This position is located within the Technology Solutions Office (TSO) of the Department of Technology Services (DTS).Learn more about this agency
As an IT Specialist (Security) the incumbent is a recognized IT security expert within the Judiciary with a strong background in cloud, cybersecurity, security tool usage, and network security engineering and a proven record of successfully leading security architecture activities.
The incumbent will be responsible for the cybersecurity of the TSO program office. The incumbent will be effective in assisting program managers and system owners by providing actionable advice to improve IT security, especially early in the systems development lifecycle (SDLC). The incumbent will ensure the confidentiality, integrity, and availability of systems, networks, and data across the SDLC, and create, promote, and adhere to standardized and repeatable processes for the delivery of security engineering services. Whether working with national program offices to create secure system boundaries for critical systems or partnering with IT stakeholders across the Judiciary to understand and implement secure design patterns, the incumbents will work diligently to educate their stakeholders and motivate them to embrace solutions that incorporate reasonable, effective, standards-based security controls.
Duties may include, but are not limited to:
- Supervisory: The incumbent will be responsible for supervising both federal employees and contractors in support of these responsibilities.
- Serving as the TSO ISO: Responsible for all TSO systems throughout the JISF framework lifecycle to include artifact generation, Plan of Action & Milestones (POA&M) tracking, and participating in all phases of the JISF. Provides monthly risk assessment and continuous monitoring scoring of TSO systems to the TSO Office Chief and system owners.
- Security Program Reporting: Analyzing, synthesizing, and reporting on the security posture of TSO systems using data maintained by stakeholders and recorded into various DTS' security tools.
- Development Lifecycle Outreach: Engaging with TSO programs managers throughout the SDLC of potential TSO sponsored national applications/solutions to recommend security capabilities, provide technical guidance, and identify existing security controls that can minimize risk. All recommendations are formally recorded, technically accurate, and consistent with IT security best practices.
- Procurement Assistance: Providing technical expertise to TSO in the procurement phase regarding security related technical evaluation criteria for new procurements.
- Technical Expertise: Providing technical expertise combined with knowledge of the Judiciary so that new technologies and architectures are consistent with security best practices and Judiciary policies. Additionally, participating in engineering design reviews and the Judiciary's change control process to ensure changes are consistent with the Judiciary's IT security architecture, security requirements, and industry best practices. This position will participate in the Engineering Review Change Advisory Board (ERCAB) process as a voting member.
- Knowledge Sharing: Promoting secure engineering techniques, principles, architectures, and designs both within TSO and with the various constituencies it serves. Techniques for doing so include, but are not limited to, authoring white papers, creating and delivering presentations, conducting webinars, and publishing articles to various Judiciary newsletters.
- Stakeholder Engagement and Collaboration: Leading and working with diverse stakeholder groups ensuring proper implementation of technical standards and best practices.
- Documentation: Developing policies, plans and procedures for TSO in alignment with security best practices and Judiciary policies. Preparing and providing input to reports and other detailed IT documents (user guides, engineering documentation, etc.) delineating implications, impediments, making recommendations, and presenting solutions to eliminate redundancy, and supporting management strategies.
- Risk Analysis: Conducting risk and impact analysis of system, network and application for current and new technologies.
- Vulnerability and Risk Management: Supervising periodic, internal security assessments of TSO systems and serving as the primary point-of-contact for all external security assessment engagements. Managing protective and corrective measures for discovered and reported cybersecurity incidents and vulnerabilities. Tracking vulnerability findings and recommendations and ensuring appropriate mitigations.
This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/595640200. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.