This position is in the Administrative Office of the U.S. Courts, Department of Technology Services, Information Technology Security Office (ITSO). ITSO manages the Judiciary's IT Security program, overseeing the security operations of Judiciary IT cyber security, digital forensics, malware analysis, and forensic investigations in support of cyber and law enforcement operations.
Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions. Specialized Experience: Applicants must have at least one full year (52 weeks) of specialized experience which is in or directly related to the line of work of this position. Specialized experience is demonstrated experience must demonstrate ALL areas defined below: Expertise in conducting forensic analysis of digital devices, including computers, mobile phones, and cloud environments, using industry-standard tools like EnCase, FTK, and Axiom. In-depth knowledge of data recovery techniques, file system structures, and operating system internals, enabling the extraction and analysis of deleted, hidden, or encrypted data. Experience in preparing detailed forensic reports and providing expert testimony in legal settings, ensuring findings are presented clearly and comply with legal standards and procedures. Equivalent Certifications Desired, but Not Required: GIAC Certified Forensic Examiner (GCFE) GIAC Reverse Engineering Malware (GREM) EnCase Certified Examiner (EnCE)
The Information Technology Specialist (Security) must be proficient in collecting digital evidence, analyzing data for root cause, retrieving hidden or destroyed data, conducting damage assessments, reverse-engineering malware, developing remediation plans, and following proper evidence handling procedures for potential criminal or civil litigation. This role aligns with the knowledge, skills, and abilities as described in NIST Special Publication 800-181 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework for the roles of Cybercrime Investigation (IN-WRL-001) and Digital Evidence Analysis (IN-WRL-002). Duties include, but are not limited to the following: Participating in the development and execution of security incident response plans. Performing network forensics from log files and packet captures, including obtaining data from affected parties, accurately reconstructing incident timelines, and conducting analysis to understand attack vectors and associated impacts. Conducting endpoint forensics, including volatile memory, Operating System , file system, user behavioral, and data integrity analyses. Performing malware analysis to disassemble and reverse-engineer potential malware, scripts, and code to identify and create compromise indicators to more effectively detect and prevent intrusion. Participating in activities to detect, investigate, and analyze lateral movement, threat persistence, and follow-on activities by threat actors. Providing technical direction to contractors and other SOC teams to steer the overall incident response plan and recovery actions. Maintaining a digital forensic laboratory including, updating hardware and software tools and performing tool evaluation Identifying, testing, and providing recommendations for adopting and upgrading SOC forensic capabilities and infrastructure to provide the most effective, efficient, and cost-effective service available to the Judiciary. Documenting the findings of digital investigations, detailing evidence analysis, methodologies, and conclusions in clear, concise, and legally sound reports. This role requires attention to detail, strong writing skills, and the ability to communicate complex technical information effectively. Following all federal and local guidelines for digital evidence collection, processing, and retention in accordance with chain of custody requirements.