Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

FedRAMP Program Lead: Vulnerability Management & Continuous Monitoring GS14

This job posting has closed.

Please see our other open positions.

Basic information

Open to U.S. citizens or nationals (residents of American Samoa and Swains Island). Subject to background check. Full information is available on USAJOBS.

Supervisory status: Supervisory

Job title: FedRAMP Program Lead: Vulnerability Management & Continuous Monitoring GS14

Official title in USAJOBS: 2210 IT Specialist (INFOSEC)

Number of vacancies: 1

Location: Anywhere in the U.S. (remote)

Salary range: GS-14 ($122,198 to $191,900)

Your salary, including base and locality, will be determined upon selection, dependent on your actual duty location. Please note the maximum salary available for the GS pay system is $183,500. For specific details on locality pay, please visit OPM’s Salaries & Wages page or for a salary calculator OPM’s 2023 General Schedule (GS) Salary Calculator. You can find more information in our compensation and benefits section.

Travel requirement: Occasional travel may be required up to 10%-20% per year.

Work schedule: Full time.

Appointment type: This is a permanent position.

Learn more about the benefits of working at GSA and TTS.

Role summary

The American people deserve to trust that their government is effectively securing their online interactions. Those agencies, in turn, trust FedRAMP to provide fair, accurate and unbiased assessments of cloud service offerings. FedRAMP is a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment and maintaining a centralized repository of security packages that agencies can request and reuse. The FedRAMP Program Lead will unite vision and execution to lead an interdisciplinary team in delivering the IT/Cybersecurity vulnerability and continuous monitoring actions leveraging current industry and government cybersecurity laws and policies.

Key objectives

1. Own the product vision and lead end-to-end product/program development and management

  • Establish, operate, and maintain a FedRAMP Vulnerability Management program strategy and roadmap, including objectives, goals, and metrics, in support of federal cybersecurity and FedRAMP program policy.

  • Develop a communications strategy and training that includes internal/external government and commercial stakeholders supporting Vulnerability Management program goals and expectations.

  • Identify, proactively monitor and address program risks associated with cybersecurity and vulnerability management.

  • Work with the team to set and meet quality standards for vulnerability management deliverables.

  • Make program evidence-based program decisions through use of user research, analytics, and other tools.

  • Ensure FedRAMP Vulnerability Management program complies with federal regulations such as Authority to Operate, the Paperwork Reduction Act, and Section 508.

2. Work with agency partners to enable cybersecurity risk management

  • Work with partners and stakeholders to establish in-house Vulnerability Management program ownership and participation as part of the FedRAMP Continuous Monitoring Program.

  • Collaborate with partners to navigate complex bureaucratic relationships to bring stakeholders together around a common program vision and strategy to support the identification and remediation of suspected and reported vulnerabilities and other cybersecurity issues.

  • Work with partners to establish relationships with their security, operations, and IT teams that will help sustain the product in the long term.

3. Build institutional expertise around product/program management

  • Keep abreast of program management best practices and share with the TTS organization.

  • Stay on top of new technologies and how it can be used to help solve government problems.

  • Contribute to FedRAMP’s culture of transparency by publishing accounts of successes and challenges.

  • Continually seek out new tools that could improve the way we work.

  • Pay attention to well-supported open source product offerings that can be reused in a government context to solve common problems.


Provide as much detail as possible on your resume so that we can evaluate your previous experience. Follow our guidance on creating a federal style resume.

Failure to provide required information may result in disqualification.

For each job on your resume, provide:

  • The exact dates you held each job (from month/year to month/year or “present”)
  • Number of hours per week you worked (if part time)


To qualify, you must have one (1) year of specialized experience at the next lower GS-grade (or equivalent). Specialized experience is defined as follows:

  • Experience implementing and evaluating cybersecurity and compliance standards, such as International Standards Organization (ISO), Health Insurance Portability and Accountability Act (HIPAA), Security Operations Center (SOC), Payment Card Industry (PCI), National Institute of Standards and Technology (NIST), or FedRAMP.
  • Implementation of new tools, techniques or methodologies to support the reporting and mitigation of of security vulnerabilities
  • Leading the planning, management, oversight and/or direction of a highly complex digital program, product or business
  • Experience building and managing collaborative relationships with a complex set of stakeholders to achieve program goals.

How to Apply

Join TTS

An official website of the GSA’s Technology Transformation Services

Looking for U.S. government information and services?