.
Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites & various critical infrastructure sites.
Environmental Conditions: Close contact with CRT for extended periods of time.
Mental: Ability and interest in addressing security issues in a holistic manner, addressing both organizational and technical policies and practices; as well as behavioral and organizational issues. Ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities. Ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff.
Other: Candidate must have or be able to obtain a Top Secret security clearance and be a US citizen.

Preferred:

Experience: Experience working in or with the DOD, intelligence community, or law enforcement in a classified environment; experience investigating, tracking, and reporting on cyber threats and risks to organizations; experience analyzing intelligence and/or conducting investigations related to cybercrime, espionage, fraud and critical infrastructure; experience in penetration testing, red teaming, or blue teaming; experience in both physical and cyber security functions; experience in auditing or conducting assessments including threat assessments; experience developing, testing, documenting and applying threat modeling methodologies; experience programming or scripting in a high level language such as Python, Ruby, .NET, JavaScript; experience creating custom queries and reports based on SQL-based and other databases; experience with risk management frameworks and formal research and modeling methodologies; working in a team environment on collaborative projects in critical infrastructure sectors involving network, system or data security; experience employing software engineering techniques, resiliency management models and capability maturity models in complex and dynamic problem spaces.
Skills: Working knowledge of network security/survivability. Knowledge of and experience with sound software engineering practices and best practices for information security, project management experience, leadership and mentoring skills.

Apply Here

Director of Cyber Security in North Andover, MA

pfstartteam — Tue, 17 Apr 2012 18:45:35 +0000

Job Responsibilities

Make the most of your energy in a career at Schneider Electric. As a global specialist in energy management, we are passionate about delivering real and innovative solutions in energy management and energy efficiency. We look for individuals driven by a desire to impact the world. We commit to develop our people and make energy safe, reliable, efficient, productive and green. Visit us online to learn more about a career at Schneider Electric.

This is an exciting opportunity to join global growing organization that is committed to a sustainable and secure world.
The Director Cyber Security will lead a cyber-security group that will advise, set and manage security policies for Product and Solution Development.
The team will work on a day-to-day basis with the Product Development departments and solution teams.
As a Global Solutions vendor we support and develop software and hardware in many different environments. We have embedded hardware solutions as well as sophisticated applications that run and manage our customer’s critical infrastructure.
These solutions are used by our customers in the most critical and sensitive operations in the world. They demand superior enterprise level security from our hardware, software and solutions.
Key Responsibilities:
Provide leadership in the comprehensive development, planning and execution of Schneider-Electric products and solutions. The Cyber Security team works closely with product teams and engineering teams to ensure that our products meet or exceed customer security and certification requirements.
This includes ensuring that the security architecture is well document and communicated. The team is required to help provide guidance and planning input into the software engineering and product development process, related to security. The Cyber Security team must be sensitive to the constraints and needs of each of our business units overall security architecture. The team must monitor security technology trends and requirements, such as emerging standards for new technology opportunities and develop and execute security plans.
This may include managing joint products and development with 3rd party vendors, and providing guidance with other departments to the engineering and testing practices.
Ensure, and create as needed, security processes, practices and operations to ensure reproducible development and high quality, while keeping costs under control.
This position will provide the leadership of a team that includes reviews of in-house products and solutions, as well as review of technologies provided by 3rd party vendors. This includes review of security certifications process, including preparing extensive documentation and working with 3rd party evaluations.
Position Requirements:
Senior Management position requiring proven track record in global team leadership
Able to articulate the risks from Cyber Security attacks
5 Years Cyber Security team Leadership experience required.
Appropriate security certifications, such as CISSP, CSSLP (ISC)2, MCSA/MCSE: Security (Microsoft), CCSP (Cisco) and/or certifications from vendors
Experiencing managing software R&D and a Computer Science Degree preferred.
Experience implementing Security standards such as PCI-DSS, SAS 70 Type 2, SSAE 16, ISAE 3402, ISO 27001 and Safe Harbour are desirable
Other desirable experience:
• secure coding practices, vulnerability assessments and penetration testing
• network and server security, Intrusion Detection, Log Integrity,
• Web Application Testing
• SaaS and Cloud Security

Apply Here

New Cyber Security Bill CISPA could be worse than SOPA

pfstartteam — Mon, 09 Apr 2012 15:29:05 +0000

An onrush of condemnation and criticism kept the SOPA and PIPA acts from passing earlier this year, but US lawmakers have already authored another authoritarian bill that could give them free reign to creep the Web in the name of cybersecurity.

