Summary This position is located in the Department of Technology Services (DTS), IT Security Office (ITSO), Security Engineering Division in Washington, DC. Responsibilities The incumbent of this position serves as the Chief, IT Vulnerability Management (ITVM) Branch which is tasked with providing strategic direction in support of the Division's mission, ensuring that objectives are achieved, ascertaining that risks are managed appropriately, and verifying that the agency's resources are used responsibly. The Branch makes decisions concerning investments in security measures, aligning cyber security risk management with other aspects of enterprise risk management, and managing the organization's cyber security posture. The incumbent applies an exceptionally high level of acquired subject matter expertise, technical acumen, and a wide range of programmatic techniques to accomplish major duties and associated responsibilities through individual performance and leadership of the combined efforts of directly assigned personnel. The incumbent will perform multiple and varying assignments under the Chief, SED Division. Duties of the position include, but are not limited to: Performing the full range of first line supervisory duties. Conducting risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs. Promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals. Assessing security events to determine impact and implementing corrective actions. Conducting systems security verification and validation to ensure they meet risk acceptance requirements. Developing and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures. Ensuring the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services. Providing for appropriate recommendations on the acquisition of vendor-supplied software and hardware. Adapting current testing processes to align with rapid development, security, and operations (DevSecOps) processes. Developing security requirements that can be added to functional requirements so that security is built into products from the beginning. Providing resources and tools that will make it easier for development teams to adopt security requirements from the start. Managing the internal and external vulnerability scanning programs (i.e., CISA Cyber Hygiene and Bug Bounty Program) conducted by internal and external teams. Staying current with emerging threats by collaborating with internal and external (i.e., CISA, FBI) to perform software centric, attacker centric, and asset centric threat modeling. Serving as both the leader and subject matter expert for the development, management, and execution of ITVM services and work products. Performing additional duties as the contracting officer representative (COR), project planning, budget planning, scheduling, oversight of concurrent tasking, service delivery, and reporting. Performing research to identify potential vulnerabilities in and threats to existing web, applications, database, and operating system technologies, and provides timely, clear, technically accurate notification to management of the risk potential and options for remediation. Providing analogous services for new or emerging technologies being considered for judiciary use. Managing, operating, and maintaining the security testing infrastructure and testing tools. Researching and identifying new tools that can improve the testing process and/or support enterprise development activities. Performing contracting activities, administration, and management of these tools and licenses. Creating and making recommendations for improvements to IT security resources maintained by ITSO, such as security guidelines, hardening standards, and best practices. Providing input on enterprise security tools in their configurations and implementations. Demonstrating strong project management as well as oral and written communication skills. Providing complete and accurate project status updates to the SED Division Chief and promptly communicates any barriers to task completion. Responding to inquiries from System Owners, IT Directors, Court Unit Executives, and other judicial employees on information security related issues. Explaining technical security terms, concepts, and techniques to both technical and non-technical audiences. Requirements Conditions of Employment CONDITIONS OF EMPLOYMENT All information is subject to verification. Applicants are advised that false answers or omissions of information on application materials or inability to meet the following conditions may be grounds for non-selection, withdrawal of an offer of employment, or dismissal after being employed. Selection for this position is contingent upon completion of OF-306, Declaration of Federal Employment during the pre-employment process and proof of U.S. citizenship for competitive status positions or conversion to a competitive status position with the AO. If non-citizens are considered for hire into a temporary or any other position with non-competitive status or when it is confirmed by the AO Human Resources Office there are no qualified U.S. citizens for a competitive status position (unless prohibited by a law or statue), non-citizens must provide proof of authorization to work in the U.S. and proof of entitlement to receive compensation. Additional information on the employment of non-citizens can be found at USAJOBS Help Center | Employment of non-citizens/. For a list of documents that may be used to provide proof of citizenship or authorization to work in the United States, please refer to Form I-9, Employment Eligibility Verification. All new AO employees will be required to complete an FBI fingerprint-based national criminal database and records check and pass a public trust suitability check. New employees to the AO will be required to successfully pass the E-Verify employment verification check. To learn more about E-Verify, including your rights/responsibilities, visit https://www.e-verify.gov/. All new AO employees are required to identify a financial institution for direct deposit of pay before appointment. You will be required to serve a trial period if selected for a first-time appointment to the Federal government, transferring from another Federal agency, or serving as a first-time supervisor. Failure to successfully complete the trial period may result in termination of employment. If appointed to a temporary position, management may have the discretion of converting the position to permanent depending upon funding and staffing allocation. Qualifications Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions. Specialized Experience: Applicants must have at least one full year (52 weeks) of specialized experience which is in or directly related to the line of work of this position. Specialized experience is demonstrated experience in ALL areas defined below: Conducting information security testing in web applications, infrastructure assets and technologies, mobile applications, custom developed software implementations, virtual technologies, and common application platforms. Conducting risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs. Promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals. Leading a team of cybersecurity professionals responsible for testing application and information systems as part of the organizations development, security, and operations (DevSecOps) processes. Education This position does not require education to qualify. Additional Information The AO is an Equal Opportunity Employer.