As an FBI cybersecurity Professional, your job is to ensure our law enforcement systems, as well as the entire cyberspace within which we work, are protected. This means applying your knowledge of computer technology, cybersecurity, and more to safeguard information across the FBI, as well as our domestic and international law enforcement partners.

Duties

Monitor network traffic and security alerts for malicious activities and indicators of compromise (IOCs). Lead incident response efforts during security breaches, coordinating remediation activities and ensuring effective communication. Conduct digital forensic investigations to support incident resolution, compliance, and regulatory requirements. Perform cyber threat intelligence analysis, including threat hunting, and manage Threat Intelligence Platforms (TIPs). Identify, analyze, and mitigate security risks by integrating threat intelligence into defensive strategies. Collaborate with cross-functional teams to enhance ESOC processes, response capabilities, and security posture. Drive continuous improvement in ESOC operations through innovation and adoption of new detection technologies. Mentor and train junior IT specialists on cybersecurity practices, tools, and ESOC operational procedures. Prepare comprehensive reports and briefings for leadership on incident findings, risk assessments, and threat intelligence updates. Stay current with emerging cybersecurity trends, tactics, techniques, and procedures (TTPs) to enhance detection capabilities.

Requirements

Qualifications

GS-11: Applicant must possess at least one (1) year of SE equivalent to the GS-09 grade level. SE is defined as follows: Demonstrated experience monitoring and analyzing network traffic, logs, and security alerts for basic indicators of compromise (IOCs) and suspicious activities. Demonstrated experience supporting incident response efforts, under supervision, including documenting incidents, performing preliminary triage, and escalating as needed. Experience utilizing common cybersecurity tools (e.g., SIEMs, IDS/IPS) and basic scripting or query skills for analyzing security data. GS-12: In addition to the above, applicant must possess at least one (1) year of SE equivalent to the GS-11 grade level. SE is defined as follows: Demonstrated experience detecting, analyzing, and responding to security threats, including the ability to independently lead initial incident response activities and recommend remediation strategies. Demonstrated experience conducting digital forensic investigations, such as log analysis, data extraction, malware analysis, and ensuring evidence integrity for legal and compliance purposes. Demonstrated experience collaborating with internal and external stakeholders to resolve security incidents, communicate risks, and implement mitigations. Experience integrating new tools or technologies into incident detection and response workflows. GS-13: In addition to the above, applicant must possess at least one (1) year of SE equivalent to the GS-12 grade level. SE is defined as follows: Demonstrated experience leading high-severity cybersecurity investigations, including coordinating cross-departmental efforts and developing comprehensive incident containment, eradication, and recovery strategies. Demonstrated the ability to manage complex investigations, handle advanced malware analysis, perform network forensics, and ensure compliance with legal and regulatory frameworks. Demonstrated the ability to brief and advise executive leadership on high-level cybersecurity risks, emerging threats, incident trends, and the overall cybersecurity posture of the organization. Demonstrated experience managing threat intelligence platforms (TIPs) and leading threat intelligence operations, including collaborating with external intelligence-sharing communities and agencies. Desired Skills Desired skills are NOT mandatory and will NOT be utilized to minimally qualify applicants. Desired Skills are: Understanding of cyber threat intelligence operations, including threat hunting, adversary profiling, and integrating intelligence into the organization's defensive posture. Exposure to cyber threat intelligence processes, including initial research, data enrichment, and contribution to Threat Intelligence Platforms (TIPs).

Education

All degrees must be from an accredited college or university. Education may be substituted for specialized experience as follows:

Degrees must be in one of the following fields: computer science, engineering, information science, information systems management, mathematics, operations research, statistics, or technology management OR a degree that provided a minimum of 24 semester hours in one or more of the fields identified above and required the development or adaptation of applications, systems or networks.

Education completed in foreign colleges or universities may be used to meet the above requirements provided you can show foreign education is comparable to that received in an accredited educational institution in the United States.

GS-11: Applicant must have a Ph.D. OR equivalent doctoral degree OR 3 full years of progressively higher level graduate education leading to such a degree OR LL.M., if related.

Education may NOT be substituted for specialized experience at the GS 12, 13, or 14 grade levels.

Contacts

• Address Federal Bureau of Investigation 935 Pennsylvania Ave, NW Washington, DC 20535 US
• Name: Amanda Darst
• Email: [email protected]