What are the responsibilities and job description for the National Vulnerability Database Program Manager position at National Institute of Standards and Technology (NIST)?
Summary
Join NIST as the National Vulnerability Database (NVD) Program Manager! You'll lead teams and software infrastructure while collaborating with global stakeholders to evolve vulnerability management standards. Identify ecosystem gaps and develop new technical guidelines and capabilities to strengthen our national cybersecurity posture. This notice is issued under direct-hire authority to recruit new talent to occupations for which NIST has a severe shortage of candidates.
Duties
ZP-IV: National Vulnerability Database Program Manager: As the National Vulnerability Database (NVD) Program Manager, you will lead information security projects and technical teams with limited oversight to support NIST's cybersecurity mission. Manage the NVD and its associated software infrastructure, overseeing project lifecycles and technical teams to ensure operational excellence. Interact with relevant stakeholder groups to anticipate and determine the needs of end users, planning and implementing new capabilities as required. Support the ongoing development of global standards, including CVSS, CVE, and CPE, through active participation in international standards organizations. Identify deficiencies in the existing vulnerability management ecosystem to suggest and develop new capabilities and technical guidelines. ZP-V: National Vulnerability Database Program Manager: As the National Vulnerability Database (NVD) Program Manager, you will provide expert leadership and strategic direction for the NVD portfolio and serve as a primary authority on vulnerability management standards. Define program goals and exercise wide latitude to influence the national security posture and the broader vulnerability management portfolio. Coordinate with high-level stakeholders to identify complex end-user requirements and plan the integration of next-generation capabilities. Influence and drive the development of standards (e.g., CVSS, CVE, CPE) through leadership roles and high-impact contributions within standards-developing organizations. Architect new NIST-developed guidelines and national-level capabilities by identifying and addressing critical gaps in the vulnerability management ecosystem.
Qualifications
Basic Requirements: Bachelor's degree in computer science or bachelor's degree with 30 semester hours in a combination of mathematics, statistics, and computer science. At least 15 of the 30 semester hours must have included any combination of statistics and mathematics that includes differential and integral calculus. All academic degrees and coursework must be from accredited or pre-accredited institutions. For the ZP-IV: In addition to the above basic requirements, all applicants must have one year (52 weeks) of specialized experience equivalent to at least the GS-12 level (ZP-III at NIST). The specialized experience is defined as: Experience working with vulnerability management identifiers and specifications such as CVE, CVSS, CPE, and CWE. Experience with CPE, Product-URL, SBOM, SWID, or different mechanisms of representing or modeling vulnerability information. Experience working with or in standards development to produce standards. For the ZP-V: In addition to the above basic requirements, all applicants must have one year (52 weeks) of specialized experience equivalent to at least the GS-14 level (ZP-IV at NIST). The specialized experience is defined as: Experience managing software projects. Experience leading the implementation of vulnerability identifiers and specifications (e.g., CVE, CVSS, CPE, CWE). Experience leading and implementing the use of SBOM, CPE, SWID, Product-URL, or other vulnerability information modeling mechanisms based on a critical evaluation of their benefits and limitations. Experience spearheading initiatives within standards development to produce and ratify new standards. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills, and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. The qualification requirements in this vacancy announcement are based on the U.S. Office of Personnel Management (OPM) Qualification Standards Handbook. If requesting reconsideration of your qualification determination, please refer to the following site: Applicant Reconsideration
Join NIST as the National Vulnerability Database (NVD) Program Manager! You'll lead teams and software infrastructure while collaborating with global stakeholders to evolve vulnerability management standards. Identify ecosystem gaps and develop new technical guidelines and capabilities to strengthen our national cybersecurity posture. This notice is issued under direct-hire authority to recruit new talent to occupations for which NIST has a severe shortage of candidates.
Duties
ZP-IV: National Vulnerability Database Program Manager: As the National Vulnerability Database (NVD) Program Manager, you will lead information security projects and technical teams with limited oversight to support NIST's cybersecurity mission. Manage the NVD and its associated software infrastructure, overseeing project lifecycles and technical teams to ensure operational excellence. Interact with relevant stakeholder groups to anticipate and determine the needs of end users, planning and implementing new capabilities as required. Support the ongoing development of global standards, including CVSS, CVE, and CPE, through active participation in international standards organizations. Identify deficiencies in the existing vulnerability management ecosystem to suggest and develop new capabilities and technical guidelines. ZP-V: National Vulnerability Database Program Manager: As the National Vulnerability Database (NVD) Program Manager, you will provide expert leadership and strategic direction for the NVD portfolio and serve as a primary authority on vulnerability management standards. Define program goals and exercise wide latitude to influence the national security posture and the broader vulnerability management portfolio. Coordinate with high-level stakeholders to identify complex end-user requirements and plan the integration of next-generation capabilities. Influence and drive the development of standards (e.g., CVSS, CVE, CPE) through leadership roles and high-impact contributions within standards-developing organizations. Architect new NIST-developed guidelines and national-level capabilities by identifying and addressing critical gaps in the vulnerability management ecosystem.
Qualifications
Basic Requirements: Bachelor's degree in computer science or bachelor's degree with 30 semester hours in a combination of mathematics, statistics, and computer science. At least 15 of the 30 semester hours must have included any combination of statistics and mathematics that includes differential and integral calculus. All academic degrees and coursework must be from accredited or pre-accredited institutions. For the ZP-IV: In addition to the above basic requirements, all applicants must have one year (52 weeks) of specialized experience equivalent to at least the GS-12 level (ZP-III at NIST). The specialized experience is defined as: Experience working with vulnerability management identifiers and specifications such as CVE, CVSS, CPE, and CWE. Experience with CPE, Product-URL, SBOM, SWID, or different mechanisms of representing or modeling vulnerability information. Experience working with or in standards development to produce standards. For the ZP-V: In addition to the above basic requirements, all applicants must have one year (52 weeks) of specialized experience equivalent to at least the GS-14 level (ZP-IV at NIST). The specialized experience is defined as: Experience managing software projects. Experience leading the implementation of vulnerability identifiers and specifications (e.g., CVE, CVSS, CPE, CWE). Experience leading and implementing the use of SBOM, CPE, SWID, Product-URL, or other vulnerability information modeling mechanisms based on a critical evaluation of their benefits and limitations. Experience spearheading initiatives within standards development to produce and ratify new standards. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills, and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience. The qualification requirements in this vacancy announcement are based on the U.S. Office of Personnel Management (OPM) Qualification Standards Handbook. If requesting reconsideration of your qualification determination, please refer to the following site: Applicant Reconsideration