As a condition of continued employment, the candidate must be able to acquire and retain a Top Secret (TS) clearance. Candidate must possess the following knowledge, skills and abilities: At least three (3) years of experience with Incident Response and handling methodologies, and at least two (2) additional years of applicable Information Technology (IT) or Information Security experience.
Experience with full lifecycle incident response handling, preparation, containment, eradication, and post incident reporting.
Experience and knowledge of malware analysis concepts and methodologies. Knowledge of network protocols and concepts, common application protocols and ports, and user authentication processes.
Experience with signature construction to be implemented with cyber defense tools in response to threats and IOCs.
Experience investigating and troubleshooting alerts against network traffic using packet analysis tools. High level understanding of operating systems such as Windows, Linux, and iOS and command-line tools. Ability to communicate both orally and in writing, ability to create, manage, and prioritize tasks.
Understanding and knowledge of APT TTPs, intrusion vectors, and countermeasures. Knowledge and experience with industry cybersecurity frameworks and concepts, such as cyber kill chain, ATT&CK framework, and diamond model.
Experience performing threat hunting desired but not required. Knowledge of endpoint security events and how they relate to cyber security attacks and intrusions. CISSP, GCIH, GCFA, GREM, ECIH, CySA+, and other security certifications desired but not required.
Monday to Friday, 9 AM – 5 PM (full-time)
Submit your application directly to Judicial Branch.
🔗 Apply on Employer Site →