This position serves as the Cyber Defense Forensics Analyst (CDFA) for the Executive Office for the United States Attorneys (EOUSA) Cybersecurity Staff and reports directly to the Digital Forensics and Investigations Program Manager on all EOUSA Cyber Defense, Forensic and Insider Threat initiatives. Duties include:
-Insures cyber resiliency and trustworthiness in Digital Forensics and Insider Threat systems through the application of Systems Security Engineering techniques throughout the Systems Development Life Cycle (SDLC).
-Utilizes data collected from a variety of EOUSA/USAO cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs, user behavior analysis logs etc.) and physical defense tools to analyze events that occur within EOUSA's IT Enterprise environment for the purposes of mitigating the Insider Threat.
-Support U.S. Attorneys' Offices (USAOs) and the Executive Office for the United States Attorneys' (EOUSA) staff serving as the technical lead for the Insider Threat Prevention and Detection and Cyber Defense and Forensics Systems.
-Insures sufficient awareness, prevention, analysis, detection and mitigation of insider threats nationwide in compliance with Executive Order 13587 - Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information and Department of Justice Order 0901 Insider Threat.
-Conducts Insider Threat and Cyber Defense and Forensics analysis across the EOUSA Enterprise including and all 94 USAOs comprising roughly 15,000 users, 25,000 plus endpoints, three Core Enterprise Facilities, one Enterprise Data Center, two commercial cloud providers, and 250 work sites spanning both the continental United States and territories.
-Works with the EOUSA SOC Program Manager and Fusion Cell staff conducting cyber defense and threat hunting operations.
-Conducts deep-dive investigations on computer-based crimes establishing documentary or physical evidence including digital media and logs associated with cyber intrusions and corresponding security incidents.
-Manages information technology projects, develops project business cases, requirements and budget, and develops, manages, and oversees execution of project schedules to provide a unique service or product.
Background investigation, credit check, and drug test required.
You must be registered for Selective Service, if applicable.
If selected, you may be required to complete a one year probationary period.
You must meet all qualification requirements upon the closing date of this announcement.
Qualifications
GS-13: Applicants must have at least one full year of specialized experience equivalent to the GS-12 in federal service. Specialized experience is defined as conducting cyber defense analysis from data collected across a broad spectrum of cyber defense tools and services (e.g., IDS alerts, firewalls, network traffic logs, endpoint protection/endpoint detection and response tools, host-based tools, commercial cloud services; supporting large scale organizational Insider Threat Prevention and Detection Programs, counter-intelligence techniques and tools, user behavior analytic tools, correlation and analysis of large data sets, conducting forensic analysis across desktop, server, mobile and cloud environments, experience with multiple forensic tools and processes, techniques in maintaining chain of custody and preserving evidence. Examples of specialized experience may include:
Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network).
Knowledge of key cyber threat actors and their equities.
Analyzes Knowledge of indications of compromise and warning.
Applies Knowledge of the fundamentals of digital forensics techniques to extract actionable intelligence.
Evaluates, analyzes, and synthesizes large quantities of data (which may be fragmented and contradictory) into high quality, fused cyber hunting/cybersecurity intelligence products.
Applies critical thinking to analyze organizational patterns and relationships and anticipates key target or threat activities which are likely to prompt a leadership decision.
Evaluates, analyzes, and synthesizes large quantities of data (which may be fragmented and contradictory) into high quality, fused cyber hunting/cybersecurity intelligence products.
Works across teams conducting data analytics and correlation on large data sets.
Derives actionable intelligence to mitigate cyber and insider threats.
Conducts forensic analyses on in and for both Windows and Unix/Linux platforms.environments.
Preserves evidence integrity according to standard operating procedures or national standards.
Collects, processes, packages, transports, and stores electronic evidence to avoid alteration, loss, physical damage, or destruction of data.
Uses forensic tool suites (e.g., EnCase, Sleuthkit, FTK), conducts forensic analyses in multiple operating system environments (e.g., mobile device systems).
Processes digital evidence, to include protecting and making legally sound copies of evidence.
Collects and preserves digital evidence, conducts analysis and writes reports.
Works across staffs regarding the implementation, operation and sustainment of organizational Insider Threat Prevention and Detection Program.
Leadsing Integrated Process Teams coordinating all technical aspects of the Insider Threat program.
Supportsing organizational governance venues.
In addition applicants must have IT-related experience demonstrating each of the four competencies listed below.
Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
Interagency Career Transition Assistance Plan (ICTAP)- The ICTAP provides eligible displaced Federal competitive service employees with selection priority over other candidates for competitive service vacancies. If your agency has notified you in writing that you are a displaced employee eligible for ICTAP consideration, you may receive selection priority if: 1) this vacancy is within your ICTAP eligibility; 2) you apply under the instructions in this announcement; and 3) you are found eligible and qualified for this vacancy. To be eligible and qualified, you must satisfy all eligibility and qualification requirements for the vacant position as outlined in this announcement. You must provide proof of eligibility to receive selection priority. Such proof may include a copy of your written notification of ICTAP eligibility or a copy of your separation personnel action form. Additional information about ICTAP eligibility is at: http://www.opm.gov/policy-data-oversight/workforce-restructuring/employee-guide-to-career-transition/.