As congressmen in Washington consider how to handle the ongoing issue of cyberattacks, some legislators have lent their support to a new act that, if passed, would let the government pry into the personal correspondence of anyone of their choosing.

H.R. 3523, a piece of legislation dubbed the Cyber Intelligence Sharing and Protection Act (or CISPA for short), has been created under the guise of being a necessary implement in America’s war against cyberattacks. But the vague verbiage contained within the pages of the paper could allow Congress to circumvent existing exemptions to online privacy laws and essentially monitor, censor and stop any online communication that it considers disruptive to the government or private parties. Critics have already come after CISPA for the capabilities that it will give to seemingly any federal entity that claims it is threatened by online interactions, but unlike the Stop Online Privacy Act and the Protect IP Acts that were discarded on the Capitol Building floor after incredibly successful online campaigns to crush them, widespread recognition of what the latest would-be law will do has yet to surface to the same degree.

Kendall Burman of the Center for Democracy and Technology tells RT that Congress is currently considering a number of cybersecurity bills that could eventually be voted into law, but for the group that largely advocates an open Internet, she warns that provisions within CISPA are reason to worry over what the realities could be if it ends up on the desk of President Barack Obama. So far CISPA has been introduced, referred and reported by the House Permanent Select Committee on Intelligence and expects to go before a vote in the first half of Congress within the coming weeks.

“We have a number of concerns with something like this bill that creates sort of a vast hole in the privacy law to allow government to receive these kinds of information,” explains Burman, who acknowledges that the bill, as written, allows the US government to involve itself into any online correspondence, current exemptions notwithstanding, if it believes there is reason to suspect cyber crime. As with other authoritarian attempts at censorship that have come through Congress in recent times, of course, the wording within the CISPA allows for the government to interpret the law in such a number of degrees that any online communication or interaction could be suspect and thus unknowingly monitored.

In a press release penned last month by the CDT, the group warned then that CISPA allows Internet Service Providers to “funnel private communications and related information back to the government without adequate privacy protections and controls.

The bill does not specify which agencies ISPs could disclose customer data to, but the structure and incentives in the bill raise a very real possibility that the National Security Agency or the DOD’s Cybercommand would be the primary recipient,” reads the warning.

The Electronic Frontier Foundation, another online advocacy group, has also sharply condemned CISPA for what it means for the future of the Internet. “It effectively creates a ‘cybersecurity’’ exemption to all existing laws,” explains the EFF, who add in a statement of their own that “There are almost no restrictions on what can be collected and how it can be used, provided a company can claim it was motivated by ‘cybersecurity purposes.’”

What does that mean? Both the EFF and CDT say an awfully lot. Some of the biggest corporations in the country, including service providers such as Google, Facebook, Twitter or AT&T, could copy confidential information and send them off to the Pentagon if pressured, as long as the government believes they have reason to suspect wrongdoing. In a summation of their own, the Congressional Research Service, a nonpartisan arm of the Library of Congress, explains that “efforts to degrade, disrupt or destroy” either “a system or network of a government or private entity” is reason enough for Washington to reach in and read any online communiqué of their choice.

The authors of CISPA say the bill has been made “To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities,” but not before noting that the legislation could be used “and for other purposes,” as well — which, of course, are not defined.

“Cyber security, when done right and done narrowly, could benefit everyone,” Burman tells RT. “But it needs to be done in an incremental way with an arrow approach, and the heavy hand that lawmakers are taking with these current bills . . . it brings real serious concerns.”

