Information Technology Specialist (Security)

This position is located within the Department of Technology Services (DTS), Information Technology Security Office (ITSO). The incumbent is a recognized IT security expert with a strong defensive cyber background and "hands-on" experience in incident response. The incumbent will perform multiple and varying assignments under the direction of the Chief, Incident Response Branch - Security Operations Division

Duties The Incident Response Subject Matter Expert (SME) under the direction of an Incident Commander, is responsible for analyzing intrusion alerts, assessing impact, implementing containment measures to limit threat propagation, and facilitating the recovery of compromised systems. This role supports 24x7x365 security operations and requires availability between 0600 and 2100 EST during incident response activities, with additional on-call responsibilities for weekends and after-hours incidents. The incumbent must be able to perform the tasks and meet the knowledge and skill statements as described in NIST Special Publication 800-181 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce for the roles of Defensive Cybersecurity (PD-WRL-001) and Incident Response (PD-WRL-003). Duties include, but are not limited to the following: Conducting thorough analysis of network, endpoint, and application logs to identify and assess intrusions, determine their impact, and implement appropriate containment strategies to mitigate threats. Providing timely and accurate incident status updates to key stakeholders, including the incident commander, SOC leaders, and executives. Developing and tests enterprise-wide detection and response capabilities, including endpoint artifact retrieval, isolation techniques, and Yara rule creation, to improve threat detection and containment at scale. Maintaining and enhances the organization's incident response framework by defining and refining incident declaration processes, updating the Judiciary's Incident Response Plan, and identifying gaps in existing procedures. Driving continuous improvement through the development and validation of readiness exercises, standard operating procedures, and playbooks, while pioneering innovative incident response techniques for PaaS and SaaS cloud environments and leveraging automation to streamline response efforts Salary

• $101,402 - $190,061/year

Qualifications Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions. Applicants must have at least one full year (52 weeks) of specialized experience, which is in or directly related to the line of work of this position. Specialized experience is demonstrated experience in ALL of the following: Development experience to include proficiency in 1 or more of the following: .NET, PowerShell, C# or Python. Comprehensive understanding of adversarial techniques, with the capability to technically diagram and articulate the stages of an intrusion. SME-level experience examining enterprise audit logs including Windows Event Log and Sysmon in Windows environments, and auditd in Linux environments. Knowledge of forensic methodologies and the processes involved in collecting, preserving, and analyzing digital evidence to accurately reconstruct events and support incident response efforts. Experience in analyzing sophisticated attacker techniques that exploit email and cloud services as attack vectors. Desired, but Not Required: GIAC Certified Incident Handler (GCIH) GIAC Certified Forensic Analyst (GCFA) GIAC Certified Forensic Examiner (GCFE) GIAC Cloud Incident Response (GCIR) Certified Information Systems Security Professional (CISSP) Education This position does not require education to qualify. Required Documents For this job announcement the following documents and/or information are required: Resume - Any written format you choose to describe your job-related qualifications. Citizenship - Include country of citizenship on resume. Notification of Personnel Action (SF-50) - All applicants outside of the AO must submit a copy of your latest SF-50 to verify current or former Federal employment status. Veterans Preference documentation - Certificate of Release or Discharge from Active Duty (DD Form 214), if applicable Application for 10-Point Veteran Preference (SF-15) and an official statement, dated 1991 or later, from the Department of Veterans Affairs or from a branch of the Armed Forces, certifying to the veteran's present receipt of compensation. How to Apply To apply for this position, you must complete the online application and submit the documentation specified in the Required Documents section below. The complete application package must be submitted by 02/18/2025 to receive consideration. To begin, click Apply Online to access an online application. Follow the prompts to select your USAJOBS resume and/or other supporting documents. You will need to be logged into your USAJOBS account or you may need to create a new account. You will be taken to an online application. Complete the online application, verify the required documentation, and submit the application. You will receive an email notification when your application has been received for the announcement. To verify the status of your application, log into your USAJOBS account, https://my.usajobs.gov/Account/Login, select the Application Status link and then select the More Information link for this position. The Application Status page will display the status of your application, the documentation received and processed, and your responses submitted to the online application. Your uploaded documents may take several hours to clear the virus scan process. Click the following link to view and print the occupational questionnaire https://apply.usastaffing.gov/ViewQuestionnaire/12683478