Cybersecurity Specialist

As an FBI IT Professional, your job is to ensure our law enforcement systems, as well as the entire cyberspace within which we work, are protected. This means applying your knowledge of computer technology, cybersecurity, and more to safeguard information across the FBI, as well as our domestic and international law enforcement partners.

Duties

• Monitor network traffic and security alerts for malicious activities and indicators of compromise (IOCs).
• Lead incident response efforts during security breaches, coordinating remediation activities and ensuring effective communication.
• Conduct digital forensic investigations to support incident resolution, compliance, and regulatory requirements.
• Perform cyber threat intelligence analysis, including threat hunting, and manage Threat Intelligence Platforms (TIPs).
• Proactively identify, analyze, and mitigate security risks by integrating threat intelligence into defensive strategies.
• Collaborate with cross-functional teams to enhance ESOC processes, response capabilities, and security posture.
• Drive continuous improvement in ESOC operations through innovation and adoption of new detection technologies.
• Mentor and train junior IT specialists on cybersecurity practices, tools, and ESOC operational procedures.
• Prepare comprehensive reports and briefings for leadership on incident findings, risk assessments, and threat intelligence updates.
• Stay current with emerging cybersecurity trends, tactics, techniques, and procedures (TTPs) to enhance detection capabilities.

Salary

• $63,163 - $138,296/year

Conditions of Employment

• Must be a U.S. citizen
• Must be able to obtain a Top Secret-SCI clearance
• All federal employees who opted into the Deferred Resignation program (DRP) MUST resign prior to appointment in their new position.

Qualifications

GS-11: Applicant must possess at least one (1) year of SE equivalent to the GS-09 grade level. SE is defined as follows:

• Demonstrated experience monitoring and analyzing network traffic, logs, and security alerts for basic indicators of compromise (IOCs) and suspicious activities.
• Demonstrated experience supporting incident response efforts, under supervision, including documenting incidents, performing preliminary triage, and escalating as needed.
• Exposure to cyber threat intelligence processes, including initial research, data enrichment, and contribution to Threat Intelligence Platforms (TIPs).
• Familiarity with common cybersecurity tools (e.g., SIEMs, IDS/IPS) and basic scripting or query skills for analyzing security data.

GS-12: In addition to the above, applicant must possess at least one (1) year of SE equivalent to the GS-11 grade level. SE is defined as follows:

• Demonstrated experience detecting, analyzing, and responding to security threats, including the ability to independently lead initial incident response activities and recommend remediation strategies.
• Demonstrated experience conducting digital forensic investigations, such as log analysis, data extraction, malware analysis, and ensuring evidence integrity for legal and compliance purposes.
• Experience in cyber threat intelligence operations, including threat hunting, adversary profiling, and integrating intelligence into the organization's defensive posture.
• Strong ability to collaborate with internal and external stakeholders to resolve security incidents, communicate risks, and implement mitigations.
• Experience integrating new tools or technologies into incident detection and response workflows.

• Demonstrated experience leading high-severity cybersecurity investigations, including coordinating cross-departmental efforts and developing comprehensive incident containment, eradication, and recovery strategies.
• Demonstrated the ability to manage complex investigations, handle advanced malware analysis, perform network forensics, and ensure compliance with legal and regulatory frameworks.
• Demonstrated experience managing threat intelligence platforms (TIPs) and leading threat intelligence operations, including collaborating with external intelligence-sharing communities and agencies.
• Demonstrated leadership in mentoring and guiding junior specialists, and leading major IT projects.

• Experience using project management practices to support various IT functions.
• In-depth knowledge of IT and the application of advanced cybersecurity engineering concepts and practices.
• Experience using information technology to identify, forecast, analyze, and research automated systems to discern solutions to problems, approaches, methods, and procedures.
• Demonstrated capacity to lead a team of technical personnel, expertly communicate, and collaborate with subordinates, colleagues, stakeholders, partners, and executives to achieve results.

• CompTIA Security + CE
• Certified Ethical Hacking
• CompTIA Cybersecurity Analyst +

Education All degrees must be from an accredited college or university. Education may be substituted for specialized experience as follows: Degrees must be in one of the following fields: computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management OR a degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks. Education completed in foreign colleges or universities may be used to meet the above requirements provided you can show foreign education is comparable to that received in an accredited educational institution in the United States. GS-11: Applicant must have a Ph.D. OR equivalent doctoral degree OR 3 full years of progressively higher level graduate education leading to such a degree OR LL.M., if related. Other Information This position advertised has been exempted from the federal civilian hiring freeze. In order to recruit and retain highly qualified candidates, selectees may be eligible for relocation or recruitment incentives. To be eligible for a relocation incentive, proof of change of residency will be required. Prior to receiving a relocation or recruitment incentive, an employee must sign a written service agreement to complete a specific period of employment with the FBI at the new duty station. Memorandum for Record: Work performed outside assigned duties (that would not normally be documented on an SF-50, i. e., back-up duties), has to be documented in detail by an immediate supervisor in order to receive full credit for amount of time worked in that position. If no documentation is furnished no credit will be given for time worked in that position. The following notations must be specified in the documentation (Memorandum for Record): a. Percent of time worked in the particular position (cannot conflict with main duties). b. The month/year work began. c. Frequency worked (i.e., daily, monthly, etc.) d. Specific duties performed. Required Documents

1. Your resume, specifically noting relevant work experience and associated start and end dates.
2. A complete assessment questionnaire.
3. Other supporting documents (if applicable):

• College transcripts, if qualifying based on education or if there is a positive education requirement.
• Notification of Personnel Action, SF-50; not applicable to current FBI employees.
• Memorandum for Record (MFR), Please see Additional Information.
• Most recent Performance Appraisal; not applicable to current FBI employees.
• Veterans: DD 214; Disabled Veterans: DD 214, SF-15, and VA letter dated 1991 or later.

How to Apply

To apply for the Cybersecurity Specialist position, please click here.

The official title of this position is IT Specialist.