This position is located in the Department of Technology Services (DTS), Information Technology Security Office (ITSO), Security Policy and Assessment Division (SPA), Judiciary Systems Security Testing Branch (JSST). The incumbent will conduct security testing of IT systems and components, which includes server-side technologies (e.g., OS, database), web applications, and mobile applications. The scope of testing may vary from highly complex systems to dedicated purpose systems.Learn more about this agency
The incumbent of this position, performs risk analysis of discovered vulnerabilities, writes security assessment reports, performs project management functions, and creates resources, such as webinars and white papers, to create a knowledge base that explains and encourages secure systems development and ongoing maintenance across the systems development life cycle. Duties of the position include, but are not limited to:
- Conducting IT security assessments and testing of national and court-developed systems and applications to identify vulnerabilities, provide recommendations for their remediation, and assisting system owners in implementing effective safeguards. Vulnerabilities must be risk rated and risk statements must be clearly stated and capture the specific business impact to the judiciary in the event that a deficiency is exploited.
- Utilizing standard reporting templates and methodologies, automated security tools, manual vulnerability discovery techniques, and cross-functional teams in support of SPA service offerings.
- Incorporating "lessons learned" into established processes to achieve continuous improvements and efficiencies for JSST services and work products.
- Serving as the subject matter expert for the development, management, and execution of JSST services and work products. This includes outreach to service consumers, project planning, service delivery, and reporting. Services include application, database, and host level security testing performed across a diverse suite of platforms and supporting infrastructures as well as comprehensive assessments of management, technical, and operational security controls associated with court-developed and nationally deployed systems and applications.
- Performing validation testing of corrective actions taken by consumers of its services. Work products include test plans, reports, written and oral presentations, and webinars, which are tailored for and consumable by multiple levels of technical and non-technical management.
- Performing research to identify potential vulnerabilities in and threats to existing web, applications, database, and operating system technologies, and providing timely, clear, technically accurate notification to management of risk potential; and options for remediation.
- Providing analogous services for new or emerging technologies being considered for judiciary use to assist with risk identification so consumers can make informed, risk based decisions concerning use.
Job family (Series)
This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/521524400. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.