Career Transition Assistance Plan (CTAP)-The CTAP provides eligible surplus and displaced competitive service employees in the Department of Justice with selection priority over other candidates for competitive service vacancies. If your Department of Justice component has notified you in writing that you are a surplus or displaced employee eligible for CTAP consideration, you may receive selection priority if: 1) this vacancy is within your CTAP eligibility, 2) you apply under the instructions in this announcement, and 3) you are found eligible and qualified for this vacancy. To be eligible and qualified, you must satisfy all eligibility and qualification requirements for the vacant position as outlined in this announcement. You must provide a copy of your written notification of CTAP eligibility with your application. Additional information about CTAP eligibility is at: http://www.opm.gov/policy-data-oversight/workforce-restructuring/employee-guide-to-career-transition/.
Education
This job does not have an education qualification requirement.
Additional information
Payment of relocation expenses will not be authorized.
The Department of Justice offers a comprehensive benefits package that includes, in part, paid vacation; sick leave; holidays; telework; life insurance; health benefits; and participation in the Federal Employees Retirement System.
Veterans' Preference - Since Direct Hire Recruitment Authority is being used, traditional Veterans' Preference rules do not apply. Qualified preference eligibles will be given full consideration for this position. While veterans' preference does not apply in Direct Hire Authority, preference eligibles can submit their supporting documentation listed as Optional in the Required Documentation section of this vacancy announcement.
Selective Service: If you are a male applicant born after December 31, 1959, you must certify that you have registered with the Selective Service System, or are exempt from having to do so under the Selective Service Law. See www.sss.gov.
Reasonable Accommodation Statement: Federal Agencies must provide reasonable accommodation to applicants with disabilities, where appropriate. Applicants requiring reasonable accommodation for any part of the application and hiring process should contact the hiring agency directly. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.
EEO Statement: The United States Government does not discriminate in employment on the basis of race, color, religion, sex, national origin, political affiliation, sexual orientation, marital status, status as a parent, genetic information, disability, age, membership or nonmembership in an employee organization, or on the basis of personal favoritism.
A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.
Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.
How you will be evaluated
You will be evaluated for this job based on how well you meet the qualifications above.
Your resume and all supporting documentation you submit, to include your responses to the Occupational Questionnaire, will be used to determine whether you meet the minimum job qualifications listed in this announcement. If you rate yourself higher than what is supported by the documentation you submit, you may be excluded from consideration for this job. If it is determined you meet minimum qualification requirements, you will be referred to the selecting official. Under the provisions of the Direct Hire Authority, category rating and veterans' preference do not apply; therefore, your responses to the assessment questionnaire will not be used to determine a scored rating. Instead, all applicants that are determined to meet minimum qualifications, as defined by this vacancy announcement, will be referred to the selecting official for consideration.
Qualified, eligible CTAP and ICTAP applicants will be referred to the selecting official under the selection priority placement program.If you are basically qualified for this job, your resume and supporting documentation will be compared to your responses to the Occupational Questionnaire. If you rate yourself higher than what is supported by your application materials, your responses may be adjusted and/or you may be excluded from consideration for this job.
The Occupational Questionnaire will take you approximately 10 minutes to complete.
A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.
Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.
You must provide a complete Application Package which includes:
- Required: Your responses to the Online Occupational Questionnaire (This is completed automatically during the apply online process).
- Required: Your resume showing relevant experience and dates (for full consideration you must include day/month/year) of employment and work schedule for each position (e.g., part-time XX hours per week or full-time) (cover letter optional).). Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
- Required, if applicable: CTAP/ICTAP documentation to include a copy of a separation notice or other proof of eligibility for priority selection; a copy of an SF-50, Notification of Personnel Action, showing current position, grade, promotion potential, and duty location; AND a copy of your most recent performance appraisal.
- Optional, if applicable: Veterans' Preference documentation.
Member Copy 4 of your DD-214 (Certificate of Release or Discharge from Active Duty); or if you are a current Active Duty member, a certification on appropriate military branch letterhead that indicates: 1) your service dates, 2) expected discharge or release date from active duty with a release/discharge date no later than 120 days from the closing date of this announcement, and 3) the character of service (e.g., Honorable); or other official documentation (e.g., documentation of receipt of a campaign badge or expeditionary medal) that shows your military service was performed under honorable conditions. If you are a disabled veteran, a Purple Heart recipient, or widow/widower if a veteran, the spouse of a disabled veteran or the parent of a disabled or deceased veteran, a Standard Form (SF) 15, "Application for 10-Point Veteran Preference" dated October 2013 and the required documentation identified on the reverse side of the SF-15 to support your preference claim.
To apply for this position, you must complete the occupational questionnaire and submit the documentation specified in the Required Documents section in this announcement.
1. To begin, click Apply Online to create a USAJOBS account or log in to your existing account. Follow the prompts to select your USAJOBS resume and/or other supporting documents and complete the occupational questionnaire.
2. Click the Submit My Answers button to submit your application package. (It is your responsibility to ensure your responses and appropriate documentation are submitted prior to the closing date.)
