
IT Specialist (INFOSEC) - Direct Hire
Export-Import Bank of the United StatesAnnouncement may be used to fill similar positions within 90 days of the closing date. This announcement will be used to fill vacancies through OPM-authorized Direct Hire Authority (DHA) for IT Specialist (Information Security, GS-2210-09 through GS-2210-15 and Cybersecurity, GS-2210-12 through GS-2210-15). This position is processed under Direct Hire authority. For more information, click here: About this agencyThis position is in the Office of Chief Information Officer (OCIO), Infrastructure Engineering Unit (IEU). The OCIO directs and implements EXIM's Cybersecurity Program to ensure security controls are appropriately applied to EXIM systems for the protection of privacy, and to ensure confidentiality, integrity, and availability of information. Also, the OCIO enforces cybersecurity standards and security control parameters that comply with Office of Management and Budget (OMB) and other federal government securityrequirements. The IEU oversees the daily Information Technology (IT) Infrastructure operational support and management activities consisting of IT Security support, and customer support and services.Duties include, but are not limited to: Serves as the operational authority for the Bank's Security Operations Center (SOC) and Computer Incident Response Team (CIRT). Directs enterprise detection and response activities across on premises, cloud, and externally hosted environments. Establishes incident classification standards, response thresholds, escalation protocols, and operational response procedures. Exercises authority to declare cybersecurity incidents, direct containment and coordination actions, and initiate executive escalation in accordance with Bank policy. Ensures SOC activities produce measurable security outcomes, including timely detection, coordinated response, defensible documentation, and alignment with federal reportingrequirements. Owns the design, tuning, and operational performance of enterprise monitoring capabilities. Directs development and refinement of detection logic, correlation rules, alert thresholds, analytic use cases, and investigative workflows to improve threat visibility and reduce false positives. Ensures comprehensive logging and telemetry coverage across identity systems, endpoints, network infrastructure, cloud platforms, and SaaS services. Validates that monitoring capabilities provide sufficient visibility to detect misuse, compromise, insider activity, and control failures in near real time. Establishes and monitors SOC performance indicators measuring detection latency, response timeliness, incident recurrence, systemic control weaknesses, and contractor service effectiveness. Develops executive dashboards and operational reports communicating enterprise cyber risk posture, emerging threat patterns, and areas requiring remediation or architectural improvement. Evaluates performance of managed security services and external providers to ensure monitoring, escalation, and reporting activities
Opens the company's application page
Listed via
USAJobs
usajobs.gov
Similar roles
Design & Tech
Related reads from TCHNX

The Quiet Revolution in Local-First Software
As major platforms face outages and data breaches, a new generation of developers is building applications that prioritise local data storage and peer-to-peer sync, challenging the cloud-first orthodoxy that's dominated tech for two decades.

The Quiet Revolution in Edge AI: Why Your Next Computer Might Not Need the Cloud
As neural processing units become standard in consumer devices, we're witnessing a fundamental shift in how AI applications work. Local processing is no longer a fallback; it's becoming the preferred architecture.

The Rise of AI-Assisted Code Generation 2: Are Developers Becoming Prompt Engineers?
As AI coding assistants reshape software development, the industry grapples with a fundamental question: is writing code giving way to writing prompts? We examine how London's tech scene is adapting to this seismic shift.


