Senior Information Technology Specialist (Cyber Incident Response Analyst II)

Full Job Description

This is a full-time position with the Office of Information Technology at the Supreme Court of the United States in Washington, D.C.

Closing Date: Friday, 05/01/2026, 11:59 PM ET Please note that this vacancy has a limit of 200 applicants.

The job opportunity announcement will automatically close if that limit is reached prior to the closing date.

As a condition of continued employment, the candidate must be able to acquire and retain a Top Secret (TS) clearance.

Candidate must possess the following knowledge, skills and abilities: At least three (3) years of experience with Incident Response and handling methodologies, and at least two (2) additional years of applicable Information Technology (IT) or Information Security experience.

Experience with full lifecycle incident response handling, preparation, containment, eradication, and post incident reporting. Experience and knowledge of malware analysis concepts and methodologies.

Knowledge of network protocols and concepts, common application protocols and ports, and user authentication processes.

Experience with signature construction to be implemented with cyber defense tools in response to threats and IOCs.

Experience investigating and troubleshooting alerts against network traffic using packet analysis tools.

High level understanding of operating systems such as Windows, Linux, and iOS and command-line tools. Ability to communicate both orally and in writing, ability to create, manage, and prioritize tasks.

Understanding and knowledge of APT TTPs, intrusion vectors, and countermeasures.

Knowledge and experience with industry cybersecurity frameworks and concepts, such as cyber kill chain, ATT&CK framework, and diamond model.

Experience performing threat hunting desired but not required. Knowledge of endpoint security events and how they relate to cyber security attacks and intrusions.

CISSP, GCIH, GCFA, GREM, ECIH, CySA+, and other security certifications desired but not required. Major Duties:

This position is a full-time position in the Office of Information Technology at the Supreme Court of the United States, in Washington, D.C.

Under the guidance of the Court Information Security Officer, the incumbent will perform the full range of tasks and activities involved in developing, coordinating, implementing and maintaining standards, procedures and technical solutions to protect the confidentiality, integrity and availability of information systems and data.

The Tier-3 Cyber Incident Response Analyst protects the Court's systems and information by leading the detection, analysis, containment, and recovery efforts for cybersecurity incidents.

This position must report on-site within the Washington DC area multiple times per week.

The incumbent will be responsible for the following duties: As a senior-level Tier 3 incident responder, perform analysis of alerts and event logs from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to security; Analyze network traffic to identify anomalous activity and potential threats to network resources; As an Incident Response Team member, respond to threats and take mitigating actions to contain the malicious activity and minimize damage as well as facilitate forensics analysis to determine the source of the threat; As an Incident Commander, lead, track and document cyber incidents from initial detection through final resolution, in addition to capturing after-action items and lessons-learned; Participate in 24x7 on-call support rotation; Contribute to insider threat protection through behavioral monitoring, threat detection, and forensic investigation; Update and maintain the Incident Response Plan, playbooks, and standard operating procedures to ensure efficient and effective handling of security incidents aligned with evolving threat landscapes; Receive cyber threat intelligence material and, working with SIEM/Detection engineers, create actionable detections, alerts, and response guidance; Design and lead incident response tabletop exercises and attack simulations to test readiness and improve team coordination; Integrate and align the Incident Response program and capabilities with Court Continuity of Operations (COOP) planning and exercises; Contribute to the implementation, configuration, and continuous improvement of incident response tools and processes; Work with stakeholders at all levels of the organization to communicate the state of information security, inform of possible risks, and suggest ways to improve security; Make recommendations to senior management on results of analysis and work closely with other Information Technology groups to refine and enhance security controls; Support and contribute to the broader information security program initiatives, and other duties as assigned.