This position is located in the Office of Information and Technology (OIT), Office of Information Security (OIS)/Software Product Management (SPM). The primary purpose of the position is to collect, analyze, report, and provide support for information security compliance and oversight activities. These activities include information that overviews VA's information security posture to various oversight agencies throughout Federal government.
To qualify for this position, all qualification requirements must be met by the closing date of this announcement 08/15/2025. Time-In-Grade Requirement: Applicants who are current Federal employees and have held a GS grade any time in the past 52 weeks must also meet time-in-grade requirements by the closing date of this announcement. For the GS-13 position you must have served 52 weeks at the GS-12. The grade may have been in any occupation, but must have been held in the Federal service. An SF-50 that shows your time-in-grade eligibility must be submitted with your application materials. If the most recent SF-50 has an effective date within the past year, it may not clearly demonstrate you possess one-year time-in-grade, as required by the announcement. In this instance, you must provide an additional SF-50 that clearly demonstrates one-year time-in-grade. Applicants must meet all requirements when a request is received to fill a vacancy. You may qualify based on your experience as described below: Basic Requirements Experience: Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. For all positions individuals must have IT-related experience demonstrating each of the five competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND Specialized Experience: You must have one year of specialized experience equivalent to at least the next lower grade GS-12 in the normal line of progression for the occupation in the organization. Specialized experience is defined as: identify and analyze security requirements throughout the Agency. Apply security and IT knowledge to solve previously unsolvable problems. Demonstrate knowledge of requirements definition, security legislation, security standards, guidelines, best practices, FISMA, and NIST guidelines. Determine how security systems should work and assess the impact of changes in conditions, operations, or the environment. Apply cybersecurity and privacy principles to confidentiality, integrity, availability, authentication, and non-repudiation. Utilize project management principles to meet mission requirements, recommend improvements to VA IT security standards, guidelines, and product usage. Manage projects and present complex reports and briefings to senior management. Interpret security policies, procedures, and guidelines governing VA security requirements. Develop processes for ongoing requirements maintenance and maintain a repository of security requirements mapped to business drivers. Provide security advice, guidance, and recommendations to team members, managers, and technical staff on industry and governmental security strategies. Offer recommendations that influence VA IT and security standards, guidance, and approaches. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religions; spiritual; community; student; social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Note: A full year of work is considered to be 35-40 hours of work per week. Part-time experience will be credited on the basis of time actually spent in appropriate activities. Applicants wishing to receive credit for such experience must indicate clearly the nature of their duties and responsibilities in each position and the number of hours a week spent in such employment. Veterans and Transitioning Service Members: Please visit the VA for Vets site for career-search tools for Veterans seeking employment at VA, career development services for our existing Veterans, and coaching and reintegration support for military service members.
OIT Mission: The mission of the Office of Information and Technology (OIT) is to collaborate with our business partners to create the best experience for all Veterans. OIT Vision: To become a world-class organization that provides a seamless, unified Veteran experience through the delivery of state-of-the-art technology. Major Duties: Serves as subject matter expert (SME) as well as an information security (INFOSEC) member of a specialized group of information security specialists responsible for enterprise-wide information security policy, compliance, standards, information protection process design, vulnerability management, and threat mitigation strategies organization-wide across the United States. Conducts planning monitoring, scanning, auditing and general support for the information security systems and services within the organization and coordinates across multiple system stakeholders and program managers. Maintains all possible sources of security requirements including existing policy, guidelines, and standards in compliance with legislation and other external mandates; documents systems and deficiencies found in VA's Governance, Risk and Compliance (GRC) tool. Ensures accuracy of the data contained within the VA's automated resources through collaboration with the system owners and their teams. Responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security. Responsible for the cybersecurity of a program, organization, system, or enclave. Conceptualizes, designs, and builds secure information technology (IT) systems, with responsibility for aspects of systems and/or networks development. Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology system to determine the overall effectiveness of the controls. The incumbent acts as the technical security authority in security-related design supporting short and long-range VA Information Technology activities. Manages expectations and ensures information security requirements are provided to and understood by employees who serve in both technical and non-technical capacities. Conducts vulnerability analysis and risk assessment studies of planned and installed systems. Responsible for conducting security reviews of VA systems to ensure compliance with secure configuration guides and applicable Federal security policies and for verifying that appropriate safeguards are implemented and maintained enterprise wide. Provides accurate, timely, specific, reasoned, and useful advice on security systems that leverages investments in the department's cyber security programs while simultaneously strengthening the department's security posture. Identifies and outlines strategies to incorporate federal information security requirements as recommendations to Office of Information pillars for VA's automated information security products and services. Position Description/PD#: IT Specialist (INFOSEC)/PD17362A Relocation/Recruitment Incentives: Not Authorized Permanent Change of Station (PCS): Not Authorized Financial Disclosure Report: Not Required Travel Required: Occasional travel may be required as needed for this position. Work Schedule: Monday - Friday 8AM-4:30PM; Tour of duty will be determined based on organizational needs. Compressed/Flexible: As determined by the Agency Policy Virtual: This is not a virtual position. Physical Demands: The work is sedentary. Some work may require walking and standing in conjunction with travel and to attendance at meetings and conferences away from the work site. Some employees may carry light items such as papers, book, or small parts. The work does not require any special physical effort. Working Conditions: The work environment involves everyday risks or discomfort that requires normal safety precautions.