Background

This position is located in the Nuclear Regulatory Commission’s Headquarters office, Rockville, MD, or in our Regional Office in Naperville, IL.

The U.S. Nuclear Regulatory Commission (NRC) is proud to be ranked among the best places to work for compensation, work-life balance, and performance for mid-sized agencies in the Federal Government. We've earned our top ratings by creating a work environment rich in opportunity, diversity, leadership training, teamwork, and work life balance. Help guide our nation into the next generation of nuclear safety! Begin a challenging career with the U.S. Nuclear Regulatory Commission where you can be part of a select group of professionals who protect people and the environment with the peaceful use of nuclear materials in medicine, industry, and research.

Duties

The successful candidate will perform the full range of IT Specialist (INFOSEC) duties. Duties may vary based on office placement.

As an IT Specialist, you may administer, develop, deliver, and support information technology (IT), telecommunications, audio-visual systems and services, INFOSEC and communications security (COMSEC). You may oversee the planning, design and implementation of new and enhanced information systems; oversee the design, modification, testing, installation, and implementation of new or existing applications software; plan, install, configure, test, and maintain the systems environment; oversee the configuration, installation, implementation, and maintenance of the systems; and, ensure the integrity and availability of systems, networks, and data through information systems security policies and procedures.

Such duties may include but are not limited to:

• Performing independent analysis of major information processes and operations. Providing advice on the utilization of state-of-the-art systems technology to streamline and achieve efficiencies in business practices. Preparing evaluations of requirements, providing input to the final technical decision, and recommending course of action for management consideration.
• Performing research into state-of-the-art information technology means, including software, hardware, and communication networks and devices which can be effectively applied to achieve the desired efficiencies. Analyzing the findings and developing recommendations. Coordinating the development and implementation of improvements.
• Conducting analysis to interpret highly complex program needs, determining IT, telecommunications, and audio-visual requirements, and developing the required specifications and associated hardware/software and network configurations.
• Developing policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data.
• Conducting risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
• Promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations visions and goals.
• Conducting systems security evaluations, audits, and reviews.
• Developing systems security contingency plans and disaster recovery procedures.
• Developing and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures.
• Participating in network and systems design to ensure implementation of appropriate systems security policies.
• Facilitating the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes.
• Assessing security events to determine impact and implementing corrective actions; and/or
• Ensuring the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services.
• Architect/Designing, developing, and managing implementation of security solutions for AI systems and applications.
• Applying management processes, including requirements development processes and performance-based acquisition principles, to support the agency's mission to develop and implement a CUI program as it transitions from SUNSI to the CUI framework.
• Executing strategic and operational implementation of cyber supply chain risk management (C-SCRM) functions from conceptual to existing SCRM framework and capabilities. Managing the agency’s SCRM risk register, solutions intake, and enterprise risk identification, while providing leadership, continuity, and active communications between CIO/CISO to characterize, understand, and mitigate enterprise risks.

Additional Employment-related Information:

Salary and Benefits:

This position starts at a salary of $100,059.

Employees receive the full package of federal employment benefits that include health and insurance plans, a generous annual and sick leave program, and participation in the Thrift Savings Plan, a retirement plan akin to a traditional 401(k) offering.

Qualifications

This position is being filled using the agency's Direct Hire Authority and will be filled at either the GG-12 or GG-13 grade level.

In order to qualify for this position, you must have at least one year of specialized experience at the next lower grade level in the Federal service or equivalent experience in the private or public sector. Specialized experience is experience that has equipped the applicant with the particular competencies/knowledge, skills, and abilities to successfully perform the duties of the position and is typically in or related to the work of the position to be filled. Such experience is typically gained in the IT field or through the performance of work where the primary concern is IT

SPECIALIZED EXPERIENCE for the GG-12 grade level is defined as experience which includes knowledge of and experience in information systems security methods and procedures to ensure the application of appropriate security measures to assignments AND experience analyzing data to troubleshoot problems, evaluating established methods and procedures, and performing other similar analytical functions. This knowledge is generally demonstrated by assignments where the applicant analyzed a number of alternative approaches in the process of advising management concerning aspects of system design, such as what system interrelationships must be considered, or what operating mode, system software, and/or equipment configuration is most appropriate for a given project.

SPECIALIZED EXPERIENCE for the GG-13 grade level is defined as experience which includes knowledge of and experience in information systems security methods and procedures to ensure the application of appropriate security measures to assignments AND experience analyzing data to troubleshoot problems, evaluating established methods and procedures, and performing other similar analytical functions. This knowledge is generally demonstrated by assignments where the applicant analyzed a number of alternative approaches in the process of advising management concerning major aspects of system design, such as what system interrelationships must be considered, or what operating mode, system software, and/or equipment configuration is most appropriate for a given project.

The ideal candidate will be able to demonstrate the following:

• Knowledge of the methods, techniques, and procedures for developing and implementing IT information security programs, policies, procedures, and tools.
• Knowledge of the IT infrastructure, systems, hardware, and software applications of the agency or organization, sufficient to function as a technical resource on IT security functions.
• Knowledge of new and evolving IT technologies and developments, in order to participate in evaluating and recommending adoption of new approaches for delivery of IT services.
• Skill in the principles, methods, and practices of customer support and determination of user requirements, to ensure that IT systems and services meet organizational and program needs.
• Knowledge of program and project management principles and methods, in order to participate in IT programs and projects involving the development and implementation of IT systems and services of the organization

A description of how you possess the specialized experience as well as how you meet the qualifications desired in an ideal candidate should be addressed in your resume. Applicants may also use the supplemental vacancy question to provide additional information pertaining to the specialized experience and ideal candidate criteria.

Education

There is no education substitute or requirement for the GG-12 or GG-13 level.

How to Apply

Visit www.nrc.gov Review the NRC Career Opportunities page, click on “Apply Now” then “Search for New Opportunities” and click on “view a list of current NRC vacancies at USAJOBS.” Or, click on the apply button/link on this site to be taken to NRC ‘s USAJOBS.gov employment page. Find the Direct Hire Public Notice – IT Specialist (INFO SEC) Announcement number DE-12949842-26-RS and apply on-line by July 23, 2026.

Your complete application must include your resume, responses to all required vacancy questions, and any required documents that prove your eligibility to apply. If you are viewing this opportunity after July 23rd please visit NRC’s website and discover additional opportunities for which you might be interested.