Summary This position is located within the AO Technology Office (AOTO) of the Department of Technology Services (DTS). The incumbent of this position will serve as the Federal Security Operations team member under AOTO Security Chief. AOTO boundary includes AO Local Area Network General Support Systems in Washington, DC, San Antonio, TX, and Charleston, SC, and the integrated IT environment. Responsibilities The incumbent supports development of near and long-term security operations roadmaps, definitions of current and future security architectures, and assists in determining security requirements within the Judiciary guidelines and specifications that are based on AOTO requirements. The incumbent supports the development of a strong continuous monitoring program, to include Hardware Asset Management (HWAM), Software Asset Management (SWAM), Configuration Management and Vulnerability Management. The incumbent operationalizes supporting technologies to ensure that Judiciary Information Security Framework (JISF) requirements and IT Security Scorecard metrics are satisfied. The incumbent is the primary government Subject Matter Expert for Security Event Management and Incident Response at all AOTO-managed sites and for all national systems. Under the direction of the Security Operations Team Lead, the incumbent develops risk management metrics for decisionmakers. The incumbent reviews completed work of contractor personnel for effectiveness in meeting objectives, accuracy, Judiciary guidelines, and adherence to security best practices; oversees security components of AOTO-led projects; and communicates complex technical requirements to non-technical personnel. The incumbent will perform multiple and varying assignments under the direction and supervision of the Information Security Officer, AOTO. Additionally, this position will work closely with the Information Technology Security Office (ITSO) of the Department of Technology Services (DTS) to ensure the AOTO's compliance with the Judiciary Information Security Framework and both national and AO-specific security policies. Duties of the position include, but are not limited to: Supporting IT security operations initiatives to improve overall security posture and limit risk exposure for the AOTO. Operationalizing the enhancements to the continuous monitoring program that includes development of required processes and integration with existing security tools and technologies. Acting as the government Subject Matter Expert for Security Event Management and Incident Response. Identifying notable events, configuring alerting thresholds and SEIM dashboards that support Incident Response. Conducting periodic incident response plan testing through table-top exercises and simulations. Supporting the vulnerability management program at AOTO. Working with contractor teams to optimize the technology solutions that support security operations (i.e. Tenable Nessus, SecurityCenter, Forcepoint, Varonis, Trend Micro Apex One, etc.). Assisting in identifying risks and providing recommendations for determining appropriate mitigation techniques or strategies in support of risk acceptance decisions. Providing a supporting role in recognizing need for changes based on new security technologies or cyber related threats. Supporting mid and long-term plans that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT system vulnerabilities. Participating in the Change Control Board to provide security impact and vulnerability analysis for new and existing technologies at AOTO. Providing technical oversight and guidance to the security contractor team that develops and implements compensating controls, remediation plans, and Plans of Actions and Milestones (POA&Ms). Supporting the to secure design, implementation, maintenance, and modification of information technology systems that are critical to the operation and success of the Judiciary. This includes performing research to identify potential vulnerabilities in and threats to existing and proposed technologies and notifying the appropriate managers/personnel of the risk potential. Supporting the development, documentation and implementation of security operations processes and procedures that help manage the risk at an acceptable level. Requirements Conditions of Employment CONDITIONS OF EMPLOYMENT All information is subject to verification. Applicants are advised that false answers or omissions of information on application materials or inability to meet the following conditions may be grounds for non-selection, withdrawal of an offer of employment, or dismissal after being employed. Selection for this position is contingent upon completion of OF-306, Declaration of Federal Employment during the pre-employment process and proof of U.S. citizenship for competitive status positions or conversion to a competitive status position with the AO. If non-citizens are considered for hire into a temporary or any other position with non-competitive status or when it is confirmed by the AO Human Resources Office there are no qualified U.S. citizens for a competitive status position (unless prohibited by a law or statue), non-citizens must provide proof of authorization to work in the U.S. and proof of entitlement to receive compensation. Additional information on the employment of non-citizens can be found at USAJOBS Help Center | Employment of non-citizens/. For a list of documents that may be used to provide proof of citizenship or authorization to work in the United States, please refer to Form I-9, Employment Eligibility Verification. All new AO employees will be required to complete an FBI fingerprint-based national criminal database and records check and pass a public trust suitability check. New employees to the AO will be required to successfully pass the E-Verify employment verification check. To learn more about E-Verify, including your rights/responsibilities, visit https://www.e-verify.gov/. All new AO employees are required to identify a financial institution for direct deposit of pay before appointment. You will be required to serve a trial period if selected for a first-time appointment to the Federal government, transferring from another Federal agency, or serving as a first-time supervisor. Failure to successfully complete the trial period may result in termination of employment. If appointed to a temporary position, management may have the discretion of converting the position to permanent depending upon funding and staffing allocation. Qualifications Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions. Specialized Experience: Applicants must have at least one full year (52 weeks) of specialized experience which is in or directly related to the line of work of this position. Specialized experience is demonstrated experience must demonstrate ALL areas defined below: Demonstrated ability to lead a Security Event Management and Incident Response for a large General Support System and smaller specialized systems. Demonstrated ability to identifying risks and providing recommendations for determining appropriate mitigation techniques or strategies in support of risk acceptance decisions. Demonstrated ability to provide technical oversight and guidance to contractor teams that develop and implement compensating controls, remediation plans, and Plans of Actions and Milestones (POA&Ms). Demonstrated ability to collaborate with project teams, stakeholders, advocating for security compliance requirements to technical solution providers, serving as technical lead subject matter expert for security operations in major projects. Desired, but not required: Industry recognized security certification is preferred (i.e., CISSP, CISA, Security+) Education This position does not require education to qualify. Additional Information The AO is an Equal Opportunity Employer.