Job Summary

Join VA's Office of Information Security (OIS) to help protect VA's IT systems and Veteran data from cyber threats. As a It Specialist (Infosec), you'll enforce federal IT security policies, support network defense, and strengthen VA's cyber resilience as part of a team that values security and education. Advance your career by contributing to VA's digital transformation-apply today!

Job Description

To qualify for this position, applicants must meet all requirements by the closing date of this announcement, 06/24/2026. You must meet the basic requirement, specialized experience and selective placement factor to qualify for this series as described below: Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. AND Specialized Experience: You must have one year of specialized experience equivalent to at least the next lower grade GS-12 in the normal line of progression for the occupation in the organization. Examples of specialized experience would typically include, but are not limited to: Experience independently reviewing and analyzing cybersecurity risk management data from multiple sources to identify risks, conduct comprehensive assessments of IT system security controls in accordance with NIST SP 800-37, and perform activities to improve enterprise cybersecurity processes; supporting Risk Management Framework (RMF) functions, including Governance, Risk and Compliance (GRC) activities, and facilitating compliance with OIG FISMA and FISCAM audits; and in conducting security control assessments, developing security authorization packages, and monitoring ongoing compliance with federal cybersecurity requirements. AND Selective Placement Factor: Direct experience applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) to include conducting security control assessments, developing authorization packages, and documenting security requirements for information technology systems at the agency or enterprise level. Direct experience supporting Risk Management Framework (RMF) compliance functions to include Governance, Risk and Compliance (GRC) capabilities and OIG Federal Information Security Management Act (FISMA) and Federal Information System Controls Audit (FISCAM) Audits. For more information on these qualification standards, please visit the United States Office of Personnel Management's website at https://www.opm.gov/policy-data-oversight/classification-qualifications/general-schedule-qualification-standards/.