Summary This position serves as a shift Supervisor of the VA's 24/7 Cybersecurity Operations Center (CSOC) Cybersecurity Incident Response (CIR) group and is located in the Office of Information Security, VA CSOC. The incumbent will oversee and participate fully with CIR staff, fellow CIR Supervisors, and the Deputy Director of Cybersecurity Response & Analytics (CSRA).Day-to-day tasks will include providing oversight, direction, and guidance to the CSOC CIR shift staff. Responsibilities OIT Mission: The mission of the Office of Information and Technology (OIT) is to collaborate with our business partners to create the best experience for all Veterans. OIT Vision: To become a world-class organization that provides a seamless, unified Veteran experience through the delivery of state-of-the-art technology. Major Duties: Provide technical and administrative supervision for employees who perform the functions and procedures associated with preventing and detecting cybersecurity incidents and identifying vulnerabilities and security gaps on VA systems and networks. Oversee and direct the advancement VA Cybersecurity Operations Center cybersecurity incident response capability to include contributing to a strategic plan, developing and enhancing long and short range plans for cybersecurity incident response. Advise and make recommendations to the Deputy Director, Cybersecurity Response & Analytics concerning the current effectiveness of prevention, detection, monitoring, triaging, mitigating, remediating, and recovery skills and tooling within the CSOC. Oversee and direct cybersecurity monitoring activities, event correlation and analysis, cybersecurity incident response, management, and mitigation, deep dive audit log analysis. Ensure VA cybersecurity policies are in alignment with regulatory requirements and legislated mandates. Apprise the Deputy Director, Cybersecurity Response & Analytics concerning cybersecurity operations center and cybersecurity incident response capability program operational issues and provides strategies to address these issues. Assess and coordinate a NOC response to any emerging or emergency threat and oversee mitigation of the situation. Work Schedule:Shifts possible: Monday-Friday, 630 am - 3 pm eastern, 230 pm - 11pm eastern or 1030 pm - 7 am eastern Compressed/Flexible: Not Authorized Telework: Adhoc telework may be authorized at management's discretion. Position Description/PD#: Supervisory IT Specialist (INFOSEC)/PD16763A Relocation/Recruitment Incentives: Not Authorized Permanent Change of Station (PCS): Not Authorized PCS Appraised Value Offer (AVO): Not Authorized Physical Demands: The work is sedentary. Some work may require walking and standing in conjunction with travel and attendance at meetings and conferences away from the work site and carrying light items such as papers or books. Working Conditions: The work area is adequately lighted, heated, and ventilated. The work environment involves everyday risks or discomforts that require normal safety precautions. This position requires minimal travel (5-10% of each quarter). The incumbent may be required to use both air and ground transportation. Designated Drug Testing Position: Not applicable. This is a non-bargaining unit eligible position. Requirements Conditions of Employment You must be a U.S. Citizen to apply for this job To be considered for this position, you must complete all required steps in the process. In addition to the application and questionnaire, this position requires an online assessment. The online assessment measures critical general competencies required to perform the job. Physical Requirements: The work required does not inherently include any physical requirements essential for successful job performance that could not otherwise be performed with accommodation or workplace adjustment. A pre-placement physical examination is not required. Subject to background/security investigation Selected applicants will be required to complete an online onboarding process. Acceptable form(s) of identification will be required to complete pre-employment requirements (https://www.uscis.gov/i-9-central/form-i-9-acceptable-documents). Effective May 7, 2025, driver's licenses or state-issued dentification cards that are not REAL ID compliant cannot be utilized as an acceptable form of identification for employment. As a condition of employment for accepting this position, you will be required to serve a 1-year probationary period during which we will evaluate your fitness and whether your continued employment advances the public interest. In determining if your employment advances the public interest, we may consider: your performance and conduct; the needs and interests of the agency; whether your continued employment would advance organizational goals of the agency or the Government; and whether your continued employment would advance the efficiency of the Federal service. Upon completion of your probationary period , your employment will be terminated unless you receive certification, in writing, that your continued employment advances the public interest. Qualifications To qualify for this position, applicants must meet all requirements by the closing date of this announcement, 04/22/2026. You may qualify based on your experience as described below: Basic Requirements: Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. For all positions individuals must have IT-related experience demonstrating each of the five competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND Specialized Experience: You must have one year of specialized experience equivalent to at least the next lower grade GS-13 in the normal line of progression for the occupation in the organization. Specialized experience is defined as: Supervised Cybersecurity Operations Center Personnel- Directed and oversaw CSOC personnel responsible for enterprise-wide cybersecurity monitoring, threat detection, and incident response operations. Established performance standards, conducted evaluations, resolved personnel issues, and implemented workforce development strategies through Individual Development Plans (IDPs). Managed staffing actions including leave, travel, and training to ensure continuous 24/7/365 operational readiness. Developed CSOC Incident Response Strategy and Operational Roadmap-Lead the development of CSOC strategic and operational plans aligned to incident response and enterprise risk management following the Continuous Threat Exposure Management (CTEM) principles. Define near- and long-term priorities for cyber defense, threat detection, and incident response capabilities. Advised senior leadership on feasibility, risk trade-offs, and implementation strategies to enhance enterprise cybersecurity posture. Directed Cyber Threat Monitoring and Incident Response