So far CISPA has garnered support from over 100 representatives in the House who are favoring this cybersecurity legislation without taking into considerations what it could do to the everyday user of the Internet. And while the backlash created by opponents of SOPA and PIPA has not materialized to the same degree yet, Burman warns Congress that it could be only a matter of time before concerned Americans step up to have their say.

“One of the lessons we learned in the reaction to SOPA and PIPA is that when Congress tries to legislate on things that are going to affect Internet users’ experience, the Internet users are going to pay attention,” says Burman. H.R. 3523, she cautions, “Definitely could affect in a very serious way the internet experience.” Luckily, adds Burman, “People are starting to notice.” Given the speed that the latest censorship bill could sneak through Congress, however, anyone concerned over the future of the Internet should be on the lookout for CISPA as it continues to be considered on Capitol Hill.

Source: http://rt.com/usa/news/cispa-bill-sopa-internet-175/

Breached Websites That Were Attacked By Hackers Lacked Basic Defenses Says Verizon

pfstartteam — Mon, 09 Apr 2012 15:05:31 +0000

Despite rising concerns that cyberattacks are growing more and more sophisticated, hackers used relatively simple methods for 97% of data breaches in 2011, according to a report compiled by Verizon.

The findings suggest that organizations are overlooking basic precautions even as they buy new security systems. Verizon also found that in 80% of attacks, hackers hit so-called victims of opportunity — poorly defended sites that happen to catch their eye — rather than targeting specific companies.

Based on investigations into over 850 data breaches, the report was compiled with help from the U.S. Secret Service and with input from law enforcement agencies in the U.K., the Netherlands, Ireland and Australia, according to Verizon.

For the first time, attacks by so-called “hacktivist” groups such as Anonymousbreached more records — over 100 million — than did hackers looking specifically to steal financial or personal data.

Often, the breached companies lacked firewalls, had ports open to the Internet or used default or easy-to-guess passwords, said Marc Spitler, a Verizon security analyst.

All told, he said, “it is about going back to basic security principles.”

Source: http://www.computerworld.com/s/article/9225874/Basic_Defenses_Absent_at_Most_Breached_Sites

Screencast Tutorial: How to use GHDB to indentify security holes, Googledorks

pfstartteam — Mon, 09 Apr 2012 15:03:26 +0000

Google is a seemingly omnipotent presence on the Internet. Nothing seems to be beyond its grasp, including any unchecked security vulnerabilities visible to the Web that could be an opportunity for attackers to infiltrate your enterprise. This makes a resource like the Google Hacking Database (GHDB) invaluable.

In this SearchSecurity.com screencast, Mike McLaughlin shows viewers how to utilize the GHDB to identify Googledorks, which are Google search terms that identify security vulnerabilities or collect information from servers. Once you have access to these Googledorks, you can search your own site to discover vulnerabilities a hacker could easily exploit via Google. The GHDB is a free and convenient resource that can help secure your infrastructure.

Source: http://searchsecurity.techtarget.com/video/Screencast-How-to-use-GHDB-to-identify-security-holes-Googledorks

New Quantum Encryption Method Foil Hackers

pfstartteam — Mon, 09 Apr 2012 14:57:57 +0000

A research team led by University of Toronto Professor Hoi-Kwong Lo has found a new quantum encryption method to foil even the most sophisticated hackers. The discovery is outlined in the latest issue of Physical Review Letters.

Quantum cryptography is, in principle, a foolproof way to prevent hacking. It ensures that any attempt by an eavesdropper to read encoded communication data will lead to disturbances that can be detected by the legitimate users. Therefore, quantum cryptography allows the transmission of an unconditionally secure encryption key between two users, “Alice” and “Bob,” in the presence of a potential hacker, “Eve.” The encryption key is communicated using light signals and is received using photon detectors. The challenge is that Eve can intercept and manipulate these signals.

“Photon detectors have turned out to be an Achilles’ heel for quantum key distribution (QKD), inadvertently opening the door to subtle side-channel attacks, most famously quantum hacking,” wrote Dr. Charles Bennett, a research fellow at IBM and the co-inventor of quantum cryptography.

