IT Cybersecurity Specialist
Closes: 03/04/2020 |
Summary
For more information on the Department of Justice and the United States Attorneys’ Offices, visit www.justice.gov/usao/.
As needed, additional positions may be filled using this announcement.
Responsibilities
This position serves as the Cyber Defense Forensics Analyst (CDFA) for the Executive Office for the United States Attorneys (EOUSA) Cybersecurity Staff and reports directly to the Digital Forensics and Investigations Program Manager on all EOUSA Cyber Defense, Forensic and Insider Threat initiatives. Duties include:
-Insures cyber resiliency and trustworthiness in Digital Forensics and Insider Threat systems through the application of Systems Security Engineering techniques throughout the Systems Development Life Cycle (SDLC).
-Utilizes data collected from a variety of EOUSA/USAO cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs, user behavior analysis logs etc.) and physical defense tools to analyze events that occur within EOUSA’s IT Enterprise environment for the purposes of mitigating the Insider Threat.
-Support U.S. Attorneys’ Offices (USAOs) and the Executive Office for the United States Attorneys’ (EOUSA) staff serving as the technical lead for the Insider Threat Prevention and Detection and Cyber Defense and Forensics Systems.
-Insures sufficient awareness, prevention, analysis, detection and mitigation of insider threats nationwide in compliance with Executive Order 13587 – Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information and Department of Justice Order 0901 Insider Threat.
-Conducts Insider Threat and Cyber Defense and Forensics analysis across the EOUSA Enterprise including and all 94 USAOs comprising roughly 15,000 users, 25,000 plus endpoints, three Core Enterprise Facilities, one Enterprise Data Center, two commercial cloud providers, and 250 work sites spanning both the continental United States and territories.
-Works with the EOUSA SOC Program Manager and Fusion Cell staff conducting cyber defense and threat hunting operations.
-Conducts deep-dive investigations on computer-based crimes establishing documentary or physical evidence including digital media and logs associated with cyber intrusions and corresponding security incidents.
-Manages information technology projects, develops project business cases, requirements and budget, and develops, manages, and oversees execution of project schedules to provide a unique service or product.
Travel Required
Occasional travel – You may be expected to travel for this position.
Conditions of Employment
- You must be a United States Citizen or National.
- Background investigation, credit check, and drug test required.
- You must be registered for Selective Service, if applicable.
- If selected, you may be required to complete a one year probationary period.
- You must meet all qualification requirements upon the closing date of this announcement.
Qualifications
GS-13: Applicants must have at least one full year of specialized experience equivalent to the GS-12 in federal service. Specialized experience is defined as conducting cyber defense analysis from data collected across a broad spectrum of cyber defense tools and services (e.g., IDS alerts, firewalls, network traffic logs, endpoint protection/endpoint detection and response tools, host-based tools, commercial cloud services; supporting large scale organizational Insider Threat Prevention and Detection Programs, counter-intelligence techniques and tools, user behavior analytic tools, correlation and analysis of large data sets, conducting forensic analysis across desktop, server, mobile and cloud environments, experience with multiple forensic tools and processes, techniques in maintaining chain of custody and preserving evidence. Examples of specialized experience may include:
- Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network).
- Knowledge of key cyber threat actors and their equities.
- Analyzes Knowledge of indications of compromise and warning.
- Applies Knowledge of the fundamentals of digital forensics techniques to extract actionable intelligence.
- Evaluates, analyzes, and synthesizes large quantities of data (which may be fragmented and contradictory) into high quality, fused cyber hunting/cybersecurity intelligence products.
- Applies critical thinking to analyze organizational patterns and relationships and anticipates key target or threat activities which are likely to prompt a leadership decision.
- Evaluates, analyzes, and synthesizes large quantities of data (which may be fragmented and contradictory) into high quality, fused cyber hunting/cybersecurity intelligence products.
- Works across teams conducting data analytics and correlation on large data sets.
- Derives actionable intelligence to mitigate cyber and insider threats.
- Conducts forensic analyses on in and for both Windows and Unix/Linux platforms.environments.
- Preserves evidence integrity according to standard operating procedures or national standards.
- Collects, processes, packages, transports, and stores electronic evidence to avoid alteration, loss, physical damage, or destruction of data.
- Uses forensic tool suites (e.g., EnCase, Sleuthkit, FTK), conducts forensic analyses in multiple operating system environments (e.g., mobile device systems).
- Processes digital evidence, to include protecting and making legally sound copies of evidence.
- Collects and preserves digital evidence, conducts analysis and writes reports.
- Works across staffs regarding the implementation, operation and sustainment of organizational Insider Threat Prevention and Detection Program.
- Leadsing Integrated Process Teams coordinating all technical aspects of the Insider Threat program.
- Supportsing organizational governance venues.
In addition applicants must have IT-related experience demonstrating each of the four competencies listed below.
- Attention to Detail – Is thorough when performing work and conscientious about attending to detail.
- Customer Service – Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
- Oral Communication – Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
- Problem Solving – Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
Interagency Career Transition Assistance Plan (ICTAP)- The ICTAP provides eligible displaced Federal competitive service employees with selection priority over other candidates for competitive service vacancies. If your agency has notified you in writing that you are a displaced employee eligible for ICTAP consideration, you may receive selection priority if: 1) this vacancy is within your ICTAP eligibility; 2) you apply under the instructions in this announcement; and 3) you are found eligible and qualified for this vacancy. To be eligible and qualified, you must satisfy all eligibility and qualification requirements for the vacant position as outlined in this announcement. You must provide proof of eligibility to receive selection priority. Such proof may include a copy of your written notification of ICTAP eligibility or a copy of your separation personnel action form. Additional information about ICTAP eligibility is at: http://www.opm.gov/policy-data-oversight/workforce-restructuring/employee-guide-to-career-transition/.
Career Transition Assistance Plan (CTAP)-The CTAP provides eligible surplus and displaced competitive service employees in the Department of Justice with selection priority over other candidates for competitive service vacancies. If your Department of Justice component has notified you in writing that you are a surplus or displaced employee eligible for CTAP consideration, you may receive selection priority if: 1) this vacancy is within your CTAP eligibility, 2) you apply under the instructions in this announcement, and 3) you are found eligible and qualified for this vacancy. To be eligible and qualified, you must satisfy all eligibility and qualification requirements for the vacant position as outlined in this announcement. You must provide a copy of your written notification of CTAP eligibility with your application. Additional information about CTAP eligibility is at: http://www.opm.gov/policy-data-oversight/workforce-restructuring/employee-guide-to-career-transition/.
Education
This job does not have an education qualification requirement.