National Vulnerability Database Program Manager
What you'd do
Join NIST as the National Vulnerability Database (NVD) Program Manager! You'll lead teams and software infrastructure while collaborating with global stakeholders to evolve vulnerability management standards. Identify ecosystem gaps and develop new technical guidelines and capabilities to strengthen our national cybersecurity posture. This notice is issued under direct-hire authority to recruit new talent to occupations for which NIST has a severe shortage of candidates.
Major duties
ZP-IV: National Vulnerability Database Program Manager: As the National Vulnerability Database (NVD) Program Manager, you will lead information security projects and technical teams with limited oversight to support NIST's cybersecurity mission. Manage the NVD and its associated software infrastructure, overseeing project lifecycles and technical teams to ensure operational excellence. Interact with relevant stakeholder groups to anticipate and determine the needs of end users, planning and implementing new capabilities as required. Support the ongoing development of global standards, including CVSS, CVE, and CPE, through active participation in international standards organizations. Identify deficiencies in the existing vulnerability management ecosystem to suggest and develop new capabilities and technical guidelines. ZP-V: National Vulnerability Database Program Manager: As the National Vulnerability Database (NVD) Program Manager, you will provide expert leadership and strategic direction for the NVD portfolio and serve as a primary authority on vulnerability management standards. Define program goals and exercise wide latitude to influence the national security posture and the broader vulnerability management portfolio. Coordinate with high-level stakeholders to identify complex end-user requirements and plan the integration of next-generation capabilities. Influence and drive the development of standards (e.g., CVSS, CVE, CPE) through leadership roles and high-impact contributions within standards-developing organizations. Architect new NIST-developed guidelines and national-level capabilities by identifying and addressing critical gaps in the vulnerability management ecosystem.
What you need to qualify
Experience must be IT-related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate GS-5 through GS-15 (or equivalent): For all positions, individuals must have IT-related experience demonstrating each of the four competencies listed below. The employing agency is responsible for identifying the specific proficiency level required for each competency at each grade level, based on the requirements of the position being filled. Attention to Detail- Is thorough when performing work and conscientious about attending to detail. Customer Service- Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication- Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving- Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. In addition to the above requirements, Applicants must have one year (52 weeks) of specialized experience equivalent to at least the GS-12 level (ZP-III at NIST). Specialized experience is defined as: Experience working with vulnerability management identifiers and specifications such as CVE, CVSS, CPE, and CWE. Experience with CPE, Product-URL, SBOM, SWID, or different mechanisms of representing or modeling vulnerability information. Experience working with or in standards development to produce standards. For the ZP-V: In addition to the above basic requirements, all applicants must have one year (52 weeks) of specialized experience equivalent to at least the GS-14 level (ZP-IV at NIST). The specialized experience is defined as: Experience managing software projects. Experience leading the implementation of vulnerability identifiers and specifications (e.g., CVE, CVSS, CPE, CWE). Experience leading and implementing the use of SBOM, CPE, SWID, Product-URL, or other vulnerability information modeling mechanisms based on a critical evaluation of their benefits and limitations. Experience spearheading initiatives within standards development to produce and ratify new standards. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills, and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. The qualification requirements in this vacancy announcement are based on the U.S. Office of Personnel Management (OPM) Qualification Standards Handbook. If requesting reconsideration of your qualification determination, please refer to the following site: Applicant Reconsideration
Before you apply
Federal applications are different: your resume should be 3–5 pages and mirror the language of this announcement. Read our federal resume guide first — it's the #1 reason qualified people get screened out.
Don't miss the next one.
Get an email the moment a similar federal job opens — postings can close in as little as 5 days.