When quantum hacking occurs, light signals subvert the photon detectors, causing them to only see the photons that Eve wants Bob to see. Indeed, earlier research results by Professor Lo and independent work by Dr. Vadim Makarov of the Norwegian University of Science and Technology have shown how a clever quantum hacker can hack commercial QKD systems.

Now, Professor Lo and his team have come up with a simple solution to the untrusted device problem. Their method is called “Measurement Device Independent QKD.” While Eve may operate the photon detectors and broadcast measurement results, Bob and Alice no longer have to trust those measurement results. Instead, Bob and Alice can simply verify Eve’s honesty by measuring and comparing their own data. The aim is to detect subtle changes that occur when quantum data is manipulated by a third party.

Specifically, in Measurement Device Independent QKD, the two users send their signals to an untrusted relay — “Charlie” — who might possibly be controlled by Eve. Charlie performs a joint measurement on the signals, providing another point of comparison.

“A surprising feature is that Charlie’s detectors can be arbitrarily flawed without compromising security,” says Professor Lo. “This is because, provided that Alice and Bob’s signal preparation processes are correct, they can verify whether Charlie or Eve is trustworthy through the correlations in their own data following any interaction with Charlie/Eve.”

A proof-of-concept measurement has already been performed. Professor Lo and his team are now developing a prototype measurement device independent QKD system, which they expect will be ready within five years.

As a result of implementing this new method, quantum cryptography’s Achilles’ heel in the fight against hackers has been resolved. Perhaps, a quantum jump in data security has now been achieved.

Source: http://www.sciencedaily.com/releases/2012/04/120402094326.htm

Cyber Security College Intern at Camp Pendleton, CA (Marine Corps Enterprise Network solutions)

pfstartteam — Mon, 09 Apr 2012 14:39:49 +0000

Location(s)

: United States-California-Camp Pendleton

Business Sector

: Information Systems

US Citizenship Required for this Position

: Yes

Relocation Assistance

: No relocation assistance available

Description

Northrop Grumman Information Systems sector is seeking a Cyber Security College Intern to join our team of qualified, diverse individuals. This position will be located in Camp Pendleton, CA.

Where Technology and Teamwork come together… The qualified applicant will become part of Northrop Grumman’s Cybersecurity and Enterprise Solutions Operating Unit within the Defense Technologies Division working on the MCNOSC/ALTNOSC contract and will be responsible for providing cyber security solutions to the Marine Corps. The candidate will perform Information Assurance for the Marine Corps Enterprise Network (MCEN). They will provide recommended defensive courses of action in order to detect, prevent and mitigate the risk associated with network intrusions and unauthorized use of Marine Corps network system resources.

Roles and Responsibilities:
• Candidate will assist analysts in the detection, prevention and mitigation of computer network security threats on an enterprise network.

• Support updates, installs and configurations of various network security hardware and software.

• Assist in the development, enhancement and maintenance of documentation for the tools and processes used to assist in the detection, prevention and mitigation of computer network system threats.

• Strong interpersonal and communications skills (written and verbal) and teamwork are required.

Qualifications

Minimum Qualifications:
To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:
• Current enrollment in an accredited degree program leading to a Computer Science, IT, EE or related degree

• Candidate must be a U.S. citizen, eligible for a Department of Defense security clearance.

Preferred Qualifications:
Candidates with these desired skills will be given preferential consideration:
• Experience supporting Information Technology networks and systems.
• Software development scripting

• Database experience

• Experience with computer networking and its computer systems..
• Knowledge in developing best practices, internal guidance and documentation as it relates to various aspects of computer network operations.

**** This position is contingent upon contract award, budget, and/or customer approval. ****

Northrop Grumman Corporation is a leading global security company whose 75,000 employees provide innovative systems, products, and solutions in aerospace, electronics, information systems and technical services to government and commercial customers worldwide.

Northrop Grumman is an Equal Opportunity Employer committed to hiring and retaining a diverse workforce regardless of age. U.S. Citizenship is required for most positions.

