Working as an Information Technology Specialist (Security), you will conduct Assessment & Authorization (A&A) activities on NIST systems in accordance with Federal Information Security Management (FISMA) requirements, including but not limited to IT Infrastructure systems and Amazon Web Service (AWS) implementations. This position serves as the lead security control assessor for NIST’s AWS implementations, which includes the overall IAAS architecture as well as secure implementation of various AWS system services. Duties include conducting security documentation reviews to ensure control implementation is described appropriately, conducting security assessments to verify secure architecture design, effective implementation of security controls required for FIPS 199 moderate & high impact systems, conducting scan analysis, secure configuration assessments, and documenting the risks and plan of actions & milestones for the mitigation of IT security risks identified within the system.


Conditions of Employment

  • U.S. citizenship
  • Males born after 12-31-59 must be registered for Selective Service
  • Suitable for Federal employment
  • This position has a selective placement factor- a copy of your security certification must be submitted.


Basic Requirements:
Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate.
For all positions individuals must have IT-related experience demonstrating each of the four competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled.

  • Attention to Detail – Is thorough when performing work and conscientious about attending to detail.
  • Customer Service – Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
  • Oral Communication – Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
  • Problem Solving – Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
  • Selective Factor:
    In addition to the basic requirements and specialized experience for the position, applicants must meet the following Selective Factor: Possession of a current active IT Security Certification (e.g. CISSP, GIAC certification). A copy of the certification must be submitted as part of your application package.

    Specialized Experience:
    In addition to the basic requirements, and the selective factor requirement, applicants must have one year (52 weeks) of specialized experience equivalents to at least the GS-12 level (ZP-III at NIST). Specialized experience is defined as Experience conducting detailed security assessments against NIST Special Publication 800-53 Revision 4 or 5 security controls, developing security assessment documents (e.g., Security Assessment Plans, Security Assessment Reports), and reviewing security authorization packages. Experience conducting security assessments of Infrastructure-as-a-service (IAAS) architectures and Amazon Web Service (AWS) services.

    Experience refers to paid and unpaid experience, including volunteer work done. We will credit all qualifying volunteer experience in your application.

    The qualification requirements in this vacancy announcement are based on the U.S. Office of Personnel Management (OPM) Qualification Standards Handbook .

    Applicant Reconsideration


    This job does not have an education qualification requirement.

    Additional information

    The physical worksite for this position is located in Gaithersburg, Maryland. However, the Information Technology Security and Networking Division is currently under a maximum telework posture due to the COVID-19 pandemic; therefore, this position is currently under a 100 percent telework schedule. The position’s telework schedule will likely change in the future when Information Technology Security and Networking Division moves away from its maximum telework posture. At that time, the incumbent will be expected to report to the physical work site in accordance with the updated status requirements of their supervisor. The nature and scope of future telework opportunities will be subject to the unit’s telework policy, any applicable bargaining unit agreements, and supervisory approval. Payment of relocation expenses, as applicable, will be paid in accordance with this Job Opportunity Announcement. Non-compliance with the supervisor’s telework-schedule requirement could result in adverse action, including separation.

    This position is covered under NIST’s Alternative Personnel Management System (APMS). The APMS is a pay-for-performance system with excellent HR flexibilities to help NIST recruit and retain top talent. Find out more about the APMS here !

    A probationary period may be required. If a supervisory position, use: A supervisory probationary period may be required. (for permanent appointments only)

    We may share your application package with other selecting officials at NIST with opportunities like this one. Additional selections may be made through this vacancy.

    NIST strives to build a flexible and encouraging work environment to bring out the best in our employees. To help our employees balance responsibilities at home and at work, NIST offers a variety of work-life flexibilities such as:

    • Telework
    • Flexible work schedules
    • Paid parental leave
    • Paid vacation
    • Sick leave
    • Family-friendly leave
    • Child and elder-care resources
    • On-site childcare center
    • Lactation spaces
    • Wellness programs
    • Fitness center
    • Employee assistance programs