Description:
This position is located within the Department of the Chief Information Officer (DCIO), Information Technology Security Office (ITSO). The incumbent is a recognized IT security expert with a strong defensive cyber background and "hands-on" experience in incident response. The incumbent will perform multiple and varying assignments under the direction of the Chief, Incident Response Branch - Security Operations Division.Requirements:
Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions.Applicants must have at least one full year (52 weeks) of specialized experience, which is in or directly related to the line of work of this position. Specialized experience is demonstrated experience in ALL of the following:
- Development experience to include proficiency in 1 or more of the following: .NET, PowerShell, C# or Python.
- Comprehensive understanding of adversarial techniques, with the capability to technically diagram and articulate the stages of an intrusion.
- SME-level experience examining enterprise audit logs including Windows Event Log and Sysmon in Windows environments, and auditd in Linux environments.
- Knowledge of forensic methodologies and the processes involved in collecting, preserving, and analyzing digital evidence to accurately reconstruct events and support incident response efforts.
- Experience in analyzing sophisticated attacker techniques that exploit email and cloud services as attack vectors.
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Forensic Examiner (GCFE)
- GIAC Cloud Incident Response (GCIR)
- Certified Information Systems Security Professional (CISSP)
Feb 11, 2026;
from:
usajobs.gov