• Help



    Announcement may be used to fill similar positions within 90 days of the closing date.

    This announcement will be used to fill vacancies through OPM-authorized Direct Hire Authority (DHA) for IT Specialist (Information Security and Cybersecurity), GS-2210-09 through GS-2210-15; 5 U.S.C. 3304(a)(3), 5 CFR part 337.

    This position is processed under Direct Hire authority. Veterans' Preference and Category Rating procedures DOES NOT APPLY.

    For more information, click here:

    About this agency

    Learn more about this agency


    • Serves as the Cybersecurity Operations & Computer Incident Response Team (SOC/CIRT) Specialist to implement and operate the Bank's SOC/CIRT Operations.
    • Provides technical advice, guidance, and assistance on cyber security events/incidents; and analyzes and identifies effective responses to reported incidents.
    • Identifies and analyzes threats, provides mitigation strategies, and documents and presents the impact of resulting attacks via Executive Summaries, After Action Reports, and Metrics Reports to improve and enhance the VA security posture to management and senior leadership.
    • Responds to potential cyber security events/incidents by analyzing the impact, scope, and trends, and provides containment recommendations; validates appropriate response actions were adhered to and the cyber incident has been properly handled/closed out.
    • Serves as a SME on issues relating to the vulnerabilities and threats to enterprise and coordinates appropriate mitigation strategies information systems and network devices.
    • Oversees the monitoring of the Security Information and Event Management solution, other security tools, situational awareness reports, and open source intelligence to identify anomalous activity, malicious artifacts, indicators of compromise and take corrective actions.
    • Works with the Bank's Managed Trusted Internet Protocol Service (MTIPS) provider and other cloud-hosted cybersecurity services, including the Department of Homeland Security suite of cybersecurity tools, and on premises security tools in order to conduct continuous monitoring, diagnostics, mitigation, and remediation of identified cybersecurity threats and vulnerabilities.
    • Serves as a SME for the Bank's cybersecurity incident management and Network & Security Operations Center (NSOC) services:
      • Serves as the Program Manager for the Bank's Continuous Diagnostics and Mitigation (CDM) program, responsible for the development and maintenance of the strategy, implementation, tactics, techniques, and procedures for the agency's tools, processes, and agency dashboard reporting requirements.
      • Identifies, analyzes, and reports events that occur within the network in order to protect information, information systems, and networks from threats.
      • Responds to crisis or urgent situations within the Bank's enterprise to mitigate immediate and potential threats and use mitigation, preparedness, and response and recovery approaches, as needed, to protect information security of the Bank's IT systems, network, and data whether on premises or in the cloud.
      • Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
      • Provides Security Engineering support. Collaborates with external Bank cybersecurity providers regarding installation, configuration, test, operations, maintenance, and management of on premises and external (including cloud hosted). Conducts cybersecurity analysis and monitors tools and sensors, services, and software permitting sharing of actionable, real-time or near real-time cybersecurity information. Continuously monitors and acts to protect EXIM's security of information and systems.
      • Supports Security Engineering and collaborates with external Bank Cybersecurity providers regarding installation, configuration, test, operations, maintenance, and management of on premises and external (including cloud hosted) cybersecurity protective devices and sensors. Such work includes, firewall/Intrusion Protection System (IPS) settings, and rules and configurations to support the accomplishment of EXIM's mission while protecting the security posture. Ensures the confidentiality, integrity, and availability of EXIM's Information Systems.
      • Works with external cybersecurity partners to review, update, and revise configurations of external cybersecurity services for optimum benefit to the Bank mission and security.
      • Tracks and reports to IT management on the responsiveness, performance, and effectiveness of externally hosted cybersecurity services provided to the Bank by our external cybersecurity providers. Makes recommendations for improvement or alternatives as needed.
      • Ensures the adequacy of access control, passwords, and account creation and administration of assigned on premises and cloud-based IT systems.
      • Conducts training of personnel within pertinent subject domain.
      • Oversees the Bank's vulnerability management program which includes the Vulnerability Disclosure Program. Conducts vulnerability and configuration baseline scan. Works with stakeholders to address technical concerns, tracks mitigation activities, and coordinates requests for risk acceptances. Monitors and reports on end of life software, DHS Binding Operational Directives and other critical vulnerability and patch management activities.

    Travel Required

    Occasional travel - You may be expected to travel for this position.

    Supervisory status


    Promotion Potential


This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/584804100. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.