Vulnerability Management Lead (INFOSEC) - Office of the Chief Information Officer jobs in United States
cer-icon
Apply on Employer Site
company-logo

GSA · 3 hours ago

Vulnerability Management Lead (INFOSEC) - Office of the Chief Information Officer

positionWashington, DC
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$144K/yr - $144K/yr
date1+ years exp

GSA is seeking a Vulnerability Management Lead to manage and maintain its cybersecurity defenses. The role involves ensuring compliance with federal cybersecurity policies and leading various security assessments and evaluations.

AssociationGovernmentReal Estate
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Responsible for a variety of Information Security tasks and functions to ensure agency level compliance with GSA IT Security policies, Federal Information Security Management Act of 2002 (FISMA), Office of Management and Budget (OMB), Department of Homeland Security (DHS), and National Institute of Standards and Technology (NIST) requirements
Provides expert advice to the Division Director. Represents the Division and OCIO in meetings with other GSA entities; and GSA in meetings with representatives of industry, other agencies, public organizations, etc. , to resolve problems, develop joining policies/standards; analyze, select and implement IT security products/services/solutions, and exchange information regarding areas of technical expertise
Conducts, oversees, and monitors security analyses, testing, and evaluations of GSA information systems in support of Security Assessment and Authorization (A&A) of and ongoing Continuous Monitoring. Creates reports, guidance, and direction for enhancement of security for systems/networks
Participates in the conduct and management of independent evaluations and compliance reviews of IT systems in accordance with FISMA. This includes, but is not limited to, POA&M reviews, assessment, and authorization package reviews, exhibit 300 reviews, vulnerability assessments and scanning activities, system configuration reviews, and system inventory reviews, IT audit findings and remediation, etc
Mitigates data exfiltration and service disruption risks, and reduces detection and response times, and recommends and directs changes in network and system designs, plans, or documentation to ensure compliance with security and privacy policy. Accelerates AI/ML-driven analytics into defensive cyber operations, including automated threat intelligence, anomaly detection, and risk scoring
Responsible for implementing Enterprise Security Shared Services across stakeholders, in conjunction with the Director and the CISO/DCISO, building product roadmaps, business use cases, technical specifications, wireframes, mockups, prototypes, launch plans, tracking key performance metrics and data analytics/reporting along with end user/customer surveys among other deliverables for identifying efficiencies for the rolled-out services
Manages GSA's Vulnerability Disclosure Program and Bug Bounty Program. Provides oversight and manages notifications from public sources of information risks for these programs
Evaluates, acquires, configures, and uses software intended to ensure that automated systems are secure from unauthorized use, viral infection, and other problems that would compromise sensitive information in terms of confidentiality, integrity, and availability, or would compromise other aspects of overall system security

Qualification

Cybersecurity complianceVulnerability assessmentsSecurity software toolsContinuous monitoringRisk managementCustomer serviceAttention to detailOral communicationProblem solving

Required

US Citizenship or National (Residents of American Samoa and Swains Island)
Meet all eligibility requirements within 30 days of the closing date
Register with Selective Service if you are a male born after 12/31/1959
Direct Deposit of salary check to financial organization required
Current or Former Political Appointees: The Office of Personnel Management (OPM) must authorize employment offers made to current or former political appointees
Serve a one year probationary period, if required
Undergo and pass a background investigation (Tier 2 investigation level)
Have your identity and work status eligibility verified if you are not a GSA employee
At least one year of specialized experience equivalent to the GS-13 level or higher in the Federal service
IT-related experience demonstrating EACH of the four competencies: Attention to Detail, Customer Service, Oral Communication, Problem Solving
Specialized experience conducting or assisting with security assessments, evaluations, or continuous monitoring of information systems and ensuring compliance with cybersecurity policies or regulatory requirements
Experience identifying and addressing security vulnerabilities or risks, recommending improvements to system or network designs, or using security software or tools to safeguard systems

Benefits

Health insurance (choose from a wide range of plans)
Life insurance coverage with several options
Sick leave and vacation time, including 11 paid holidays per year
Thrift Savings Plan (similar to a 401(k) plan)
Flexible work schedules
Transit and child care subsidies
Flexible spending accounts
Long-term care insurance
Training and development

Company

GSA

twittertwittertwitter
company-logo
GSA is a government agency that manages and supports the basic functioning of federal agencies.
dateFounded in 1949
location
Washington, District of Columbia, USA
people-size10001+ employees
web-link
https://www.gsa.gov

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Nimisha Agarwal
Chief Financial Officer
linkedin
leader-logo
Arron Helm
Chief Human Capital Officer
linkedin

Recent News

Nextgov.com
GSA wants answers from resellers about markups and equipment maker relationships
2026-01-23
Nextgov.com
Michael Lynch becomes GSA deputy administrator again
2026-01-22
Digital Commerce 360
GSA expands transactional data reporting
2026-01-16
Company data provided by crunchbase