Cyber Security Project Manager Level I

Oversees small IT related projects involving cybersecurity services and solutions. Responsible for developing the Project Management plans and other contract documents. Directs the day-to-day efforts of technical personnel. Ensures the quality of deliverable cyber documentation, software, engineering and testing plans, or network installations. Monitors activities under the contract to ensure that all activities are executed in accordance with contract requirements and the COR’s direction. Possesses and applies expertise on multiple complex work assignments. Assignments may be broad in nature, requiring originality and innovation in determining how to accomplish tasks. Operates with appreciable latitude in developing methodology and presenting solutions to problems. Contributes to deliverables and performance metrics where applicable. The scope of work for effort includes infrastructure Hosting (On-premise internal cloud only) – Compute support provides vital services in the provision and maintenance of those resources through a focus on the workflows and methodologies of how compute is created, maintained, and recaptured to deliver timely compute resources to customers, faster, and right sized while ensuring products stay secure and stable. Compute services provide engineering, and security and operations maintenances support for Server Operating Systems, as well as, requirements analysis and design, to ensure adherence to standards & policies for any USPTO Product or Component. OBJECTIVES: SECURITY OPERATIONS INFORMATION ASSURANCE, RMF A&A, AND DOCUMENTATION Combined scope: Provide NIST-based IA governance, full RMF A&A lifecycle support (Categorize → Authorize → Monitor), and produce/update required artifacts (SSP, PTA/PIA, CAW, FIPS-199, PIAs, Contingency Plans, and associated A&A artifacts where applicable). Rationale: RMF activities and IA documentation are tightly coupled—same knowledge, same deliverables. Acceptance criteria / metrics: SSP and associated artifacts updated within 30 calendar days of change; A&A artifacts produced for all major systems within 5 business days when requested. VULNERABILITY & CONFIGURATION MANAGEMENT (KEV HANDLING AND SCAN TUNING) Combined scope: Perform vulnerability/compliance scan analysis, false-positive validation, REGEX/signature tuning, root-cause analysis, prioritization (KEV-first), and feed findings into POA&Ms and remediation actions. Track vulnerability lifecycle to ensure vulnerability closure ≤180 days unless exception approved. Rationale: Scan analysis, signature tuning, and KEV remediation are one continuous remediation workflow. Acceptance criteria / metrics: Help ensure at least 50% of KEVs remediated by associated CISA deadlines; For non-KEVs help ensure vulnerabilities are closed within timeframes dictated in the Vulnerability Management Policies; false-positive suppression documented with expiry. BASELINE MANAGEMENT AND HARDENING Combined scope: Maintain and update security configuration baselines for OS/network/middleware/databases; align with CIS/STIG/DISA; perform impact analysis and coordinate deployment of baseline changes with the OCISO Enterprise Scan Team. Time to notify OCISO Enterprise Scan Team should be within 15 calendar days of security configuration baseline release. Rationale: Baseline creation, STIG/CIS adoption, and coordination with scanning are the same change management activity. Acceptance criteria / metrics: Security Configuration Baselines should be at least 90% compliant to the associated DISA or CIS benchmark; time-to-deploy new benchmark ≤ 45 calendar days from approved release to OCISO scan policy change. IDENTITY, PRIVILEGED ACCESS, AND DHS CDM INITIATIVES Combined scope: Implement and support IdAM (e.g., Okta), Privileged Access Management (CAPAM or equivalent), and CDM program technical integration; produce integration runbooks and control evidence. Rationale: IdAM, PAM, and CDM are identity/credential posture functions that share controls and evidence requirements. Acceptance criteria / metrics: Integration runbook delivered; % of high‑risk privileged accounts under vaulting/policy; CDM dashboard metrics updated per schedule. CLOUD SECURITY AND CLOUD A&A Combined scope: Support RMF/FedRAMP-tailored A&A for cloud systems, produce cloud responsibility/control matrices, collect cloud-native evidence, and maintain continuous monitoring for cloud environments. Rationale: Cloud A&A and cloud control mapping are a single domain of work and require different deliverables but the same ownership.  Acceptance criteria / metrics: Cloud A&A packages SECURITY OPERATIONS, TOOLING, AND AUTOMATION Combined scope: Operate and integrate scanners and security tools (Tenable/DBProtect/HP WebInspect, CSAM repo), maintain detection rules and regex for signatures, provide scripting support (Linux/Windows/Python/PowerShell), and integrate network devices (Cisco/Juniper) and IPv6 assessments. Rationale: Tool operations, automation, tunings, and scripting are continuous SOC/scan support functions. Acceptance criteria / metrics: Tools and scans run per schedule; automation scripts stored in repo with versioning; mean time to validate scan findings. Assist Product Teams to integrate with Reference Pipeline. POA&M MANAGEMENT, REMEDIATION COORDINATION, AND KNOWLEDGE TRANSFER Combined scope: Maintain POA&M lifecycle (intake→assign→remediate→verify→close), provide remediation planning and translation for technical leads, and deliver training and job aids for sustainment. Rationale: POA&M administration and knowledge transfer are part of remediation operations and change acceptance. Acceptance criteria / metrics: POA&M aging distribution; 60% POA&Ms closed on schedule; number of training sessions and job aids delivered. INCIDENT RESPONSE SUPPORT AND ENTERPRISE OPERATIONS COMMAND CENTER (EOCC) COORDINATION Combined scope: Provide incident triage, forensic collection guidance, containment/eradication support, and follow-up lessons learned that feed POA&Ms and baselines. Rationale: Incident response is discrete but tightly linked to remediation and baseline updates. Acceptance criteria / metrics: Rally artifact coverage for security work; sprint predictability and throughput metrics; At least 90% data call submission timeliness. AGILE DELIVERY, REPORTING, AND DATA CALLS Combined scope: Provide Scrum Master services, create Rally artifacts for POA&M and remediation work, manage sprints/epics/stories, and support USPTO data calls with timely, quality submissions and SME coordination. Rationale: Agile management, reporting, and data-call delivery are governance and transparency functions supporting technical work. Acceptance criteria / metrics: Rally artifact coverage for security work; sprint predictability and throughput metrics; At least 90% data call submission timeliness. COMPLIANCE & EXTERNAL DIRECTIVES IMPACT ASSESSMENT Combined scope: Monitor and assess DHS/OMB memos, CISA BODs, and other directives; map to controls and operational actions; track and report compliance status and exceptions. Rationale: Agile management, reporting, and data-call delivery are governance and transparency functions supporting technical work. Acceptance criteria / metrics: New BOD/memo assessed within 15 calendar days; compliance register updated; exceptions documented and approved.