Supervisory IT Specialist (INFOSEC)

This position serves as a shift Supervisor of the VA's 24/7 Cybersecurity Operations Center (CSOC) Cybersecurity Incident Response (CIR) group and is located in the Office of Information Security, VA CSOC. The incumbent will oversee and participate fully with CIR staff, fellow CIR Supervisors, and the Deputy Director of Cybersecurity Response & Analytics (CSRA).Day-to-day tasks will include providing oversight, direction, and guidance to the CSOC CIR shift staff.

**Qualifications:**
To qualify for this position, applicants must meet all requirements by the closing date of this announcement, 04/22/2026. You may qualify based on your experience as described below: Basic Requirements: Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. For all positions individuals must have IT-related experience demonstrating each of the five competencies listed below. The employing agency is responsible for identifying the specific level of proficiency required for each competency at each grade level based on the requirements of the position being filled. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND Specialized Experience: You must have one year of specialized experience equivalent to at least the next lower grade GS-13 in the normal line of progression for the occupation in the organization. Specialized experience is defined as: Supervised Cybersecurity Operations Center Personnel- Directed and oversaw CSOC personnel responsible for enterprise-wide cybersecurity monitoring, threat detection, and incident response operations. Established performance standards, conducted evaluations, resolved personnel issues, and implemented workforce development strategies through Individual Development Plans (IDPs). Managed staffing actions including leave, travel, and training to ensure continuous 24/7/365 operational readiness. Developed CSOC Incident Response Strategy and Operational Roadmap-Lead the development of CSOC strategic and operational plans aligned to incident response and enterprise risk management following the Continuous Threat Exposure Management (CTEM) principles. Define near- and long-term priorities for cyber defense, threat detection, and incident response capabilities. Advised senior leadership on feasibility, risk trade-offs, and implementation strategies to enhance enterprise cybersecurity posture. Directed Cyber Threat Monitoring and Incident Response Operations-Oversee real-time security operations including threat detection, event correlation, prioritized vulnerability analysis, and incident response coordination. Direct activities such as the deconfliction of penetration testing, interpret threat hunting and digital forensics results, log analysis, and security analytics to identify, contain, and remediate cyber threats. Ensure integration of detection, response, and recovery processes across enterprise systems and networks. Ensured Compliance with Federal Cybersecurity Policies and Mandates-Ensure CSOC operations align with federal cybersecurity frameworks, regulatory requirements, and agency policies (e.g., NIST, OMB, DHS directives). Developed and enforced cybersecurity policies, procedures, and operational standards. Provided authoritative guidance on implementation and compliance to ensure audit readiness and adherence to legislative mandates. Served as Senior Cybersecurity Operations Advisor-Provided subject matter expertise to senior leadership on cybersecurity operations, incident response, and threat landscape trends. Delivered actionable recommendations to address operational risks and capability gaps. Fostered cross-organizational collaboration to improve cyber defense integration across business units and mission systems. Implemented Risk-Based Security Controls and Countermeasures-Applied and enforced security controls across interconnected systems and applications to ensure confidentiality, integrity, and availability. Identified vulnerabilities, assessed risk, and directed mitigation strategies including compensating controls and system hardening. Enabled risk-based prioritization aligned to threat intelligence and exploitability. Integrated Security Operations with Risk Management Framework (RMF)-Ensured documentation and execution of cybersecurity operations aligned with RMF lifecycle activities. Maintained system security documentation, operational procedures, and audit artifacts. Contributed to authorization processes, continuous monitoring, and system accreditation activities while supporting enterprise governance requirements. Coordinated Cybersecurity Operations with Federal and Intelligence Partners-Collaborated with interagency partners including the Department of Homeland Security (DHS), Department of Defense (DoD), and Federal Bureau of Investigation (FBI) to share threat intelligence and coordinate incident response. Participated in classified information exchanges up to the Sensitive Compartmented Information (SCI) level. Ensured compliance with national cybersecurity programs (e.g., EINSTEIN, US-CERT reporting) and Trusted Internet Connections (TIC) requirements. Enabled Enterprise Attack Surface Visibility and Threat-Informed Defense-Advanced CSOC capabilities by integrating external attack surface visibility, internal asset mapping, and threat intelligence to provide end-to-end visibility from external exposure to internal systems. Leveraged risk-based prioritization and attack path analysis to improve detection, response, and mitigation of enterprise cyber risk. AND Selective Placement Factor: In addition to the minimum qualifications described above, you must meet the following requirements to be considered for the position: Must have experience directly leading Cybersecurity Incident Response activities in a federal agency or industry type Cybersecurity Operations Center. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religions; spiritual; community; student; social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. Note: A full year of work is considered to be 35-40 hours of work per week. Part-time experience will be credited on the basis of time actually spent in appropriate activities. Applicants wishing to receive credit for such experience must indicate clearly the nature of their duties and responsibilities in each position and the number of hours a week spent in such employment. Veterans and Transitioning Service Members: Please visit the VA for Vets site for career-search tools for Veterans seeking employment at VA, career development services for our existing Veterans, and coaching and reintegration support for military service members. For more information on these qualification standards, please visit the United States Office of Personnel Management's website at https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/.