• Help



    AO positions are classified and paid under a broad-banded system with the exception of positions in the AO Executive Service.  Salary is commensurate with experience.  Most AO employees are eligible for full Federal and Judiciary benefits.

    The AO is committed to attracting the best and brightest applicants in our support of the Third Branch of government.  We take pride in serving the Judicial Branch and supporting its mission to provide equal justice under law.

    There will be a total of five shift (5) positions filled.  The shifts that will be filled are:

    • Monday-Friday 7am-3pm (day shift supervisor)
    • Monday-Friday 3pm-11pm (swing shift supervisor)
    • Monday-Friday 11pm-7am (night shift supervisor)
    • Friday-Monday with the Saturday and Sunday shift supporting 12 hours 7am-7pm, to include 8 hours on Monday and Friday
    • Friday-Monday with the Saturday and Sunday shift supporting 12 hours 7pm-7am, to include 8 hours on Monday and Friday

    Learn more about this agency


    These positions are located within the Information Technology Security Office (ITSO) of the Department of Technology Services (DTS). As a IT Specialist (Security) within the Information Technology Security Office, the incumbent is a recognized IT security expert with a strong background in cyber-security, network security engineering, and a proven record of successful leadership in "hands on" intrusion detection discovery security activities and data analysis. The incumbent will perform multiple and varying assignments under the direction of the Security Operations Manager.

    The incumbents are recognized as senior technical leaders responsible for overseeing and participating in the management of Security Operations Center (SOC) intrusion detection shift. This work is performed by a skilled contractor cyber team, whose focus is on security event monitoring, alerting, and response as part of a shift that forms part of the Judiciary's 24/7 coverage team. The incumbents will facilitate the successful discovery of intrusion attempts and compromises through reviews and analysis of relevant event detail and summary information and must be able to synthesize data from multiple logging sources.

    The intrusion detection shift lead is the subject matter expert for all intrusion detection and reporting activities with oversight for their assigned shift. The incumbents will provide authoritative decisions for handling incidents reported to the government. The incumbents may be asked to support the government mentoring training of Court personnel who visit the SOC to experience the work being performed.

    The intrusion detection shift lead acts as a point of contact for escalations to ITSO-SOC management or the Judiciary Automated Systems Incident Response Capability (JASIRC). Additionally, the incumbent ensures the smooth transition of intrusion management between shifts.

    Duties include, but are not limited to the following:
    1. Directing a contractor team of individuals responsible for providing Cyber monitoring, detection, and reporting. This includes coordinating the activities of SOC contractor personnel supporting the security of critical production environments;
    2. Identifying information security risks within the judiciary and recommending priorities for risk mitigation. This includes performing data analysis germane to the discovery of potentially malicious or statistically unusual patterns;
    3. Managing and reporting on the activities and performance of the intrusion detection shift team. This includes reviewing the quality of the intrusion detection analysis performed by individual analysts, team leads, and other technical staff as well as of the notification and remediation support provided to impacted stakeholders;
    4. Developing and maintaining technical, analytical, and practical proficiencies needed to ensure the intrusion detection shift team is successful in the discovery of intrusion attempts and compromises. This includes identifying both technical and process improvements to elevate the quality of work performed by individual analysts, team leads, and other technical staff;
    5. Developing, maintaining, and reporting metrics to measure the SOC team's operational effectiveness and categorize intrusion attempts and related activities as well to identify incident trends;
    6. Providing timely, clear, and technically accurate notification to impacted judiciary stakeholders of the risk potential associated with IT security events and options for remediation;
    7. Evaluating SOC Operation Guide policies and procedures to ensure team compliance;
    8. Providing statistical cyber management reports and supporting data in response to ad-hoc requests for information, routine situational awareness reporting, and as required, shift reports and statistics to ITSO-SOC management; and
    9. Ensuring notifications are tracked to closure and that escalations occur consistently in accordance with documented procedures.

    Travel Required

    Not required

    Supervisory status


    Who May Apply

    This job is open to…

    Applicants who currently live in the Washington, DC commuting area and/or federal judiciary employees.

    Questions? This job is open to 1 group.

This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/450380300. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.