Critical infrastructure is increasingly interdependent and connected. A threat to one part of this infrastructure can impact other sectors quickly. Programs and services CISA provides are driven by our comprehensive understanding of the risk environment and the corresponding needs identified by our stakeholders. CISA’s Cybersecurity Advisors (CSAs) are at the center of this collective security effort. As a CSA, you will bring together critical infrastructure owner/operators with federal, state, local, and other stakeholders to maximize collaboration and minimize risk on matters of homeland security or emergency management – all while having the flexibility of working remotely from within your assigned region.
You will provide direct support to your assigned state/region and will work as part of a regional based team that is composed of physical and cybersecurity experts as well as regional support personnel. Regions vary in size but can contain between 4-6 cybersecurity advisors. CSAs report to CISA regionally-based leadership and have reach-back support available at the national and regional levels. CISA also offers a wide variety of benefits and perks.
Ideal candidates will have:
- Experience working in cybersecurity programs and performing roles such as vulnerability assessors/analysts, blue/red team members, cybersecurity leadership positions such as security operations manager, and other positions that required organization wide coordination and collaboration.
- Experience and skill presenting complex technical issues to a wide audience with varying levels of technical experience is also highly desired.
- Familiarity of the critical infrastructure within the assigned regional area.
- Advise senior state and local management government officials (e.g., Chief Information Security Officer [CISO]) on risk levels and security posture;
- Advise senior management on cost-benefit analysis of information security programs, programs and processes;
- Review risk management programs by using evaluation results to create or enhance the effectiveness of the partner's information sharing;
- Deliver key mitigation capabilities to owners and operators that are designed to reduce risks to the nation's critical cyber infrastructure, in particular, elections infrastructure;
- Participate in cybersecurity partnerships with and across critical infrastructure owners, operators and state, local, tribal and territorial government.
- Promote collaborative efforts to reduce risks and threats to critical information, enterprise, communications, and control systems;
- Participate as a presenter in regional local conferences and symposia relating to cybersecurity initiatives; and
- Build regional and local cybersecurity coalitions to promote information sharing.
Your resume must show information technology related experience demonstrating each of the four required competencies:
- Attention to Detail
- Customer Service
- Oral Communication
- Problem Solving
In addition to the above requirement, you must have at least one year of specialized experience at the GS-13 grade level performing the following duties:
- Coordinating and providing technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents and mitigate network vulnerabilities;
- Performing risk assessments, vulnerability assessments and/or penetration tests (NESSUS, NMAP, Kali Linux, Packet sniffers, NIST 800-53, NIST RMF, etc.);
- Building cybersecurity programs or leading cybersecurity teams (Information Assurance);
- Utilizing a variety of frameworks (i.e. NIST CSF/RMF, COBIT, NIST 800 Series, ISO 270001, CERT Resiliency Management Model (RMM), etc.) to assist organizations in evaluating their security programs; and
- Communicating complex technical issues to audiences of various levels of understanding and experience via written and verbal methodologies.