3. To verify your application is complete, log into your USAJOBS account, my.usajobs.gov/Account/Login, select the Application Status link and then select the more information link for this position. The Details page will display the status of your application, the documentation received and processed, and any correspondence the agency has sent related to this application. Your uploaded documents may take several hours to clear the virus scan process.
To return to an incomplete application, log into your USAJOBS account and click Update Application in the vacancy announcement. You must re-select your resume and/or other documents from your USAJOBS account or your application will be incomplete.
You are encouraged to apply online. Applying online will allow you to review and track the status of your application. If you are unable to apply online, contact Marsha Shuba at marsha.shuba@usdoj.gov as soon as possible to arrange an alternative application process.
The complete application package must be submitted by 11:59 PM (EST) on 03/04/2020 to receive consideration. Keep a copy of your proof of submission in the event verification is needed.
Current or Former Political Appointees: The Office of Personnel Management (OPM) must authorize employment offers made to current or former political appointees. If you are currently, or have been within the last 5 years, a political Schedule A, Schedule C or Non-Career SES employee in the Executive Branch, you must disclose this information to the HR Office. Failure to disclose this information could result in disciplinary action including removal from Federal Service.
Office of the Chief Information Officer
175 N Street, NE
Washington, DC 20530
US
Next steps
We will notify you of the outcome after each step of the recruitment process has been completed. After making a tentative job offer, we will conduct a suitability/security background investigation, to include a credit check, and drug test by urinalysis. We expect to make a final job offer within 30 days after the closing date of the announcement.
The Federal hiring process is set up to be fair and transparent. Please read the following guidance.
You must provide a complete Application Package which includes:
- Required: Your responses to the Online Occupational Questionnaire (This is completed automatically during the apply online process).
- Required: Your resume showing relevant experience and dates (for full consideration you must include day/month/year) of employment and work schedule for each position (e.g., part-time XX hours per week or full-time) (cover letter optional).). Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
- Required, if applicable: CTAP/ICTAP documentation to include a copy of a separation notice or other proof of eligibility for priority selection; a copy of an SF-50, Notification of Personnel Action, showing current position, grade, promotion potential, and duty location; AND a copy of your most recent performance appraisal.
- Optional, if applicable: Veterans' Preference documentation.
Member Copy 4 of your DD-214 (Certificate of Release or Discharge from Active Duty); or if you are a current Active Duty member, a certification on appropriate military branch letterhead that indicates: 1) your service dates, 2) expected discharge or release date from active duty with a release/discharge date no later than 120 days from the closing date of this announcement, and 3) the character of service (e.g., Honorable); or other official documentation (e.g., documentation of receipt of a campaign badge or expeditionary medal) that shows your military service was performed under honorable conditions. If you are a disabled veteran, a Purple Heart recipient, or widow/widower if a veteran, the spouse of a disabled veteran or the parent of a disabled or deceased veteran, a Standard Form (SF) 15, "Application for 10-Point Veteran Preference" dated October 2013 and the required documentation identified on the reverse side of the SF-15 to support your preference claim.
To apply for this position, you must complete the occupational questionnaire and submit the documentation specified in the Required Documents section in this announcement.
1. To begin, click Apply Online to create a USAJOBS account or log in to your existing account. Follow the prompts to select your USAJOBS resume and/or other supporting documents and complete the occupational questionnaire.
2. Click the Submit My Answers button to submit your application package. (It is your responsibility to ensure your responses and appropriate documentation are submitted prior to the closing date.)
3. To verify your application is complete, log into your USAJOBS account, my.usajobs.gov/Account/Login, select the Application Status link and then select the more information link for this position. The Details page will display the status of your application, the documentation received and processed, and any correspondence the agency has sent related to this application. Your uploaded documents may take several hours to clear the virus scan process.
To return to an incomplete application, log into your USAJOBS account and click Update Application in the vacancy announcement. You must re-select your resume and/or other documents from your USAJOBS account or your application will be incomplete.
You are encouraged to apply online. Applying online will allow you to review and track the status of your application. If you are unable to apply online, contact Marsha Shuba at marsha.shuba@usdoj.gov as soon as possible to arrange an alternative application process.
The complete application package must be submitted by 11:59 PM (EST) on 03/04/2020 to receive consideration. Keep a copy of your proof of submission in the event verification is needed.
Current or Former Political Appointees: The Office of Personnel Management (OPM) must authorize employment offers made to current or former political appointees. If you are currently, or have been within the last 5 years, a political Schedule A, Schedule C or Non-Career SES employee in the Executive Branch, you must disclose this information to the HR Office. Failure to disclose this information could result in disciplinary action including removal from Federal Service.
Office of the Chief Information Officer
175 N Street, NE
Washington, DC 20530
US
Next steps
We will notify you of the outcome after each step of the recruitment process has been completed. After making a tentative job offer, we will conduct a suitability/security background investigation, to include a credit check, and drug test by urinalysis. We expect to make a final job offer within 30 days after the closing date of the announcement.
Fair and transparent
The Federal hiring process is set up to be fair and transparent. Please read the following guidance.
