Vulnerability Management Lead (INFOSEC)

Full Job Description

As the Vulnerability Management Lead, you will manage and maintain GSA cybersecurity defenses. Location of position: The Office of GSA IT, Security Operations Division (ISO) 1800 F St.

NW, Washington, DC 20405 The Security Operations Division is responsible for providing real-time operational security through the security operations center and enterprise network security capabilities.

We are currently filling one vacancy, but additional vacancies may be filled as needed.

For each job on your resume, provide: the exact dates you held each job (from month/year to month/year) number of hours per week you worked (if part time).

If you have volunteered your service through a National Service program (e.g., Peace Corps, Americorps), we encourage you to apply and include this experience on your resume.

The GS-14 salary range starts at $143,913 per year. If you are a new federal employee, your starting salary will likely be set at the Step 1 of the grade for which you are selected.

To qualify, you must have at least one year of specialized experience equivalent to the GS-13 level or higher in the Federal service and have IT-related experience demonstrating EACH of the four competencies below: IT SPECIALIST COMPETENCY REQUIREMENTS: Attention to Detail - This skill is generally demonstrated by assignments where the applicant investigates and evaluates "state of the art" technology of the industry.

Customer Service - This skill is generally demonstrated by assignments where the applicant confers with users to evaluate the effectiveness of, or identify the need for, computer programs or management systems.

Oral Communication - This skill is generally demonstrated by assignments where the applicant persuades others to take particular course of action or to accept findings, recommendations, changes, or alternative viewpoints.

Problem Solving - This skill is generally demonstrated by assignments where the applicant identifies and accommodates technology and resource constraints.

SPECIALIZED EXPERIENCE: In addition to the Basic Requirements listed above, you must have one year of specialized experience equivalent to the GS-13 in the Federal service.

Specialized experience is defined as experience conducting or assisting with security assessments, evaluations, or continuous monitoring of information systems and ensuring compliance with cybersecurity policies or regulatory requirements.

This experience must also include identifying and addressing security vulnerabilities or risks, recommending improvements to system or network designs, or using security software or tools to safeguard systems.

Such experience may be obtained in government, industry, or other related fields. Major Duties:

As a Vulnerability Management Lead you will perform the following duties: Responsible for a variety of Information Security tasks and functions to ensure agency level compliance with GSA IT Security policies, Federal Information Security Management Act of 2002 (FISMA), Office of Management and Budget (OMB), Department of Homeland Security (DHS), and National Institute of Standards and Technology (NIST) requirements.

Provides expert advice to the Division Director.

Represents the Division and OCIO in meetings with other GSA entities; and GSA in meetings with representatives of industry, other agencies, public organizations, etc.

, to resolve problems, develop joining policies/standards; analyze, select and implement IT security products/services/solutions, and exchange information regarding areas of technical expertise.

Conducts, oversees, and monitors security analyses, testing, and evaluations of GSA information systems in support of Security Assessment and Authorization (A&A) of and ongoing Continuous Monitoring.

Creates reports, guidance, and direction for enhancement of security for systems/networks.

Participates in the conduct and management of independent evaluations and compliance reviews of IT systems in accordance with FISMA.

This includes, but is not limited to, POA&M reviews, assessment, and authorization package reviews, exhibit 300 reviews, vulnerability assessments and scanning activities, system configuration reviews, and system inventory reviews, IT audit findings and remediation, etc.

Mitigates data exfiltration and service disruption risks, and reduces detection and response times, and recommends and directs changes in network and system designs, plans, or documentation to ensure compliance with security and privacy policy.

Accelerates AI/ML-driven analytics into defensive cyber operations, including automated threat intelligence, anomaly detection, and risk scoring.

Responsible for implementing Enterprise Security Shared Services across stakeholders, in conjunction with the Director and the CISO/DCISO, building product roadmaps, business use cases, technical specifications, wireframes, mockups, prototypes, launch plans, tracking key performance metrics and data analytics/reporting along with end user/customer surveys among other deliverables for identifying efficiencies for the rolled-out services.

Manages GSA's Vulnerability Disclosure Program and Bug Bounty Program. Provides oversight and manages notifications from public sources of information risks for these programs.

Evaluates, acquires, configures, and uses software intended to ensure that automated systems are secure from unauthorized use, viral infection, and other problems that would compromise sensitive information in terms of confidentiality, integrity, and availability, or would compromise other aspects of overall system security.