Skip Navigation Bar
NLM logo

Lead IT Specialist – Infrastructure & Data Protection (INFOSEC)

The NLM Office of Computer and Communications Systems (OCCS) is seeking to recruit Lead IT Specialist – Infrastructure & Data Protection (INFOSEC) position


The Lead IT Specialist candidate will be expected to:


  • Exercise team leadership responsibilities over a team of employees with functions related to system and software vulnerability management.
  • Ensure that the organization's strategic plan, mission, vision and values are communicated to the team and integrated into the team's strategies, goals, objectives, work plans and work products and services.
  • Articulate and communicate to the team the assignment, project, problem to be solved, actionable events, milestones, and/or program issues under review, and deadlines and time frames for completion.
  • Coach the team in the selection and application of appropriate problem solving methods and techniques, provide advice on work methods, practices and procedures, and assist the team and/or individual members in identifying the parameters of a viable solution.
  • Lead the team in: identifying, distributing and balancing workload and tasks among employees in accordance with established work flow, skill level and/or occupational specialization; making adjustments to accomplish the workload in accordance with established priorities to ensure timely accomplishment of assigned team tasks; and ensuring that each employee has an integral role in developing the final team product.
  • Train or arrange for the training of team members in methods and techniques of team building and working in teams to accomplish tasks or projects, and provide or arrange for specific administrative or technical training necessary for accomplishment of individual and team tasks.
  • Monitor and report on the status and progress of work, checking on work in progress and reviewing completed work to see that the supervisor's instructions on work priorities, methods, deadlines and quality have been met.
  • Serve as coach, facilitator and/or negotiator in coordinating team initiatives and in consensus building activities among team members.
  • Represent the team in dealings with the supervisor or manager for the purpose of obtaining resources (e.g., computer hardware and software, use of overtime or compensatory time), and securing needed information or decisions from the supervisor on major work problems and issues that arise.
  • Report to the supervisor periodically on team and individual work accomplishments, problems, progress in mastering tasks and work processes, and individual and team training needs.
  • Represent the team's consensus and conveys the team's findings and recommendations in meetings and dealings with other team leaders, program officials, the public and other customers on issues related to or that have an impact on the team's objectives, work products and/or tasks.
  • Lead security best practices used to proactively prevent the exploitation of information technology (IT) vulnerabilities that exist across NLM.
  • Ensure the development and implementation of plans for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with system vulnerabilities, and identifies the need for changes based on new security technologies or threats.
  • Ensure that patch-management procedures, mitigation plans, and implementation plans are establish and maintained.
  • Ensure continuous and effective system vulnerability monitoring, scanning and reporting.
  • Provide advice and assistance to system administrators and other NLM personnel in identifying and implementing security requirements for NLM systems, including: secure system configuration, operating system patches, security tools and security monitoring techniques.
  • Manage NLM-wide enterprise security tools to support NLM IT security program with technical modernization as threats change.
  • Manage vulnerability and compliance assessment scanning and reporting with statistics, dashboards, automated alerts to meet National Institutes of Health (NIH) security compliance requirements and support NIH Continuous Diagnostics and Mitigation (CDM).
  • Manage application scanning, vulnerability validation, and guide remediation, reporting, and training.
  • Advise application system managers, and other NIH personnel, on how to secure applications such as email, World Wide Web services, File Transfer Protocol (FTP), database systems, etc.
  • Lead the effort to continuously improve vulnerability management program and reduce the time and resources that are spent detecting, investigating, analyzing, and remediating these vulnerabilities.
  • Oversee and monitor the secure software development life cycle being adopted by NLM IT divisions.
  • Lead large-scale, complex NLM-wide projects involving information technology security/cybersecurity vulnerability management and compliance.
  • Coordinate all aspects of the preparing and responding to timely handling security alerts and incidents.


Applications (resume and vacancy questions) MUST be received online via USAJOBS:

Open and closing dates: 05/17/2023 to 05/26/2023

Announcement Number: NIH-NLM-DH-23-11963937


Please contact Douglas Bruno, Human Resources Specialist: for more information.


Last Reviewed: May 19, 2023