Supervisory IT Specialist (Security)

Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions. Specialized Experience: Applicants must have at least one full year (52 weeks) of specialized experience which is in or directly related to the line of work of this position. Specialized experience is demonstrated experience must demonstrate ALL areas defined below: Leading enterprise detection engineering, threat hunting, and cyber threat intelligence programs in support of continuous cybersecurity operations and organizational cyber defense objectives. Directing the development, implementation, and execution of proactive threat hunting strategies to identify sophisticated, emerging, or previously undetected adversary activity across enterprise environments. Establishing and maintaining governance, standards, methodologies, and quality assurance processes for detection engineering programs to ensure operational effectiveness, consistency, and alignment with organizational cybersecurity objectives. Leading the production, analysis, and operational integration of cyber threat intelligence to inform detection engineering priorities, guide threat hunting activities, and support risk-based cybersecurity and organizational decision-making. Desired (but not required) certifications: Offensive Security Professional (OSCP) GIAC Reverse Engineering Malware (GREM) GIAC Certified Forensic Analyst (GCFA) GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)Offensive Security certifications relevant to malware or exploit analysis This position is in the Department of the Chief Information Office, Information Technology Security Office (ITSO), Security Operations Division. ITSO manages the Judiciary's IT security program, oversees the security operations of Judiciary IT assets and environments, proposes national IT security policies and develops guidelines for their implementation, and establishes and maintains collaborative relationships within the Judiciary and with third-party partners.

• The Supervisory Information Technology Specialist (Security) serves as the Security Operations Support Branch Chief within the Security Operations Support Branch (SOSB). The incumbent is responsible for leading detection engineering, threat hunting, and threat intelligence teams to identify cybersecurity threats that impact the confidentiality, integrity, and availability of judicial data. The position reports to the SOD Division Chief and is critical to protecting the confidentiality, integrity, and availability of Judiciary information systems. Duties include, but are not limited to: Providing leadership, direction, and oversight for the Security Operations Support Branch, which delivers enterprise detection engineering, threat hunting, and threat intelligence capabilities in support of continuous cybersecurity operations. Overseeing the development, testing, deployment, and lifecycle management of detection logic used to identify malicious activity across the Judiciary's information technology environment. Leading the production and operational integration of threat intelligence to inform detection engineering priorities, threat hunting activities, and risk-based decision-making. Directing proactive threat hunting efforts to identify emerging, novel, or evasive adversary behaviors not addressed by existing detection mechanisms. Establishing and maintaining detection engineering standards, methodologies, and quality assurance processes to ensure accuracy, consistency, and operational effectiveness. Overseeing the validation, tuning, and refinement of detections based on operational feedback, adversary emulation results, and observed threat activity. Ensuring the development of metrics and reporting to measure detection coverage, effectiveness, and operational maturity. Leading the development and maintenance of a common operational picture that identifies baseline activity and highlights meaningful deviations to support situational awareness, prioritization, and leadership decision-making. Providing executive summaries and briefings to senior leadership and cybersecurity stakeholders to support enterprise risk awareness, prioritization, and resource allocation. Coordinating with the Security Operations Center to improve alert fidelity, investigative workflows, and analytic outcomes. Managing branch personnel, contractor support, and resource planning to sustain required capabilities. Performing duties consistent with the skills, knowledge, and abilities defined in NIST Special Publication 800-181 (NICE Cybersecurity Workforce Framework) for Program Management (OG-WRL-010), Threat Analysis (PD-WRL-006), and Defensive Cybersecurity (PD-WRL-001) roles.