Security ClearanceNot Required
Duties
ZP-IV: National Vulnerability Database Program Manager: As the National Vulnerability Database (NVD) Program Manager, you will lead information security projects and technical teams with limited oversight to support NIST's cybersecurity mission. Manage the NVD and its associated software infrastructure, overseeing project lifecycles and technical teams to ensure operational excellence. Interact with relevant stakeholder groups to anticipate and determine the needs of end users, planning and implementing new capabilities as required. Support the ongoing development of global standards, including CVSS, CVE, and CPE, through active participation in international standards organizations. Identify deficiencies in the existing vulnerability management ecosystem to suggest and develop new capabilities and technical guidelines. ZP-V: National Vulnerability Database Program Manager: As the National Vulnerability Database (NVD) Program Manager, you will provide expert leadership and strategic direction for the NVD portfolio and serve as a primary authority on vulnerability management standards. Define program goals and exercise wide latitude to influence the national security posture and the broader vulnerability management portfolio. Coordinate with high-level stakeholders to identify complex end-user requirements and plan the integration of next-generation capabilities. Influence and drive the development of standards (e.g., CVSS, CVE, CPE) through leadership roles and high-impact contributions within standards-developing organizations. Architect new NIST-developed guidelines and national-level capabilities by identifying and addressing critical gaps in the vulnerability management ecosystem.
Qualifications
Basic Requirements: Bachelor's degree in computer science or bachelor's degree with 30 semester hours in a combination of mathematics, statistics, and computer science. At least 15 of the 30 semester hours must have included any combination of statistics and mathematics that includes differential and integral calculus. All academic degrees and coursework must be from accredited or pre-accredited institutions. For the ZP-IV: In addition to the above basic requirements, all applicants must have one year (52 weeks) of specialized experience equivalent to at least the GS-12 level (ZP-III at NIST). The specialized experience is defined as: Experience working with vulnerability management identifiers and specifications such as CVE, CVSS, CPE, and CWE. Experience with CPE, Product-URL, SBOM, SWID, or different mechanisms of representing or modeling vulnerability information. Experience working with or in standards development to produce standards. For the ZP-V: In addition to the above basic requirements, all applicants must have one year (52 weeks) of specialized experience equivalent to at least the GS-14 level (ZP-IV at NIST). The specialized experience is defined as: Experience managing software projects. Experience leading the implementation of vulnerability identifiers and specifications (e.g., CVE, CVSS, CPE, CWE). Experience leading and implementing the use of SBOM, CPE, SWID, Product-URL, or other vulnerability information modeling mechanisms based on a critical evaluation of their benefits and limitations. Experience spearheading initiatives within standards development to produce and ratify new standards. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills, and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. The qualification requirements in this vacancy announcement are based on the U.S. Office of Personnel Management (OPM) Qualification Standards Handbook. If requesting reconsideration of your qualification determination, please refer to the following site: Applicant Reconsideration
Education
This position has an education requirement. Transcripts must be submitted to validate that the education requirement has been met. Unofficial transcripts will be accepted in the application package. However, an official copy will be required before a final offer of employment. Use of foreign education for qualifications. An accredited organization must evaluate education completed outside of the U.S. to ensure that it is comparable to education received in accredited institutions in the U.S. Click here to view a listing of accredited organizations from the Department of Education's website. A copy of the foreign education evaluation (containing the results with a course-by-course listing) is required with your application.
Other Information
This position is covered under NIST's Alternative Personnel Management System (APMS), a pay-for-performance system with excellent HR flexibilities to help NIST recruit and retain top talent. Learn more about the APMS here! We may share your application package with other selecting officials. Additional selections may be made through this vacancy. Click all links in this vacancy announcement to view additional information or instructions. You MUST select at least ONE ELIGIBILITY to be considered for this position. All documents submitted for this announcement must be legible to make qualification or eligibility determinations. A probationary period may be required. NIST strives to build a flexible and encouraging work environment to bring out the best in our employees. To help our employees balance responsibilities at home and at work, NIST offers a variety of work-life flexibilities. For more information, please visit our Careers website.