This is a Senior Information Technology Specialist (INFOSEC) position with the purpose of developing and or analyzing procedures and systems for identifying and assessing, mitigating, and evaluating the effectiveness of risk management in all aspects of Information Technology (IT) and other related areas as directed within the incumbent's abilities and/or area of expertise.
To qualify for this position, all qualification requirements must be met by the closing date of this announcement 08/15/2025. Time-In-Grade Requirement: Applicants who are current Federal employees and have held a GS grade any time in the past 52 weeks must also meet time-in-grade requirements by the closing date of this announcement. For the GS-14 position you must have served 52 weeks at the GS-13. The grade may have been in any occupation, but must have been held in the Federal service. An SF-50 that shows your time-in-grade eligibility must be submitted with your application materials. If the most recent SF-50 has an effective date within the past year, it may not clearly demonstrate you possess one-year time-in-grade, as required by the announcement. In this instance, you must provide an additional SF-50 that clearly demonstrates one-year time-in-grade. Applicants must meet all requirements when a request is received to fill a vacancy. You may qualify based on your experience as described below: Basic Requirements Experience: Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. For all positions individuals must have IT-related experience demonstrating each of the five competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND Specialized Experience: You must have one year of specialized experience equivalent to at least the next lower grade GS-13 in the normal line of progression for the occupation in the organization. Specialized experience is defined as: mastery knowledge of IT cybersecurity risk management principles and methods, and IT information security products and services to perform IT assessments and develop or interpret policies, procedural controls, and guidelines for IT cybersecurity risk management, application and data security, system software security, contingency planning, and compliance with Federal IT laws and regulations. Additionally, the candidate must have mastery knowledge of requirements analysis, communication techniques, IT forensics principles, network operations and protocols, and systems security regulations and policies to provide IT cybersecurity risk management advice and develop risk management implementation plans to ensure the proper protection of IT systems. Mastery knowledge of VA and OIS program goals and objectives, the sequence and timing of key Cybersecurity Risk Management Program events and milestones, and methods of evaluating the cybersecurity risk management compliance and assessment program accomplishments is also essential. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religions; spiritual; community; student; social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Note: A full year of work is considered to be 35-40 hours of work per week. Part-time experience will be credited on the basis of time actually spent in appropriate activities. Applicants wishing to receive credit for such experience must indicate clearly the nature of their duties and responsibilities in each position and the number of hours a week spent in such employment. Veterans and Transitioning Service Members: Please visit the VA for Vets site for career-search tools for Veterans seeking employment at VA, career development services for our existing Veterans, and coaching and reintegration support for military service members.
OIT Mission: The mission of the Office of Information and Technology (OIT) is to collaborate with our business partners to create the best experience for all Veterans. OIT Vision: To become a world-class organization that provides a seamless, unified Veteran experience through the delivery of state-of-the-art technology. Major Duties: Evaluates and inspects software and hardware intended to ensure that automated systems are secure from unauthorized use, viral infection, and other problems that would compromise the confidentiality, integrity, or availability of data, or other aspects of overall IT system security. Evaluates new security authentication technologies such as public key infrastructure (PKI) certificates, secure cards, Physical Access Control Systems (PACS), and biometrics to ensure that they are up to compliance and recommends the acquisition of, implementation, and dissemination of IT security tools, procedures, and practices to protect information assets. Develops IT security compliance policy, guidelines, and procedures for systems which are typically accessed by a moderate to large user community and which process multiple applications requiring differing security controls. Develops IT procedures and systems for identifying, assessing, and reporting the effectiveness of major administrative and technical IT controls to designated facilities and VA-wide cybersecurity risk management compliance programs. Conducts a comprehensive program of assessments designed to measure how well VA information systems comply with legislative and federal government oversight as well as VA policies, procedures, and practices. Identifies relevant issues, develops legislative proposals and regulatory changes, collects relevant information from many varied sources, some of which are difficult to access, and devises new analytical techniques to evaluate risk management findings based on operations and changing program requirements. Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network. Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations. Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers). Establish acceptable limits for the software application, network, or system. Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals. Supports Risk Management Framework (RMF) compliance functions to include the security Assessment and Authorization (A&A) process, compliance and oversight of the PIV Card Issuing stations audits, management of VA's Governance, Risk, and Compliance (GRC) capabilities, and the development, design, and execution of strategic initiatives to meet Federal regulatory requirements and emerging technologies, as required by the Office of Management and Budget (OMB) based on guidance formulated by the National Institute of Standards and Technology (NIST). Develops and disseminates informational material to a wide range of agency stakeholders VA-wide. Position Description/PD#: IT Specialist (INFOSEC)/PD17108A Relocation/Recruitment Incentives: Not Authorized Permanent Change of Station (PCS): Not Authorized Financial Disclosure Report: Not Required Travel Required: Occasional travel may be required as needed for this position. Work Schedule: Monday - Friday 8AM-4:30PM; Tour of duty will be determined based on organizational needs. Compressed/Flexible: As determined by the Agency Policy Virtual: This is not a virtual position. Physical Demands: The work is primarily sedentary during the planning/preparation phase. The work may require walking and standing for prolong periods in conjunction with travel and at the onsite assessment location. The incumbent may carry light items such as papers, books, or computers, or drive a motor vehicle. The work does not require any special physical effort. Working Conditions: The work area is adequately lighted, heated, and ventilated. The work environment involves everyday risks or discomforts that require normal safety precautions. The responsibilities of the position require frequent travel and may subject the incumbent to various resultant environmental changes, incumbent must be amenable to such period of travel and to working in unfamiliar surroundings. This position requires occasional travel using both air and ground transportation.