- Position Title
- Information Technology Specialist (Security)
- Agency
- Administrative Office of the U.S. Courts
- Announcement Number
- 25-DTS-12683478 Opens in new window
- Open Period
- Tuesday, February 4, 2025 to Tuesday, February 18, 2025
For preview purposes only. To apply, please return to the USAJOBS announcement and click the Apply button.
Eligibilities
1.
Do you claim Veterans’ Preference?
2.
Are you a veteran who separated from active duty under honorable conditions and you:
• have a rating by the Department of Veterans Affairs showing a compensable service-connected disability of 10% or more OR
• retired from active military service with a service-connected disability rating of 10% or more (**TP or 5 point veterans please do not answer 'yes' to this question.**)
If eligible, submit a copy of your latest Certificate of Release or Discharge from Active Duty, DD-214 (copy indicating character of service) or other proof of your service which includes character of service. Please also provide the disability letter from the Department of Veterans Affairs or Armed Service and the Application for 10-Point Veteran Preference, Standard Form 15.
For more information, review USAJOBS Veterans resources.
• have a rating by the Department of Veterans Affairs showing a compensable service-connected disability of 10% or more OR
• retired from active military service with a service-connected disability rating of 10% or more (**TP or 5 point veterans please do not answer 'yes' to this question.**)
If eligible, submit a copy of your latest Certificate of Release or Discharge from Active Duty, DD-214 (copy indicating character of service) or other proof of your service which includes character of service. Please also provide the disability letter from the Department of Veterans Affairs or Armed Service and the Application for 10-Point Veteran Preference, Standard Form 15.
For more information, review USAJOBS Veterans resources.
3.
Are you a current employee of the AO or the Federal Judiciary?
4.
Are you a current or former Federal employee?
All applicants outside of the AO must submit a copy of your latest Notification of Personnel Action (SF-50) to verify current or former Federal employment status.
All applicants outside of the AO must submit a copy of your latest Notification of Personnel Action (SF-50) to verify current or former Federal employment status.
Assessment 1
Thank you for your interest in an IT Specialist (Security) position with the federal government. Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions. WHEN MANDATORY NARRATIVE RESPONSES ARE REQUIRED, PLEASE DO NOT DUPLICATE INFORMATION YOU HAVE ALREADY PROVIDED IN YOUR RESUME AS A RESPONSE TO THIS QUESTION. WE ARE SEEKING AN ELABORATION OF THOSE DUTIES AND SKILLS YOU HAVE MENTIONED WHICH ADDRESS THE QUESTION MORE FULLY. THIS IS YOUR OPPORTUNITY TO EXPAND ON YOUR EXPERIENCE AND/OR EDUCATION AS IT RELATES TO THE QUESTION. FAILURE TO DO THIS WILL RESULT IN YOUR BEING CONSIDERED AS INELIGIBLE.
1.
This announcement is open to applicants who currently live in the Washington, DC commuting area and/or federal judiciary employees nationwide. From the options listed below, please select how you meet this requirement.
2.
Applicants must have at least one full year (52 weeks) of specialized experience, which is in or directly related to the line of work of this position. Specialized experience is demonstrated experience in ALL of the following:
- Development experience to include proficiency in 1 or more of the following: .NET, PowerShell, C# or Python.
- Comprehensive understanding of adversarial techniques, with the capability to technically diagram and articulate the stages of an intrusion.
- SME-level experience examining enterprise audit logs including Windows Event Log and Sysmon in Windows environments, and auditd in Linux environments.
- Knowledge of forensic methodologies and the processes involved in collecting, preserving, and analyzing digital evidence to accurately reconstruct events and support incident response efforts.
- Experience in analyzing sophisticated attacker techniques that exploit email and cloud services as attack vectors.
3.
If A is selected above, a narrative statement must be submitted in the space provided below addressing your development experience to include proficiency in .NET, PowerShell, C# or Python.. THIS IS A MANDATORY REQUIREMENT. Please limit your response to 1,000 characters or less.
(limit 1,000 characters)
4.
If A is selected above, a narrative statement must be submitted in the space provided below addressing your comprehensive experience understanding of adversarial techniques, with the capability to technically diagram and articulate the stages of an intrusion. THIS IS A MANDATORY REQUIREMENT. Please limit your response to 1,000 characters or less.
(limit 1,000 characters)
5.
If A is selected above, a narrative statement must be submitted in the space provided below addressing your SME-level experience examining enterprise audit logs including Windows Event Log and Sysmon in Windows environments, and auditd in Linux environments. THIS IS A MANDATORY REQUIREMENT. Please limit your response to 1,000 characters or less.
(limit 1,000 characters)
6.
If A is selected above, a narrative statement must be submitted in the space provided below addressing your Knowledge of forensic methodologies and the processes involved in collecting, preserving, and analyzing digital evidence to accurately reconstruct events and support incident response efforts. THIS IS A MANDATORY REQUIREMENT. Please limit your response to 1,000 characters or less.
(limit 1,000 characters)
7.
If A is selected above, a narrative statement must be submitted in the space provided below addressing your experience in analyzing sophisticated attacker techniques that exploit email and cloud services as attack vectors. THIS IS A MANDATORY REQUIREMENT. Please limit your response to 1,000 characters or less.
(limit 1,000 characters)
8.
In the space provided below, please indicate the time frame and employer(s) where we can locate this information. THIS IS A MANDATORY REQUIREMENT. Please limit your response to 250 characters or less.
Select the one statement that most accurately describes your training and experience carrying out each task using the scale provided.
9.
Which level description best describes your experience performing offensive security tools, including Bloodhound, Cobalt Strike, Metasploit and Kali Linux.?
10.
Which level description best describes your proficiency in simulating sophisticated threats and emulating adversary behaviors to evaluate and strengthen security defenses?
11.
Which level description best describes your experience and knowledge of Identity Access Management (IdAM) and the methods an attacker can exploit, including weaknesses in authentication, authorization, and access control processes to gain unauthorized access or escalate privileges within an enterprise environment?
12.
Which level description best describes your experience and comprehensive understanding of Active Directory architecture weaknesses and the techniques adversaries leverage to exploit them?
For each knowledge area, select the one response that most accurately describes your current level of knowledge using the scale below.
13.
Which level description best describes your hands-on experience in reverse engineering malware to analyze its behavior, functionality, and potential impact?
14.
Which level description best describes your ability to create and tune high-quality behavioral detection analytics in Splunk Search Processing Language (SPL) and Kusto Query Language (KQL)?
15.
From the options listed below, please select the IT Security certifications you currently possess. (SELECT ALL THAT APPLY)
16.
If other certification was selected, what certification do you possess?
17.
How many years of experience do you have in cyber security operations?
Select the one statement that most accurately describes your training and experience carrying out each task using the scale provided.
18.
Which level description best describes your experience making clear and convincing oral presentations?
Select “Yes” or “No” to the following question(s).
19.
I understand that failure to provide a written statement ("See Resume" or other non-descriptive response is not sufficient) for each essay question could result in non-consideration for this position.