Senior IT Specialist (Security Information and Event Management Security Engineer)

Summary

This is a full-time position with the Office of Information Technology at the Supreme Court of the United States in Washington, D.C.

Closing Date : Friday, 09 / 13 / 2024, 11 : 59 PM EDT

Please note that this vacancy has a limit of 200 applicants . The job opportunity announcement will automatically close if that limit is reached prior to the closing date.

This job is open to

The public

U.S. Citizens, Nationals or those who owe allegiance to the U.S.

Duties

This position is a full-time position in the Office of Information Technology at the Supreme Court of the United States, in Washington, D.

C. Under the guidance of the Court Information Security Officer, the incumbent will perform the full range of tasks and activities involved in developing, coordinating, implementing and maintaining standards, procedures and technical solutions to protect the confidentiality, integrity and availability of information systems and data.

The Security Information and Event Management (SIEM) Security Engineer will have overall responsibility for the SIEM program at the Court.

The role requires working with system administrators, engineers, developers, and incident responders to identify relevant system events, implementing the design, normalization, ingest, and alerting of relevant logs.

The SIEM Engineer serves a critical role in support of investigations and escalations of SIEM alerts. The SIEM Engineer also administers the SIEM hardware, software, and endpoint agents across the enterprise.

As a Security Engineer within the Court's Information Assurance Group, this role performs additional security engineering duties as assigned.

The incumbent will be responsible for the following duties :

• Manage and evolve the SIEM program over time according to Court priorities
• Evaluate current and emerging SIEM technologies and risks
• Install, configure, and maintain SIEM software and hardware
• Architect, administer, configure, and optimize the SIEM platform to collect and correlate security event data
• Implement the NIST 800-53 Audit and Accountability (AU) control family according to the Information Security Policy and the needs of Court offices
• Define and update SIEM alerts, reports, and dashboards
• Work with the Incident Response Team to develop playbooks for responding to SIEM alerts
• Support the design and implementation of manual and automated response to security events (SOAR)
• Train personnel in SIEM program operation
• Coordinate and conduct SIEM training exercises with relevant stakeholders
• Work with Incident Response Team to create detection rules for emerging threats
• Participate in On-Call rotation (approximately one week every two months)
• Incorporate threat intelligence feeds and indicators of compromise into SIEM alerting and dashboards
• Coordinate with department stakeholders when new technologies are implemented to ensure appropriate data ingest

Requirements

Conditions of Employment

• Meet Experience Requirements (see Qualifications)
• Employment is subject to successful completion of a security background check.
• If you are a male applicant born after December 31, 1959, you must certify that you have registered with the Selective Service System, or are exempt from having to do so under the Selective Service Law. See : www.sss.gov

Qualifications

Candidate must possess the following knowledge, skills and abilities :

• At least 2 years of experience managing enterprise SIEM tools
• Enterprise level experience installing, configuring, and implementing RHEL, Ubuntu or similar Linux platforms
• Experienced engineer with expertise in the design, implementation, configuration, and management of SIEM architectures
• Experience with solutions such as SOAR, threat intelligence platforms, and / or User Behavior Analysis (UBA)
• Knowledge of detection engineering and detection as code practices
• Ability to optimize systems to meet enterprise performance requirements
• Ability to work with engineers and vendors to improve capabilities, resolve issues, and increase performance of security operation devices and configurations
• Knowledge of operating system (Windows, Linux / Unix) command-line tools
• Knowledge of endpoint security events and how they relate to possible attacks / intrusions
• Ability to balance business needs with security policies
• Organizational skills with the ability to multitask, take direction, prioritize, and manage multiple activities / tasks to achieve objectives
• Proficiency in tailoring and / or recommending detection rules based on newly discovered IOCs and threats against government networks
• Expertise in data search, including indexing, querying, and visualization
• Experience with API scripting and programming languages (e.g. Python) for automation and custom tool development
• Excellent problem-solving skills and the ability to work under pressure in incident response scenarios
• Strong communication skills, both written and verbal, to effectively convey complex security concepts
• CISSP, GCIA, GCIH, CASP, and other security certifications desired, but not required

Education

Candidate must have :

• Two years of demonstrated cyber security related experience and a college degree (computer related).
• Five years of demonstrated cyber security experience.

Additional information

Working for the Supreme Court of the United States offers a comprehensive benefits package that includes, in part, paid vacation, sick leave, holidays, life insurance, health benefits, and participation in the Federal Employees Retirement System.

Additional benefits include flexible spending accounts, long-term care insurance, and the SmartBenefits transit subsidy.

