Supervisory Information Technology Specialist (Security)

Summary This position is in the Department of the Chief Information Office, Information Technology Security Office (ITSO), Security Operations Division. ITSO manages the Judiciary's IT security program, oversees the security operations of Judiciary IT assets and environments, proposes national IT security policies and develops guidelines for their implementation, and establishes and maintains collaborative relationships within the Judiciary and with third-party partners. Duties The Supervisory Information Technology Specialist (Security) serves as the senior technical authority for digital forensics within the Security Operations Center (SOC). The incumbent provides technical leadership, establishes forensic standards, and ensures analytic rigor in the examination of complex artifacts and proprietary systems supporting incident response operations across the Judiciary. The incumbent leads and validates forensic investigations, guides contractor personnel, and ensures findings directly inform incident containment, remediation, recovery, and threat attribution decisions. The position reports to the SOC Branch Chief and is critical to protecting the confidentiality, integrity, and availability of Judiciary information systems. Duties include, but are not limited to: Leading advanced digital forensic investigations involving memory analysis, file systems, registry hives, endpoint telemetry, and proprietary application artifacts. Establishing and enforcing forensic methodologies, standards, and documentation requirements across SOC investigations. Validating and review contractor forensic findings to ensure technical accuracy, evidentiary soundness, and analytic consistency. Analyzing complex artifacts generated by proprietary Judiciary systems and custom applications. Correlating forensic artifacts across multiple incidents to identify patterns, tradecraft reuse, and campaign-level activity. Providing authoritative forensic assessments to support high-confidence threat actor attribution. Advising incident commanders and leadership on attacker behavior, scope, and impact based on forensic evidence. Mentoring and developing contract forensic analysts through technical reviews, guidance, and hands-on collaboration. Developing and refining forensic playbooks, workflows, and tooling to improve investigative efficiency and quality. Producing detailed forensic reports and executive-level summaries translating complex findings into actionable intelligence. Supporting post-incident reviews and lessons-learned activities to improve forensic readiness and response effectiveness. Requirements Conditions of employment CONDITIONS OF EMPLOYMENT All information is subject to verification. Applicants are advised that false answers or omissions of information on application materials or inability to meet the following conditions may be grounds for non-selection, withdrawal of an offer of employment, or dismissal after being employed. Selection for this position is contingent upon completion of OF-306, Declaration of Federal Employment during the pre-employment process and proof of U.S. citizenship for competitive status positions or conversion to a competitive status position with the AO. If non-citizens are considered for hire into a temporary or any other position with non-competitive status or when it is confirmed by the AO Human Resources Office there are no qualified U.S. citizens for a competitive status position (unless prohibited by a law or statue), non-citizens must provide proof of authorization to work in the U.S. and proof of entitlement to receive compensation. Additional information on the employment of non-citizens can be found at USAJOBS Center | Employment of non-citizens/. For a list of documents that may be used to provide proof of citizenship or authorization to work in the United States, please refer to Form I-9, Employment Eligibility Verification. All new AO employees will be required to complete an FBI fingerprint-based national criminal database and records check and pass a public trust suitability check. New employees to the AO will be required to successfully pass the E-Verify employment verification check. To learn more about E-Verify, including your rights/responsibilities, visit https://www.e-verify.gov/. All new AO employees are required to identify a financial institution for direct deposit of pay before appointment. You will be required to serve a trial period if selected for a first-time appointment to the Federal government, transferring from another Federal agency, or serving as a first-time supervisor. Failure to successfully complete the trial period may result in termination of employment. If appointed to a temporary position, management may have the discretion of converting the position to permanent depending upon funding and staffing allocation. Qualifications Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions. Specialized Experience: Applicants must have at least one full year (52 weeks) of specialized experience which is in or directly related to the line of work of this position. Specialized experience is demonstrated experience must demonstrate ALL areas defined below: Conducting forensic analysis of digital devices, including computers, mobile phones, and cloud environments, using industry-standard tools like EnCase, FTK, and Axiom. Extracting and analyzing deleted, hidden, and encrypted data using data recovery techniques and knowledge of file system structures and operating system internals. Preparing detailed forensic reports and providing expert testimony in legal settings, ensuring findings are presented clearly and comply with legal standards and procedures. Desired (but not required) certifications: GIAC Reverse Engineering Malware (GREM) GIAC Certified Forensic Analyst (GCFA) GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)Offensive Security certifications relevant to malware or exploit analysis Education This position does not require education to qualify. Additional information The AO is an Equal Opportunity Employer. Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution. Benefits A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits. Review our benefits Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.