Operations-Oversee real-time security operations including threat detection, event correlation, prioritized vulnerability analysis, and incident response coordination. Direct activities such as the deconfliction of penetration testing, interpret threat hunting and digital forensics results, log analysis, and security analytics to identify, contain, and remediate cyber threats. Ensure integration of detection, response, and recovery processes across enterprise systems and networks. Ensured Compliance with Federal Cybersecurity Policies and Mandates-Ensure CSOC operations align with federal cybersecurity frameworks, regulatory requirements, and agency policies (e.g., NIST, OMB, DHS directives). Developed and enforced cybersecurity policies, procedures, and operational standards. Provided authoritative guidance on implementation and compliance to ensure audit readiness and adherence to legislative mandates. Served as Senior Cybersecurity Operations Advisor-Provided subject matter expertise to senior leadership on cybersecurity operations, incident response, and threat landscape trends. Delivered actionable recommendations to address operational risks and capability gaps. Fostered cross-organizational collaboration to improve cyber defense integration across business units and mission systems. Implemented Risk-Based Security Controls and Countermeasures-Applied and enforced security controls across interconnected systems and applications to ensure confidentiality, integrity, and availability. Identified vulnerabilities, assessed risk, and directed mitigation strategies including compensating controls and system hardening. Enabled risk-based prioritization aligned to threat intelligence and exploitability. Integrated Security Operations with Risk Management Framework (RMF)-Ensured documentation and execution of cybersecurity operations aligned with RMF lifecycle activities. Maintained system security documentation, operational procedures, and audit artifacts. Contributed to authorization processes, continuous monitoring, and system accreditation activities while supporting enterprise governance requirements. Coordinated Cybersecurity Operations with Federal and Intelligence Partners-Collaborated with interagency partners including the Department of Homeland Security (DHS), Department of Defense (DoD), and Federal Bureau of Investigation (FBI) to share threat intelligence and coordinate incident response. Participated in classified information exchanges up to the Sensitive Compartmented Information (SCI) level. Ensured compliance with national cybersecurity programs (e.g., EINSTEIN, US-CERT reporting) and Trusted Internet Connections (TIC) requirements. Enabled Enterprise Attack Surface Visibility and Threat-Informed Defense-Advanced CSOC capabilities by integrating external attack surface visibility, internal asset mapping, and threat intelligence to provide end-to-end visibility from external exposure to internal systems. Leveraged risk-based prioritization and attack path analysis to improve detection, response, and mitigation of enterprise cyber risk. AND Selective Placement Factor: In addition to the minimum qualifications described above, you must meet the following requirements to be considered for the position: Must have experience directly leading Cybersecurity Incident Response activities in a federal agency or industry @type Cybersecurity Operations Center. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religions; spiritual; community; student; social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Note: A full year of work is considered to be 35-40 hours of work per week. Part-time experience will be credited on the basis of time actually spent in appropriate activities. Applicants wishing to receive credit for such experience must indicate clearly the nature of their duties and responsibilities in each position and the number of hours a week spent in such employment. Veterans and Transitioning Service Members: Please visit the VA for Vets site for career-search tools for Veterans seeking employment at VA, career development services for our existing Veterans, and coaching and reintegration support for military service members. For more information on these qualification standards, please visit the United States Office of Personnel Management's website at https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/. Education There is no educational substitution at this grade level. Additional Information Under the Fair Chance to Compete Act, the Department of Veterans Affairs prohibits requesting an applicant's criminal history prior to accepting a tentative job offer. For more information about the Act and the complaint process, visit Human Resources and Administration/Operations, Security, and Preparedness (HRA/OSP) at The Fair Chance Act. If selected you will be required to report to one of the following locations: Hines, IL Austin, TX Martinsburg, WV If space is not immediately available a temporary exception to telework may be granted. If/when workspace is identified, the employee is expected to report to their assigned duty location Receiving Service Credit or Earning Annual (Vacation) Leave: Federal Employees earn annual leave at a rate (4, 6 or 8 hours per pay period) which is based on the number of years they have served as a Federal employee. VA may offer newly-appointed Federal employee's credit for their job-related non-federal experience or active duty uniformed military service. This credited service can be used in determining the rate at which they earn annual leave. Such credit must be requested and approved prior to the appointment date and is not guaranteed. This job opportunity announcement may be used to fill additional vacancies. If you are unable to apply online or need an alternate method to submit documents, please reach out to the Agency Contact listed in this Job Opportunity Announcement. The Interagency Career Transition Assistance Plan (ICTAP) and Career Transition Assistance Plan (CTAP) provide eligible displaced VA competitive service employees with selection priority over other candidates for competitive service vacancies. To be qualified you must submit appropriate documentation (a copy of the agency notice, your most recent performance rating, and your most recent SF-50 noting current position, grade level, and duty location) and be found well-qualified for this vacancy. To be well-qualified: applicants must possess experience that exceeds the minimum qualifications of the position including all selective factors, and who are proficient in most of the required competencies of the job. Information about ICTAP and CTAP eligibility is on OPM's Career Transition Resources website at http://www.opm.gov/policy-data-oversight/workforce-restructuring/employee-guide-to-career-transition/.
