• Help



    This position is located in the Security Operations Center (SOC), IT Security Office (ITSO), Department of Technology Services (DTS).

    Learn more about this agency


    This position is in the Security Operations Center (SOC) within the IT Security Office (ITSO) of the Department of Technology Services. The incumbent is a recognized expert in cybersecurity, digital forensics, malware analysis, and leading forensic investigations in support of incident response operations. The incumbent must be proficient in collecting digital evidence, analyzing data for root cause, retrieving hidden or destroyed data, conducting damage assessments, reverse-engineering malware, developing remediation plans, and proper evidence handling procedures for potential criminal or civil litigation.

    Duties may include, but are not limited to:

    1. Participating in the development and execution of incident response plans for security incidents impacting the Judiciary.
    2. Performing network forensics from log files and packet captures, which includes working hand in hand with the affected parties to obtain the data needed to accurately (re)construct incident timelines and to perform the analysis required to understand the attack vectors and associated impact.
    3. Performing endpoint forensics to include but not limited to volatile memory analysis, log files analysis, disk analysis, user behavioral analysis, and data integrity analysis.
    4. Performing malware analysis to include disassembling and reverse engineering potential malware, scripts, and code to identify and create indicators of compromise for more effective intrusion prevention and detection.
    5. Participating in activities to detect, investigate, and analyze lateral movement, threat persistence, and follow on activities by threat actors to harm the Judiciary.
    6. Providing technical direction to contractors and other teams within the Security Operations Center to steer the overall incident response plan and recovery actions.
    7. Identifying, testing, and providing recommendations for adoption and upgrade of forensic capabilities and infrastructure within the SOC to provide the most effective, efficient, and cost-effective service available to the Judiciary.
    8. Documenting and communicating with all internal and external stakeholders to ensure relevant data is provided for sound decision-making and situational awareness.
    9. Following all federal and local guidelines for digital evidence collection, processing, and retention in accordance with chain of custody requirements in support of any civil or criminal litigation proceedings.

    Travel Required

    Not required

    Supervisory status


    Promotion Potential


This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/596135600. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.