This position is located in the Department of Technology Services, Information Technology Security Office, Security Operations Division.

Duties

This position is within the IT Security Office (ITSO) of the Department of Technology Services. The incumbent is a recognized expert in cyber security, digital forensics, malware analysis, and leading forensic investigations in support of incident response operations. Must be proficient in collecting digital evidence, analyzing data for root cause, retrieving hidden or destroyed data, conducting damage assessments, reverse-engineering malware, developing remediation plans, and articulate findings in written reports and briefings. Duties may include, but are not limited to, the following: Participating in the development and execution of incident response plans for security incidents impacting the judiciary. Performing network forensics from log files and packet captures, which includes working hand in hand with the affected parties to obtain the data needed to accurately (re)construct incident timelines and to perform the analysis required to understand the attack vectors and associated impact. Performing endpoint forensics to include but not limited to: volatile memory analysis, log files analysis, disk analysis, user behavioral analysis and data integrity analysis. Performing static and dynamic malware analysis to identify and create indicators of compromise for more effective intrusion prevention and detection. Using a SIEM, EDR, and other relevant tools to detect, investigate and analyzet malicious activity. Providing technical direction to contractors and other teams within the Security Operations Center to steer the overall incident response plan and recovery actions. Identifying, testing, and providing recommendations for adoption and upgrade of forensic capabilities and infrastructure within the SOC to provide the most effective, efficient, and cost-effective service available to the judiciary. Documenting and communicating with all internal and external stakeholders to ensure relevant data is provided for sound decision-making and situational awareness. Understanding attack signatures, tactics, techniques, and procedures associated with advanced threats. . The incumbent of this position must be able to perform the tasks and meet the skills, knowledge and abilities as described in NIST Special Publication 800-181 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework for the roles of Cyber Crime Investigator (IN-INV-001) and Cyber Defense Forensics Analyst (IN-FOR-002).

Requirements

Qualifications

Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions. Specialized Experience: Applicants must have at least one full year (52 weeks) of specialized experience which is in or directly related to the line of work of this position. Specialized experience is demonstrated experience in cyber security, digital forensics, and malware analysis.

Education

This position does not require education to qualify.

Contacts

• Address Department of Technology Services One Columbus Circle, NE Washington, DC 20544 US
• Name: Kymberli Camber
• Phone: (210) 301-6303
• Email: [email protected]