This position is located in the U.S. Department of Justice (DOJ), Office of Justice Programs (OJP), Office of the Chief Information Officer (OCIO), IT Security Division (ITSD). This position develops strategic plans that advance OJP's cybersecurity posture and then delivers hands-on technical support in that same area.

Duties

Execute cybersecurity operations for agency, including continuous monitoring, threat intelligence, incident response and vulnerability management. Establish and enforce standard operating procedures to ensure swift identification, containment, and mitigation of security incidents. Coordinate response efforts with internal and external teams, ensuring all actions comply with federal and DOJ regulations and with minimal operational impact. Provide expert analysis and recommendations to senior leadership on enhancing resilience against evolving cybersecurity threats. Continuously monitor agency IT environment for suspicious activity and potential security incidents using security information and event management (SIEM) tools and endpoint protection. Document incident response activities, create incident reports and conduct post-incident reviews to improve response processes. Collaborate with IT and application teams to patch, configure and otherwise address vulnerabilities. Gather and analyze cybersecurity threat intelligence from various sources to inform defense strategies and response plans. Interpret FISMA, NIST 800-53, CISA BODs, Executive Directives (EDs) and DOJ cybersecurity policies to develop compliance strategies. Develop, implement and monitor policies and procedures to ensure agency adherence to cybersecurity standards. Create and maintain compliance reports, tracking the remediation of findings and providing regular updates to leadership. Collaborate with program offices to implement security practices, providing guidance to ensure compliance. Work closely with internal and external stakeholders to promote a culture of security awareness and collaboration. Ensure high-quality customer service in delivering cybersecurity guidance and technical assistance to program offices by facilitating cybersecurity training and awareness programs to promote security-conscious behaviors and strengthen agency security culture. Develop and deliver cybersecurity training and awareness sessions for staff, promoting secure practices across the organization. Develop long-term cybersecurity goals and objectives, working with the Division Director to define a roadmap for achieving these goals. Ensure policies are documented, communicated and implemented across agency, conducting regular reviews to assess their effectiveness.

Requirements

• U.S. Citizenship required.
• Subject to background/suitability investigation/determination.
• Federal payments are required to be made by Direct Deposit.
• Requires registration for the Selective Service. Visit www.sss.gov.
• Pre-employment drug testing required.
• 1-year probationary period may be required.
• Security Requirements: Non-Sensitive/Moderate Risk

Qualifications

Basic Entry Requirements: Experience must be IT related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate. Individuals must have IT-related experience demonstrating each of the four competencies listed below. Attention to Detail - Is thorough when performing work and conscientious about attending to detail. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately. Problem Solving - Identifies problems; determines accuracy and relevance. Specialized Experience: Applicants must have one (1) year of specialized experience equivalent to at least the GS-14 level. Specialized experience is experience which is in or related to the line of work of the position to be filled and which has equipped the applicant with the specific knowledge, skills, and abilities to successfully perform the duties of the position. Examples of specialized experience include: Managing operations and running a combined on-prem/cloud SOC, ensuring the effective monitoring, detection, and response to security incidents. Aligning and fulfilling broad security governance requirements in coordination with agency/organization counterparts. Developing and implementing SOC strategies and best practices, aligning them with industry standards regulations, frameworks, and customer experience requirements. Building and communicating Zero Trust security modernization strategies and overseeing threat intelligence gathering and analysis, staying updated on emerging threats and trends to enhance the organization's defensive capabilities. Overseeing cybersecurity incident response in one or more hybrid cloud environments, with duties that include all five portions of the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover). Providing guidance on how to architect/design, leverage, and operate, various operational platforms, including Identity, Credential, Access Management (ICAM), Security Information and Event Management, and Security Orchestration, Automation & Response (SIEM/SOAR), and Privileged Access Management solutions as well as be a catalyst to accelerate capabilities for an integrated Zero Trust future. Managing and optimizing security technologies, including SIEM, IDS/IPS, endpoint security solutions, and other SOC tools, to maximize their effectiveness. Additional information on the qualification requirements is outlined in the OPM Qualification Standards Handbook of General Schedule Positions and is available at OPM's website: https://www.opm.gov/qualifications/standards/indexes/num-ndx.asp All qualification requirements must be met by the closing date of this announcement.

Education

There is no education requirement for this position.

Contacts

• Address Office of the Chief Information Officer DO NOT MAIL Washington, DC 20531 US
• Name: Amanda Elder
• Phone: 202-598-0698
• Email: amanda.elder@usdoj.gov