Apply Here

Cyber Security Engineer in Huntsville, AL (Full-Time) #cybersecurity #jobs

pfstartteam — Mon, 09 Apr 2012 14:36:12 +0000

2012-238-LD: Cyber Security Engineer

Location	AL, Huntsville
Schedule	Full Time

Job Responsibilities

Position Description:

•Individual provides support to the GMD Systems Product
Teams, the GMD Systems Prime Contractor, and the Missile
Defense Agency in the areas of Information Assurance,
Security Engineering, Computer Network Defense, and Program
Protection. •Activities include, but are not limited to,
customer interface, attending meetings, developing and
making technical presentations at meetings and reviews,
coordinating responses to technical questions and resolving
technical issues, identifying and evaluating security
requirements, and other approved requests for support.
•Individual reviews and assesses the technical and
non-technical system security features, safeguards, and
countermeasures in the GFC/C system. •Reviews, consults,
and implements security requirements specified in the GMD
Capabilities Document. •Develops required security plans
and documents the security relevant portions of deployment
and sustainment plans, training plans, and system test
plans, as required. •Coordinates and provides inputs to
customer developed plans, policies and procedures. Conducts
vulnerability assessments, risk management, and incident
detection and prevention analysis. •Plans for and develops
the candidate countermeasures for the GFC/C system in the
deployed/operational state. •Supports the GFC/C system
control validation test (CVT) and penetration testing effort
as required. •Works with the Prime Contractor and Product
Teams to assess, address, and mitigate CVT and penetration
test findings as required.

Qualifications

Basic Qualifications – To be considered for this position,
you must minimally meet the knowledge, skills, and abilities
listed below:•Bachelors Degree in a technical discipline or related field
with 5 or more years of related experience. An additional 4
years of experience may be substituted in lieu of
degree.•Active Secret Security Clearance.•Working knowledge
of computer and network security
implementations.•Familiarity with DoD 8500 security
requirements is required.•Working knowledge of
identification and authorization mechanisms.•Working
knowledge of security auditing and audit log reviews.
Preferred Qualifications – Candidates with these desired
skills will be given preferential consideration:

•Experience with integration and customization of HP
OpenView network management environment desired.•ISC2 or
COMPTIA certification desired. •Knowledge of the Common
Criteria for IT Security Evaluation (CC)
desired.•Familiarity with DoD security compliance documents
and C/UNIX environment is desired.•Familiarity with security
certification and accreditation tool sets is
desired.•Familiarity with the DIACAP process is
desired.•TS/SCI clearance desired.•Familiarity with physical
security requirements.•DoD 8570 Certification desired. IAT
Level 3.

Apply Here

Director Cyber Security Division at DHS (Under Secretary for Science and Technology) #jobs #infosec

pfstartteam — Mon, 09 Apr 2012 14:34:29 +0000

Job Title:Director, Cyber Security Division

Department:Department Of Homeland Security

Agency:Science and Technology Directorate

Job Announcement Number:CHCO-12-013-DHS-636313

SALARY RANGE:	$119,554.00 to $179,700.00 / Per Year
OPEN PERIOD:	Friday, April 06, 2012 to Friday, April 20, 2012
SERIES & GRADE:	ES-1550-00
POSITION INFORMATION:	Full Time – Senior Executive Service (SES)

DUTY LOCATIONS:	1 vacancy(s) – Washington DC Metro Area, DC United States
WHO MAY BE CONSIDERED:	United States Citizens

JOB SUMMARY:

In today’s interconnected world our country’s security challenges are constantly evolving. To meet these challenges, the U.S. Department of Homeland Security (DHS) fosters a culture that values and promotes diversity, teamwork, flexibility, and innovation. For an overview of the diverse responsibilities DHS carries out within the Government, we welcome you to visit our website at http://www.dhs.gov.

The Director, Cyber Security Division (CSD) is located in the Science and Technology (S&T) Directorate, Homeland Security Advanced Research Projects Agency. The Director, CSD is responsible for leading research, development, testing, and evaluation to secure the Nation’s critical information infrastructure and to plan for a more secure framework in the future.

