Information Technology Specialist (Security)

Employer
Administrative Office of the US Courts
Location
Washington, DC
Posted
Apr 20, 2017
Closes
Apr 21, 2017
Function
IT, Security Engineer
Industry
Security
Hours
Full Time
Administrative Office of the US Courts * 1 vacancy - Washington DC, DC Work Schedule is Full-Time - Permanent Opened Tuesday 4/4/2017 (3 day(s) ago) ** Closes Tuesday 4/18/2017 (11 day(s) away) ## Job Overview Summary The Administrative Office (AO), an agency of the Judicial Branch of the Federal government, is committed to serving and supporting the Federal court system of the United States. The AO provides a broad range of legislative, legal, financial, technology, management, administrative and program support services to the Federal courts. AO positions are classified and paid under a broad-banded system with the exception of positions in the AO Executive Service. Salary is commensurate with experience. Most AO employees are eligible for full Federal and Judiciary benefits. The AO is committed to attracting the best and brightest applicants in our support of the Third Branch of government. We take pride in serving the Judicial Branch and supporting its mission to provide equal justice under law. This announcement will close on April 18 or once we receive a total of 125 applications, whichever comes first. Duties The IT Specialist (Security) is a team leader within the Advanced Threat Response team and is responsible for performing and overseeing incident response activities to detect, diagnose, contain, prevent, and eradicate the impact of advanced threats. Advanced threats include any threat in which the judiciary is specifically targeted. Examples include but are not limited to: hacktivism, social engineering, spear phishing, attacks launched or sponsored by nation state actors, attacks launched on public facing web sites, attacks involving lateral movement, and, in general, any attack involving intentional, directed, and deliberate penetration of judiciary networks. As the lead investigator for the most impactful cases, the selected individual will be called upon to continually develop and refine hypotheses based on available information and to construct timelines associated with advanced threat activities. Often, in the face of contradictory and incomplete evidence, the individual needs to prioritize the collection and analysis of information in order to reach timely and accurate conclusions. To make informed, effective, and defensible decisions, the selected individual is a subject matter expert on advanced threats and will share that expertise in varied ways with SOC watch officers, as required, to ensure adequate detection of, and response to, advanced threats. The incumbent will also be responsible for collecting, synthesizing, and sharing relevant but sanitized information from court units, the intelligence community, and external sources to ensure adequate detection and prevention of future attacks as well as to create shareable case studies that raise the security acumen of Judiciary stakeholders and that leverage lessons learned to improve the Judiciary?s overall IT security health. **Duties of this position include, but are not limited to:** 1. Overseeing and participating in the development and execution of incident response plans for advanced persistent threats; 2. Performing network forensics from log files and packet captures, which includes working hand in hand with the affected parties to obtain the data needed to accurately (re)construct incident timelines and to perform the analysis required to understand the attack vector and associated impact; 3. Overseeing and participating in activities to detect, investigate, and analyze lateral movement by threat actors and to use information gleaned to improve the Judiciary?s detective and preventative controls; 4. Providing technical direction of contractors and quality control of deliverables from contractors responsible for advanced technical investigations; 5. Creating technical reports and case studies that accurately capture diagnosed incidents, associated threat vectors, lessons learned, and actions that can be taken both locally and nationally to prevent recurrence; 6. Collaborating with court units, intelligence community partners, and law enforcement agencies on techniques, tactics, and procedures used by adversaries and effective ways to defend against them; 7. Constructing and maintaining knowledge base for use across the SOC Division; 8. Performing endpoint forensics, which include memory and disk analysis, using both commercial and open source tools and techniques; 9. Identifying, creating, publishing, and sharing indicators of compromise so that intrusions can be effectively prevented (proactive) and detected (reactive); and 10. Providing on-call support as required. Travel Required * Not Required Relocation Authorized * No ## Job Requirements Key Requirements * More than one selection may be made from this announcement. * All non-Judiciary appointees must serve a one-year trial period. * Selectee must favorably complete a background investigation. * All requirements must be met by the closing date of this announcement. Qualifications **Basic Requirements:** You must have Information Technology (IT) related experience which demonstrates proficiency in each of the following competencies: 1) Attention to Detail - Is thorough when performing work and conscientious about attending to detail. 2) Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. 3) Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. 4) Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations. **AND** **Specialized Experience:** Applicants must have at least one year of specialized experience which is in or directly related to the line of work of this position. Specialized experience is experience performing and overseeing incident response activities to detect, diagnose, contain, prevent, and eradicate the impact of advanced threats. **The following certifications are desired but not required:** 1. Gold-level SANS GIAC Certification, GCWN 2. Gold-level SANS GIAC Certification, GCUX 3. ISC2 CISSP **CONDITIONS OF EMPLOYMENT:** 1. All information is subject to verification. Applicants are advised that false answers or omissions of information on application materials or inability to meet the following conditions may be grounds for non-selection, withdrawal of an offer of employment, or dismissal after being employed. 2. Selection for this position is contingent upon completion of OF-306, Declaration for Federal Employment during the pre-employment process and proof of US citizenship or, for non-citizens, proof of authorization to work in the United States and proof of entitlement to receive compensation. Additional information on the employment of non-citizens can be found at -in-government/non-citizens. For a list of documents that may be used to provide proof of citizenship or authorization to work in the United States, please refer to Form I-9, Employment Eligibility Verification. 3. A background security investigation is required for all selectees. Appointment will be subject to a successful completion of a background security investigation and favorable adjudication. Failure to successfully meet these requirements may be grounds for appropriate personnel action. A background security reinvestigation or supplemental investigation may be required at a later time. 4. All new AO employees must identify a financial institution for direct deposit of pay before appointment. 5. You will be required to serve a trial period if selected for a first-time appointment to the Federal government, transferring from another Federal agency, or serving as a first-time supervisor. Failure to successfully complete the trial period may result in termination of employment. 6. If appointed to a temporary position, management may have the discretion of converting the position to permanent depending upon funding and staffing allocation. 7. Relocation expenses may be provided, but only if authorized by the Director of the AO. 8. The selectee of this position may be assigned to an official duty station outside the advertised area. Security Clearance Public Trust - Background Investigation ## Additional Information What To Expect Next After a review of your complete application is made, you will be notified of your rating and referral to the hiring official if determined qualified. If further evaluation or interviews are required, you will be contacted. BENEFITS Review our benefits Other Information The AO is an Equal Opportunity Employer. *Salary Range:* $79,720.00 to $149,414.00 / Per Year *Series & Grade:* AD-2210-00/00 *Supervisory Status:* No *Who May Apply:* Applicants who live in the Washington, DC commuting area and/or current federal Judiciary employees (nationwide.) *Control Number:* 465068900 *Job Announcement Number:* 17-DTS-10005994