USA Staffing

Position Title: Information Technology Specialist (Security)
Agency: Administrative Office of the U.S. Courts
Announcement Number: 25-DTS-12719477 Opens in new window
Open Period: Tuesday, April 8, 2025 to Tuesday, April 22, 2025

For preview purposes only. To apply, please return to the USAJOBS announcement and click the Apply button.

1. Do you claim Veterans’ Preference?

A. No, I do not claim Veterans' Preference

B. 0-point Sole Survivorship Preference (SSP)

C. 5-point preference based on active duty in the U.S. Armed Forces (TP)

D. 10-point preference for non-compensable disability or Purple Heart (XP)

E. 10-point preference based on a compensable service connected disability of at least 10% but less than 30% (CP)

F. 10 point preference based on widow/widower or parent of a deceased veteran, or spouse or parent of a disabled veteran (XP)

G. 10-point preference based on a compensable service connected disability of 30% or more (CPS)

2. Are you a veteran who separated from active duty under honorable conditions and you:

• have a rating by the Department of Veterans Affairs showing a compensable service-connected disability of 10% or more OR
• retired from active military service with a service-connected disability rating of 10% or more (**TP or 5 point veterans please do not answer 'yes' to this question.**)

If eligible, submit a copy of your latest Certificate of Release or Discharge from Active Duty, DD-214 (copy indicating character of service) or other proof of your service which includes character of service. Please also provide the disability letter from the Department of Veterans Affairs or Armed Service and the Application for 10-Point Veteran Preference, Standard Form 15.

For more information, review USAJOBS Veterans resources.

A. Yes

B. No

3. Are you a current employee of the Administrative Office of the U.S. Courts?

A. Yes

B. No

4. Are you a current or former Federal employee?

All applicants outside of the AO must submit a copy of your latest Notification of Personnel Action (SF-50) to verify current or former Federal employment status.

A. Yes

B. No

Thank you for your interest in an IT Specialist (Security) position with the federal government. Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions. WHEN MANDATORY NARRATIVE RESPONSES ARE REQUIRED, PLEASE DO NOT DUPLICATE INFORMATION YOU HAVE ALREADY PROVIDED IN YOUR RESUME AS A RESPONSE TO THIS QUESTION. WE ARE SEEKING AN ELABORATION OF THOSE DUTIES AND SKILLS YOU HAVE MENTIONED WHICH ADDRESS THE QUESTION MORE FULLY. THIS IS YOUR OPPORTUNITY TO EXPAND ON YOUR EXPERIENCE AND/OR EDUCATION AS IT RELATES TO THE QUESTION. FAILURE TO DO THIS WILL RESULT IN YOUR BEING CONSIDERED AS INELIGIBLE.

1. This announcement is open to applicants who currently live in the Washington, DC commuting area and/or federal judiciary employees nationwide. From the options listed below, please select how you meet this
requirement.

A. I currently live in the Washington, DC commuting area.

B. I am a current federal judiciary employee.

C. None of the above.

2. Applicants must have at least one full year (52 weeks) of specialized experience which is in or directly related to the line of work of this position. Specialized experience is demonstrated experience must demonstrate ALL areas defined below:

Expertise in conducting forensic analysis of digital devices, including computers, mobile phones, and cloud environments, using industry-standard tools like EnCase, FTK, and Axiom.
In-depth knowledge of data recovery techniques, file system structures, and operating system internals, enabling the extraction and analysis of deleted, hidden, or encrypted data.
Experience in preparing detailed forensic reports and providing expert testimony in legal settings, ensuring findings are presented clearly and comply with legal standards and procedures.

A. Yes, I have one year of specialized experience which is in or directly related to the line of work of this position.

B. No, I do not possess the specialized experience described above.

3. If A is selected above, a narrative statement must be submitted in the space provided below your experience and expertise in conducting forensic analysis of digital devices, including computers, mobile phones, and cloud environments, using industry-standard tools like EnCase, FTK, and Axiom. THIS IS A MANDATORY REQUIREMENT. Please limit your response to 1,000 characters or less. (limit 1,000 characters)

4. If A is selected above, a narrative statement must be submitted in the space provided below addressing your experience and in-depth knowledge of data recovery techniques, file system structures, and operating system internals, enabling the extraction and analysis of deleted, hidden, or encrypted data. THIS IS A MANDATORY REQUIREMENT. Please limit your response to 1,000 words or less. (limit 1,000 characters)

5. If A is selected above, a narrative statement must be submitted in the space provided below addressing your experience in preparing detailed forensic reports and providing expert testimony in legal settings, ensuring findings are presented clearly and comply with legal standards and procedures. THIS IS A MANDATORY REQUIREMENT. Please limit your response to 1,000 words or less. (limit 1,000 characters)

6. In the space provided below, please indicate the time frame and employer(s) where we can locate this information. THIS IS A MANDATORY REQUIREMENT. Please limit your response to 250 characters or less.

Select the one statement that most accurately describes your training and experience carrying out each task using the scale provided.

7. Which level description best describes your ability to identify, test and provide recommendations for adopting and upgrading SOC forensic capabilities and infrastructure to provide the most effective, efficient, and cost-effective service?

A. I have not had education, training, or experience in performing this task.

B. I have had education or training in how to perform this task, but have not yet performed it on the job.

C. I have performed this task on the job. My work on this task was monitored closely by a supervisor or senior employee to ensure compliance with proper procedures.

D. I have performed this task as a regular part of a job. I have performed it independently and normally without review by a supervisor or senior employee.

E. I am considered an expert in performing this task. I have supervised performance of this task or am normally the person who is consulted by other workers to assist or train them in doing this task because of my expertise.

8. Which level description best describes your expertise with performing network forensics from log files and packet captures, which includes working hand in hand with the affected parties to obtain the data needed to accurately (re)construct incident timelines and to perform the analysis required to understand the attack vectors and associated impact?

A. I have not had education, training, or experience in performing this task.

B. I have had education or training in how to perform this task, but have not yet performed it on the job.

C. I have performed this task on the job. My work on this task was monitored closely by a supervisor or senior employee to ensure compliance with proper procedures.

D. I have performed this task as a regular part of a job. I have performed it independently and normally without review by a supervisor or senior employee.

9. Which level description best describes your knowledge and experience with performing malware analysis to disassemble and reverse-engineer potential malware, scripts, and shellcode to identify and create compromise indicators to more effectively detect and prevent intrusion?

A. I have not had education, training, or experience in performing this task.

B. I have had education or training in how to perform this task, but have not yet performed it on the job.

C. I have performed this task on the job. My work on this task was monitored closely by a supervisor or senior employee to ensure compliance with proper procedures.

D. I have performed this task as a regular part of a job. I have performed it independently and normally without review by a supervisor or senior employee.

10. From the options listed below, please select the IT Security certifications you currently possess. (SELECT ALL THAT APPLY)

A. GIAC Certified Forensic Examiner (GCFE)

B. GIAC Reverse Engineering Malware (GREM)

C. EnCase Certified Examiner (EnCE)

D. Other certification not listed above.

E. None of the above.

11. If other certification was selected, what certification do you possess?

Select “Yes” or “No” to the following question(s).

12. I understand that failure to provide a written statement ("See Resume" or other non-descriptive response is not sufficient) for each essay question could result in non-consideration for this position.

A. Yes

B. No

Your session will expire due to inactivity in 60 seconds.

Unsaved data may be lost if you allow this session to expire.

Warning! The announcement has now closed.

Failure to continue will prevent you from completing and submitting the application.

Click the Stay Connected button below to continue your session.

Terms & Conditions

Your Session is About to Expire!