KEY REQUIREMENTS

U.S. Citizenship Required
Must be able to obtain/maintain a Top Secret (SCI) clearance
This position is subject to random drug testing
Filing of SF-278 – Public Financial Disclosure
If selected, a one-year SES probationary period may be required

DUTIES:

The Director, CSD manages the solicitation, selection, initiation, and management of efforts in support of the homeland security mission. The Director manages all Cyber Security research and development projects conducted at S&T, resulting in deployable security solutions, as directed by the National Strategy to Secure Cyberspace and other customer requirements.

Other duties include-

Leading the research, development, testing and evaluation to secure the Nation’s critical information infrastructure;
Providing leadership and direction for DHS S&T Cyber Security R&D Programs, coordinating with experts in multiple agencies, international and domestic, and in the private sector; and
Advising the Under Secretary for S&T and senior S&T leadership on strategic direction and planning for cyber security and addressing emerging cyber threats and critical infrastructure vulnerabilities.

QUALIFICATIONS REQUIRED:

Applicants must provide detailed evidence of possession of each of the Technical and Executive Core Qualifications listed below in a supplemental statement to assist reviewing officials in determining the best qualified candidates to be referred to the selecting official. Qualification and experience determinations will be based only on the information you submit. FAILURE TO MEET OR FULLY ADDRESS ANY ONE OF THE MANDATORY TECHNICAL OR EXECUTIVE CORE QUALIFICATION STANDARDS WILL ELIMINATE A CANDIDATE FROM FURTHER CONSIDERATION.

Please provide a narrative, not to exceed three (3) pages for each Technical Qualifications (TQ) below and no more than (2) pages for each Executive Core Qualifications (ECQ).

You will be evaluated on the following:

Executive Core Qualifications – Mandatory

ECQ 1 – LEADING CHANGE. This core qualification involves the ability to bring about strategic change, both within and outside the organization, to meet organizational goals. Inherent to this ECQ is the ability to establish an organizational vision and to implement it in a continuously changing environment.
Leadership Competencies:

Creativity and Innovation
Develops new insights into situations; questions conventional approaches; encourages new ideas and innovations; designs and implements new or cutting edge programs/processes.
External Awareness
Understands and keeps up-to-date on local, national, and international policies and trends that affect the organization and shape stakeholders’ views; is aware of the organization’s impact on the external environment.
Flexibility
Is open to change and new information; rapidly adapts to new information, changing conditions, or unexpected obstacles.
Resilience
Deals effectively with pressure; remains optimistic and persistent, even under adversity. Recovers quickly from setbacks.
Strategic Thinking
Formulates objectives and priorities, and implements plans consistent with the long-term interests of the organization in a global environment. Capitalizes on opportunities and manages risks.
Vision
Takes a long-term view and builds a shared vision with others; acts as a catalyst for organizational change. Influences others to translate vision into action.

ECQ 2 – LEADING PEOPLE. This core qualification involves the ability to lead people toward meeting the organization’s vision, mission, and goals. Inherent to this ECQ is the ability to provide an inclusive workplace that fosters the development of others, facilitates cooperation and teamwork, and supports constructive resolution of conflicts.
Leadership Competencies:

Conflict Management
Encourages creative tension and differences of opinions. Anticipates and takes steps to prevent counter-productive confrontations. Manages and resolves conflicts and disagreements in a constructive manner.
Leveraging Diversity
Fosters an inclusive workplace where diversity and individual differences are valued and leveraged to achieve the vision and mission of the organization.
Developing Others (New)
Develops the ability of others to perform and contribute to the organization by providing ongoing feedback and by providing opportunities to learn through formal and informal methods.
Team Building
Inspires and fosters team commitment, spirit, pride, and trust. Facilitates cooperation and motivates team members to accomplish group goals.