• The Court provides appropriate in-house and outside third-party technical training. Each staff member is provided with access to high levels of technical support;
• an in-house library of up-to-date commercially available technical books and software; a technology lab for development and testing of technology products;

and a fully equipped computer training room. In addition, the Court provides all employees free access to an in-house exercise facility / weight training room.

Recruitment incentives may be authorized. If authorized, certain incentives will require you to sign a service agreement to remain an employee of the Supreme Court of the United States for a period of up to 2 years.

This statement does not guarantee that an incentive will be offered and paid. Incentives may include a recruitment incentive and / or creditable service for annual leave for prior non-federal related work experience or prior uniformed service, if the applicant possesses the skills and experience that are essential to the position, are necessary to achieve an important agency mission or performance goal and were acquired in a position with duties directly related to those of the position in which he or she is seeking appointment.

Benefits

Review our benefits

How You Will Be Evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

We will review and assess your application package in comparison with the posted qualifications for the position.

Benefits

Review our benefits

Required Documents

As a new or existing federal employee, you and your family may have access to a range of benefits. Your benefits depend on the type of position you have - whether you're a permanent, part-time, temporary or an intermittent employee.

You may be eligible for the following benefits, however, check with your agency to make sure you're eligible under their policies.

The following documents are required :

• A cover letter
• A resume
• How to Apply

You must upload the cover letter and resume. These two documents are required and must be received by the closing date, 09 / 13 / 2024, in order to be considered.

Please submit only these documents unless you have prior federal and / or military experience. In that case your most recent SF-50, Statement of Service, and / or DD-214 will also be required.

• To begin, click Apply Online to create a USAJobs account or log in to your existing account. Follow the prompts to select your USAJobs resume and / or other supporting documents and complete the occupational questionnaire.
• Click the Submit My Answers button to submit your application package.
• It is your responsibility to ensure your responses and appropriate documentation is submitted prior to the closing date.
• To verify your application is complete, log into your USAJobs account, https : / / www.usajobs.gov, select the Application Status link and then select the More Information link for this position.

The Details page will display the status of your application, the documentation received and processed, and any correspondence the agency has sent related to this application.

Your uploaded documents may take several hours to clear the virus scan process.

To return to an incomplete application, log into your USAJobs account and click Update Application in the vacancy announcement.

You must re-select your resume and / or other documents from your USAJobs account or your application will be incomplete.

Agency contact information

Human Resources Office

Phone

Email

Address

Supreme Court of the United States

1 First Street NE

Washington, DC 20543

Next steps

Upon submission, you will receive an e-mail acknowledging receipt of your application. Please be advised that your application will not be considered complete unless all of the required documents have been received.

All applicants will be notified once a selection has been made.

Fair and Transparent

The Federal hiring process is set up to be fair and transparent. Please read the following guidance.

• Criminal history inquiries
• Equal Employment Opportunity (EEO) Policy
• Financial suitability
• New employee probationary period
• Privacy Act
• Reasonable accommodation policy
• Selective Service
• Signature and false statements
• Social security number request

Required Documents

The following documents are required :

• A cover letter
• A resume

How to Apply

You must upload the cover letter and resume. These two documents are required and must be received by the closing date, 09 / 13 / 2024, in order to be considered.

Please submit only these documents unless you have prior federal and / or military experience. In that case your most recent SF-50, Statement of Service, and / or DD-214 will also be required.

• To begin, click Apply Online to create a USAJobs account or log in to your existing account. Follow the prompts to select your USAJobs resume and / or other supporting documents and complete the occupational questionnaire.
• Click the Submit My Answers button to submit your application package.
• It is your responsibility to ensure your responses and appropriate documentation is submitted prior to the closing date.
• To verify your application is complete, log into your USAJobs account, https : / / www.usajobs.gov, select the Application Status link and then select the More Information link for this position.

The Details page will display the status of your application, the documentation received and processed, and any correspondence the agency has sent related to this application.

Your uploaded documents may take several hours to clear the virus scan process.

To return to an incomplete application, log into your USAJobs account and click Update Application in the vacancy announcement.

You must re-select your resume and / or other documents from your USAJobs account or your application will be incomplete.

Agency contact information

Human Resources Office

Phone

Email

Address

Supreme Court of the United States

1 First Street NE

Washington, DC 20543

Next steps

Upon submission, you will receive an e-mail acknowledging receipt of your application. Please be advised that your application will not be considered complete unless all of the required documents have been received.

All applicants will be notified once a selection has been made.

Fair & Transparent

The Federal hiring process is set up to be fair and transparent. Please read the following guidance.

• Criminal history inquiries
• Equal Employment Opportunity (EEO) Policy
• Financial suitability
• New employee probationary period
• Privacy Act
• Reasonable accommodation policy
• Selective Service
• Signature and false statements
• Social security number request
12 days ago