Supervisory Information Technology Specialist (Security)

Full Job Description

This position is in the Department of the Chief Information Office, Information Technology Security Office (ITSO), Security Operations Division.

ITSO manages the Judiciary's IT security program, oversees the security operations of Judiciary IT assets and environments, proposes national IT security policies and develops guidelines for their implementation, and establishes and maintains collaborative relationships within the Judiciary and with third-party partners.

Applicants must have demonstrated experience as listed below.

This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions.

Specialized Experience: Applicants must have at least one full year (52 weeks) of specialized experience which is in or directly related to the line of work of this position.

Specialized experience is demonstrated experience must demonstrate ALL areas defined below: Conducting forensic analysis of digital devices, including computers, mobile phones, and cloud environments, using industry-standard tools like EnCase, FTK, and Axiom.

Extracting and analyzing deleted, hidden, and encrypted data using data recovery techniques and knowledge of file system structures and operating system internals.

Preparing detailed forensic reports and providing expert testimony in legal settings, ensuring findings are presented clearly and comply with legal standards and procedures.

Desired (but not required) certifications: GIAC Reverse Engineering Malware (GREM) GIAC Certified Forensic Analyst (GCFA) GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)Offensive Security certifications relevant to malware or exploit analysis Major Duties:

The Supervisory Information Technology Specialist (Security) serves as the senior technical authority for digital forensics within the Security Operations Center (SOC).

The incumbent provides technical leadership, establishes forensic standards, and ensures analytic rigor in the examination of complex artifacts and proprietary systems supporting incident response operations across the Judiciary.

The incumbent leads and validates forensic investigations, guides contractor personnel, and ensures findings directly inform incident containment, remediation, recovery, and threat attribution decisions.

The position reports to the SOC Branch Chief and is critical to protecting the confidentiality, integrity, and availability of Judiciary information systems.

Duties include, but are not limited to: Leading advanced digital forensic investigations involving memory analysis, file systems, registry hives, endpoint telemetry, and proprietary application artifacts.

Establishing and enforcing forensic methodologies, standards, and documentation requirements across SOC investigations.

Validating and review contractor forensic findings to ensure technical accuracy, evidentiary soundness, and analytic consistency.

Analyzing complex artifacts generated by proprietary Judiciary systems and custom applications.

Correlating forensic artifacts across multiple incidents to identify patterns, tradecraft reuse, and campaign-level activity.

Providing authoritative forensic assessments to support high-confidence threat actor attribution.

Advising incident commanders and leadership on attacker behavior, scope, and impact based on forensic evidence.

Mentoring and developing contract forensic analysts through technical reviews, guidance, and hands-on collaboration.

Developing and refining forensic playbooks, workflows, and tooling to improve investigative efficiency and quality.

Producing detailed forensic reports and executive-level summaries translating complex findings into actionable intelligence.

Supporting post-incident reviews and lessons-learned activities to improve forensic readiness and response effectiveness.