ECQ 3 – RESULTS DRIVEN. This core qualification involves the ability to meet organizational goals and customer expectations. Inherent to this ECQ is the ability to make decisions that produce high-quality results by applying technical knowledge, analyzing problems, and calculating risks.
Leadership Competencies:

Accountability
Holds self and others accountable for measurable high-quality, timely, and cost-effective results. Determines objectives, sets priorities, and delegates work. Accepts responsibility for mistakes. Complies with established control systems and rules.
Customer Service
Anticipates and meets the needs of both internal and external customers. Delivers high-quality products and services; is committed to continuous improvement.
Decisiveness
Makes well-informed, effective, and timely decisions, even when data are limited or solutions produce unpleasant consequences; perceives the impact and implications of decisions.
Entrepreneurship
Positions the organization for future success by identifying new opportunities; builds the organization by developing or improving products or services. Takes calculated risks to accomplish organizational objectives.
Problem Solving
Identifies and analyzes problems; weighs relevance and accuracy of information; generates and evaluates alternative solutions; makes recommendations.
Technical Credibility
Understands and appropriately applies principles, procedures, requirements, regulations, and policies related to specialized expertise.

ECQ 4 – BUSINESS ACUMEN. This core qualification involves the ability to manage human, financial, and information resources strategically.
Leadership Competencies:

Financial Management
Understands the organization’s financial processes. Prepares, justifies, and administers the program budget. Oversees procurement and contracting to achieve desired results. Monitors expenditures and uses cost-benefit thinking to set priorities.
Human Capital Management
Builds and manages workforce based on organizational goals, budget considerations, and staffing needs. Ensures that employees are appropriately recruited, selected, appraised, and rewarded; takes action to address performance problems. Manages a multi-sector workforce and a variety of work situations.
Technology Management
Keeps up-to-date on technological developments. Makes effective use of technology to achieve results. Ensures access to and security of technology systems.

ECQ 5 – BUILDING COALITIONS. This core qualification involves the ability to build coalitions internally and with other Federal agencies, State and local governments, nonprofit and private sector organizations, foreign governments, or international organizations to achieve common goals.
Leadership Competencies:

Partnering
Develops networks and builds alliances; collaborates across boundaries to build strategic relationships and achieve common goals.
Political Savvy
Identifies the internal and external politics that impact the work of the organization. Perceives organizational and political reality and acts accordingly.
Influencing/Negotiating
Persuades others; builds consensus through give and take; gains cooperation from others to obtain information and accomplish goals.

Fundamental Competencies These competencies are the foundation for success in each of the Executive Core Qualifications.
Competencies:

Interpersonal Skills
Treats others with courtesy, sensitivity, and respect. Considers and responds appropriately to the needs and feelings of different people in different situations.
Oral Communication
Makes clear and convincing oral presentations. Listens effectively; clarifies information as needed.
Integrity/Honesty
Behaves in an honest, fair, and ethical manner. Shows consistency in words and actions. Models high standards of ethics.
Written Communication
Writes in a clear, concise, organized, and convincing manner for the intended audience.
Continual Learning
Assesses and recognizes own strengths and weaknesses; pursues self-development.
Public Service Motivation
Shows a commitment to serve the public. Ensures that actions meet public needs; aligns organizational objectives and practices with public interests.

Additional information on the Executive Core Qualifications is available at
http://www.opm.gov/ses/recruitment/qualify.asp

Technical Qualification – Mandatory

TQ-1. In-depth demonstrated experience and expert knowledge of research, development, testing and evaluation (RDT&E), including the establishment and implementation of policy, private sector partnerships, and intergovernmental and international collaboration to maintain and improve the security of existing and future cyber infrastructure, information and end users.
BASIC EDUCATIONAL REQUIREMENT:

1550 SERIES-Bachelor’s degree in computer science or bachelor’s degree with 30 semester hours in a combination of mathematics, statistics, and computer science. At least 15 of the 30 semester hours must have included any combination of statistics and mathematics that included differential and integral calculus. All academic degrees and course work must be from accredited or pre-accredited institutions. For more information on the educational requirements for the 1550 Series, go to http://www.opm.gov/qualifications/standards/iors/gs1500/1550.asp

HOW YOU WILL BE EVALUATED:

You will be evaluated on the quality and extent of your total accomplishments, experience, and education. Your resume will be evaluated by a rating and ranking panel, and highly qualified candidates may undergo an interview and a reference check. The DHS Executive Resources Board (ERB) will review results and make recommendations on final selections to the appointing authority. Unless you have already been certified by a Qualifications Review Board (QRB) in the past, your ECQs must be certified by a QRB before appointment can occur.

