The Administrative Office of the U.S. Courts (AO) is seeking motivated students for our Volunteer Student Internship Program. This unpaid opportunity offers meaningful work experience, professional development, and prepares students for a potential career in public service. Interns benefit from networking with fellow interns, AO staff, and professionals across the federal government. This opportunity is ideal for students interested in federal service and information technology.
All students in the Volunteer Student Internship Program must be enrolled or accepted for enrollment as a degree-seeking student, taking at least a half-time academic or technical course load in an accredited 2 year or 4 year program, or in a post-secondary level program. Students must also be in good academic standing, maintaining a GPA of 3.0 or higher. Additional Qualification Requirements: In addition to meeting the BASIC QUALIFICATIONS REQUIREMENTS, applicants must also: Work well in a team environment. Have strong organization and communication skills and be detailed oriented. Have a working knowledge of computer applications such as Microsoft Word, Microsoft Excel, or WordPerfect. Have excellent writing, reading, and interpersonal skills. Be able to organize a variety of assignments simultaneously and meet tight deadlines. The ideal candidate has a strong academic background in technical cybersecurity and/or data analytics. The Volunteer Student Internship Program requires all participants to be an active student. Therefore, seniors graduating at the end of the current semester will not be considered unless they are continuing to pursue advanced studies as a degree-seeking student at the beginning of the next semester.
Internship positions are located the Department of Technology Services, Information Technology Security Office (ITSO). ITSO oversees the Judiciary's IT security program, managing cybersecurity operations, digital forensics, malware analysis, and forensic investigations in support of both cybersecurity and law enforcement efforts. All AO internships are onsite at the Thurgood Marshall Federal Judiciary Building in Washington, DC, or the Northwest Center in San Antonio, TX. Telework is not permitted. Interns may be assigned to one of the following offices: Security Mission Integration Division, Data Analytics Branch Duties of a Cybersecurity Data Analyst Intern may include, but are not limited to: Generating, analyzing, and interpreting metrics on the validity of signatures to support risk-based signature modifications. Developing and tuning machine learning models to improve the identification of malicious activity. Working as part of a team to continuously create, deploy, and tune risk-based security detections to identify risky or potentially adversarial behavior within Judicial networks. Working within an agile development environment supporting the security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms. Security Mission Integration Division, Security Automation Branch Duties of a Cybersecurity Detection Engineer Intern may include, but are not limited to: Generating, analyzing, and interpreting metrics on the validity of signatures to support risk-based signature modifications. Coordinating across multifunctional teams to create and validate security alerts from security devices. Investigating new alerts to determine the impact to analyst's workflows and any expected security impact. Managing enhanced analytic logging configurations including Sysmon and Auditd. Developing, testing, and deploying new detections. Tuning existing detections based on available data, changes in data sources, and modifications to actor tactics, techniques, and procedures (TTPs). Working as part of a team to continuously create, deploy, and tune risk-based security detections to identify risky or potentially adversarial behavior within Judicial networks. Working within an agile development environment supporting the security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms. Security Operations Division , Incident Response Branch Duties of an Incident Responder Intern may include, but are not limited to: Conducting thorough analysis of network, endpoint, and application logs to identify and assess intrusions, determine their impact, and implement appropriate containment strategies to mitigate threats. Providing timely and accurate incident status updates to key stakeholders, including the incident commander, security operations center leaders, and executives. Developing and testing enterprise-wide detection and response capabilities. Maintaining and enhancing the incident response framework by defining and refining incident declaration processes, updating the Judiciary's Incident Response Plan, and identifying gaps in existing procedures. Driving continuous improvement through the development and validation of readiness exercises, standard operating procedures, and playbooks. Security Operations Division , Incident Response Branch Duties of a Digital Forensic Analyst Intern may include, but are not limited to: Conducting thorough analysis of network, endpoint, and application logs to identify and assess intrusions, determine their impact, and implement appropriate containment strategies to mitigate threats. Performing network forensics from log files and packet captures. Performing endpoint forensics, including volatile memory, log files, disk, user behavioral, and data integrity analyses. Performing malware analysis to disassemble and reverse engineer potential malware. Identifying indicators of compromise from digital forensic and malware samples for more effective intrusion prevention and detection. Participating in activities to detect, investigate, and analyze lateral movement and threat persistence. Following on activities by threat actors to harm the Judiciary. Security Operations Division, Threat Detection Branch Duties of a Cybersecurity Data Analyst Intern may include, but are not limited to: Conducting thorough analysis of previous cybersecurity incidents to identify trends and drive continual improvement of security operations center processes. Creating briefings and visualizations to highlight identified trends that may impact the security of the Judiciary. Mapping existing cybersecurity incidents to MITRE ATT&CK framework. Enhancing the organization's incident response process by identifying gaps in existing procedures.