Summary
This position serves as the Director of the VA, Cybersecurity Operations Center (CSOC) and is located in the Office Information Security. The incumbent reports to the Deputy Chief Information Security Officer and Executive Director for Information Security Operations. The incumbent will be responsible for providing oversight, direction, and guidance to the VAs Cybersecurity Operations Center staff.
Duties
This position is primarily aligned to the following NICE Cybersecurity Workforce Framework work roles:
- 901 – Cybersecurity Code
Major Duties:
- Provides technical and administrative supervision across the CSOC Leadership who manage the Security Response, Security Defense, Security Quality Management, and Security Design and Integration Divisions within the CSOC
- Responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security
- Oversees and directs the development of the VAs network and security operations center and central incident response capability strategic plan
- Provide subject-matter expertise and support to planning/ developmental forums and working groups as appropriate
- Direct and monitor execution of support of information technology infrastructure and Cybersecurity programs
Selective Placement Factor: This position includes a skill, knowledge, ability or other worker characteristic basic to -and essential for- satisfactory performance of the job. Selective Placement Factors are a prerequisite to appointment and represent minimum requirements for a position. Applicants who do not meet it are ineligible for further consideration. Evidence of the Selective Placement Factor must be reflected in your resume.
The Selective Placement Factor for this position is: Extensive knowledge of IT cybersecurity principles and methods and information security principles required to perform host-based and network-based event and artifact analysis, sensor monitoring and advanced analysis for indicators of compromise. Experience in media forensic analysis and Security Information and Event Management (SIEM).
Experience – Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate.