BENEFITS:

Working for The Department of Homeland Security offers a comprehensive benefits package that includes, in part, paid vacation, sick leave, holidays, life insurance, health benefits, and participation in the Federal Employees Retirement System. The following Web address is provided for your reference to explore the major benefits offered to most Federal employees. To find out more click here http://www.usajobs.gov/EI/benefits.asp.

OTHER INFORMATION:

Relocation expenses will NOT be paid.

Probationary period: You will serve a one-year probationary period unless you previously completed the probationary period in the SES.

1. If you are a male applicant who was born after 12/31/59 and are required to register under the Military Selective Service Act, the Defense Authorization Act of 1986 requires that you be registered or you are not eligible for appointment in this agency.

DHS is an equal employment employer: Selection for positions will be based solely on merit without regard to race, color, religion, age, gender, national origin, political affiliation, disability, sexual orientation, marital or family status or other differences.

DHS provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process, please notify us. Decisions on granting reasonable accommodation will be made on a case-by-case basis.

HOW TO APPLY:

To begin the application process, click the Apply Online button to create an account or log in to your existing USAJOBS account. Follow the prompts to complete the occupational questionnaire. Please ensure you click the Submit My Answers button at the end of the process.

To apply for this position, you must provide a complete Application Package which includes:

1. Your Resume

2. ECQ narrative statements

3. TQ narrative statements

4. A complete Online Questionnaire

The complete Application Package must be submitted by 11:59 PM (EST) on Friday, April 20, 2012.

Note: To check the status of your application or return to a previous or incomplete application, log into your USAJOBS account, select Application Status, and click on the more information link under the application status for this position.

To fax supporting documents you are unable to upload, complete this cover page http://staffing.opm.gov/pdf/usascover.pdf using the following Vacancy ID 636313. Fax your documents to 1-478-757-3144.

If you cannot apply online:

1. Click the following link to view and print the occupational questionnaire View Occupational Questionnaire ,
2. Print this 1203FX form to provide your response to the occupational questionnaire http://www.opm.gov./forms/pdf_fill/OPM1203fx.pdf, and
3. Fax the completed 1203FX form along with any supporting documents to 1-478-757-3144. Your 1203FX will serve as a cover page for your fax transmission.

REQUIRED DOCUMENTS:

A resume, ECQ narrative statements, TQ narrative statement, and a completed online occupational questionnaire. FAILURE TO SUBMIT ANY REQUIRED DOCUMENT WILL ELIMINATE A CANDIDATE FROM FURTHER CONSIDERATION.

AGENCY CONTACT INFO:

Dianna Mangelsdorf
Phone: (202)357-8517
Email: DIANNA.MANGELSDORF@DHS.G
OV

Agency Information:
Department of Homeland Security Headquarters
DO NOT SEND POSTAL MAIL
Washington, DC
00000

WHAT TO EXPECT NEXT:

Once the online questionnaire is received you will receive an acknowledgement email that your submission was successful. After a review of your complete application is made you will be notified of your rating and or referral to the hiring official. If further evaluation or interviews are required you will be contacted.

Instructions for answering the questions in the Occupational Questionnaire:

If you are applying to this announcement by completing the OPM 1203-FX form instead of using the Online Application method, please use the following step-by-step instructions as a guide to filling out the required questionnaire. You will need to print the vacancy announcement and refer to it as you answer the questions. You may omit any optional information; however, you must provide responses to all required questions. Be sure to double check your application before submission.

Social Security Number

Enter your Social Security Number. Providing your Social Security Number is voluntary, however we can not process your application without it.
Vacancy Identification Number

The Vacancy Identification Number is: 636313
1. Title of Job

Director, Cyber Security Division
2. Biographic Data

3. E-Mail Address

4. Work Information

5. Employment Availability

6. Citizenship

Are you a citizen of the United States?
7. Background Information