Summary Click on "Learn more about this agency" button below to view Eligibilities being considered and other IMPORTANT information. The primary purpose of this position is to serve as a technical expert in a wide range of Information Technology (IT) management activities. Responsibilities DR-2210-02 Implement and manage the enterprise LAN/WAN infrastructure and network security solutions, with a primary focus on Palo Alto firewalls (IPS, VPNs) and the complete lifecycle of Cisco network core routing and switching platforms (Nexus/Catalyst switches, ISR/ASR routers). Configure and provide expert-level troubleshooting for Layer 2/Layer 3 networking, including IPv6, VLANs, Spanning Tree Protocol (STP), and Quality of Service (QoS) to support VoIP/VTC Manage hybrid connectivity between on-premise data centers and AWS cloud landing zones, including traffic flows through cloud access points (CAPs), while also designing and administering core network services like DNS, DHCP, and NTP. Administer the organization's web content filtering policies, leveraging the Cloud Based Internet Isolation (CBII) proxy to secure web traffic and troubleshoot website access issues. Administer the organization's web content filtering policies, leveraging the Cloud Based Internet Isolation (CBII) proxy to secure web traffic and troubleshoot website access issues. Operate the Network Access Control (NAC) solution using Forescout and Cisco Identity Services Engine (ISE) to enforce security posture and Comply-to-Connect (C2C) policies for all connected devices. Collaborate directly with cybersecurity teams to implement and validate security configurations across the network stack, ensuring compliance with standards like the Risk Management Framework (RMF) and DISA Security Technical Implementation Guides (STIGs). Proactively maintain and improve network reliability by using tools like SolarWinds and OpenSearch to monitor performance, analyze capacity, and resolve issues before they impact users. Work with a team to interface with all Communications Security (COMSEC) equipment, including High Assurance IP Encryptors (HAIPE) such as TACLANE devices, ensuring the secure transmission of classified and sensitive data across the WA. Serve as a key technical resource in the planning and execution of network upgrades, technology refreshes, and expansion projects. Stay current with the latest vulnerabilities affecting Palo Alto and Cisco products, taking initiative to proactively apply patches and implement security countermeasure. Develop and maintain comprehensive documentation for the network and security architecture, including diagrams, configuration guides, and operational procedures to ensure knowledge is shared and maintained Requirements Conditions of Employment Qualifications BASIC REQUIREMENT OR INDIVIDUAL OCCUPATIONAL REQUIREMENT: To qualify for this position you must also meet the qualification requirements listed below: Experience requirements are described in the Office of Personnel Management (OPM) Qualification Standards for General Schedule Positions, Individual Occupational Requirements for Information Technology Management Series 2210 (Alternative A). Due to the use of 120-day rosters, this period of experience may be completed within 120 days of the closing date of this announcement. SPECIALIZED EXPERIENCE: Applicants must have at least one year (52 weeks) of specialized experience at the next lower grade GS-11, or equivalent in other pay systems. Examples of specialized experience include planning, designing, and managing network security and IT system components to align with the mission, goal, and processes of the organization. Experience in developing, automating, and applying information security policies, conducting comprehensive risk analysis and system audits, and implementing strategies to ensure the protection and interoperability of secure systems and applications. NOTE: Due to the use of 120-day rosters, this period of experience may be completed within 120 days of the closing date of this announcement. COMPETENCIES: Your qualifications will be evaluated on the basis of your level of knowledge, skills, abilities and/or competencies in the following areas: Problem Solving, Communication, Technology Management, and Teamwork and Leadership. IDEAL CANDIDATE: In addition to the specialized experience statements listed above, the ideal candidate would have the following skills and experience: Experience with implementing and managing enterprise LAN/WAN infrastructure and network security solutions, with a primary focus on Palo Alto firewalls, Intrusion Prevention Systems, web content filtering, VPNs and Cisco enterprise routing, switching, and security platforms Expertise in designing, managing, and troubleshooting complex hybrid IT environments, leveraging a firm foundation of core networking principles across on-premise data centers (networking, servers, storage) and AWS cloud infrastructure. Experience leveraging infrastructure as code (IaC) principles and network automation tools, such as Ansible, Python, Terraform, and Git to enhance network reliability, scalability, and operational efficiency. Experience leading technical projects, documenting architecture, and collaborating across IT domains. The ideal candidate is a proactive and self-starting individual that takes initiative to identify and resolve latent issues, effectively managing multiple priorities, and has demonstrated success partnering with cybersecurity teams to implement security controls and maintain comprehensive documentation. PART-TIME OR UNPAID EXPERIENCE: Credit will be given for appropriate unpaid and or part-time work. You must clearly identify the duties and responsibilities in each position held and the total number of hours per week. VOLUNTEER WORK EXPERIENCE: Refers to paid and unpaid experience, including volunteer work done through National Service Programs (i.e., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; student and social). Volunteer work helps build critical competencies, knowledge and skills that can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Education Additional Information Interagency Career Transition Assistance Program (ICTAP): For information on how to apply as an ICTAP eligible click here. To be well-qualified and exercise selection priority for this vacancy, displaced Federal employees must be rated well qualified or above for this position. You must submit a copy of the agency notice, your most recent performance rating, and your most recent SF-50 noting position, grade level, and duty location. Employed Annuitants (Reemployed Annuitants): Applicants in receipt of an annuity based on civilian employment in the Federal Service are subject to the DoD Policy on The Employment of Annuitants. Click here for more information. 120-Day Register: This announcement may result in a 120-day register that may be used to fill like vacancies for 120 days after the closing date. Applicants may be referred for consideration as vacancies occur. This job announcement will be used to gather applications that may or may not result in a referral or selection. If you have questions regarding this announcement and have hearing or speech difficulties click here.
