Information Technology Specialist (Security)

Washington, D.C
May 14, 2022
May 21, 2022
IT, Security Engineer
Full Time

The incumbent is a recognized IT security expert within the Judiciary with a strong background in cyber security, networking, security devices, operating systems, and a proven record of successfully deploying solutions to improve the organization's cyber security posture. The incumbent will perform various duties under the direction and guidance of the Security Systems Team Lead and the Chief, Security Mission Integration.

The incumbent serves as a security applications engineer and is responsible for leading the operational support for all Information Technology Security Office (ITSO) systems. The candidate will be responsible for the day-to-day operations of ITSO-managed security systems while improving the judiciary's ability to leverage automation to mitigate threats in near real-time.

Duties may include, but are not limited to, the following:
  • Managing the day-to-day operations of all ITSO security systems while ensuring system availability
  • Providing responses and solutions to all customer tickets within defined response times while ensuring high levels of customer satisfaction.
  • Providing operational management of ITSO systems including but not limited to FireEye devices, Zeek Network Security Monitor, Azure Sentinel, Splunk Enterprise Security, and Splunk Phantom.
  • Developing Intrusion Prevention Systems (IPS) signatures using Snort rules in response to emergent threats.
  • Providing weekly signature recommendations for Enterprise Operations Center(EOC)-managed systems including Cisco Firepower and Imperva Web Application Firewalls.
  • Creating a culture of automation first that shortens the time between detection and response to automatically mitigate security threats in cyber-relevant timeframes.
  • Maintaining team procedures for daily tasks to ensure compliance with appropriate judiciary policies.
  • Conducting weekly ticket reviews with the Security Operations Center to determine areas for improvement and incorporate analyst feedback into alert tuning.
  • Managing all ITSO systems in the Internet Data Centers and the Judiciary Data Center in accordance with applicable policies and procedures.
  • Ensuring the mitigation of all vulnerabilities in ITSO systems in accordance with the Judiciary Information Security Framework (JISF).
  • Maturing ITSO's capabilities for Risk Based Alerting (RBA) by continuously developing and refining searches that detect risk across the enterprise to identify hard-to-detect threats.
  • Providing weekly activity reports for team that highlight ongoing operational improvements.
  • Developing methodologies for continually monitoring and assessing the security posture of the judiciary to ensure that all systems are performing within expected tolerances.
  • Advising and consulting with stakeholders on appropriate application of security practices and existing security services to solve problems or enable new security opportunities.
  • Creating documentation related to systems management or systems architecture as required.

  • Requirements

    Conditions of Employment

  • AO employees are required to attest to their vaccination status. New employees are required to complete a Certification of Vaccination Form. The information provided on the form will be treated as confidential information and will be managed by the AO Human Resources Office.
  • All information is subject to verification. Applicants are advised that false answers or omissions of information on application materials or inability to meet the following conditions may be grounds for non-selection, withdrawal of an offer of employment, or dismissal after being employed.
  • Selection for this position is contingent upon completion of OF-306, Declaration of Federal Employment during the pre-employment process and proof of U.S. citizenship for competitive status positions or conversion to a competitive status position with the AO. If non-citizens are considered for hire into a temporary or any other position with non-competitive status or when it is confirmed by the AO Human Resources Office there are no qualified U.S. citizens for a competitive status position (unless prohibited by a law or statue), non-citizens must provide proof of authorization to work in the U.S. and proof of entitlement to receive compensation. Additional information on the employment of non-citizens can be found at USAJOBS Help Center | Employment of non-citizens / . For a list of documents that may be used to provide proof of citizenship or authorization to work in the United States, please refer to Form I-9, Employment Eligibility Verification .
  • All new AO employees will be required to complete an FBI fingerprint-based national criminal database and records check and pass a public trust suitability check.
  • New employees to the AO will be required to successfully pass the E-Verify employment verification check. To learn more about E-Verify, including your rights/responsibilities, visit .
  • All new AO employees are required to identify a financial institution for direct deposit of pay before appointment.
  • You will be required to serve a trial period if selected for a first-time appointment to the Federal government, transferring from another Federal agency, or serving as a first-time supervisor. Failure to successfully complete the trial period may result in termination of employment.
  • If appointed to a temporary position, management may have the discretion of converting the position to permanent depending upon funding and staffing allocation.

  • Qualifications

    Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions.

    Specialized Experience : Applicants must have at least one full year (52 weeks) of specialized experience which is in or directly related to the line of work of this position. Specialized experience must demonstrate ALL areas defined below:
  • Working in security systems engineering with emphasis on delivering high-quality cyber security solutions to mitigate advanced persistent threats.
  • Working knowledge of Splunk's Search Processing Language (SPL).
  • Applicants with the following certifications/experiences are highly desirable:
    • Bachelor of Science degree in Computer Science, Mathematics, Engineering, Data Science, or other relevant STEM degree from fully accredited university
    • Certified Scrum Master (CSM)
    • Advanced technology-agnostic cyber security certification from ISC2, ISACA or SANS. Preference will be given to CISSP.
    • CCIE-Security Certification
    • CCNP-Certification
    • Splunk Architect Certification


    This position does not require education to qualify.

    Additional information

    The AO is an Equal Opportunity Employer.