IT Cybersecurity Specialist

Serves as the Cybersecurity Lead for the U.S. Tax Court, acting as the technical authority for cybersecurity engineering, threat detection, and information security operations across on-premises and cloud environments. Leads the design, implementation, and continuous improvement of security monitoring and detection capabilities.

Develops, maintains, and executes log analysis and correlation strategies using Security Information and Event Management (SIEM) tools, including the creation, tuning, and automation of Splunk searches, alerts, dashboards, and scripted queries to identify indicators of compromise, anomalous behavior, and policy violations. Leads phishing detection and response activities. Designs and manages technical and procedural controls to prevent, detect, analyze, and respond to phishing and socially engineered attacks.

Performs forensic analysis of suspicious emails, headers, URLs, and attachments; coordinates containment and remediation actions; and collaborates with IT and business stakeholders to reduce phishing risk through controls, monitoring, and user awareness. Directs malware detection, containment, and remediation efforts. Oversees endpoint, server, and cloud-based protection technologies; analyzes alerts and telemetry related to malicious code, ransomware, and unauthorized software; investigates root cause; and leads coordinated response actions to eradicate threats and restore systems securely.

Performs continuous security monitoring in accordance with the National Institute of Science and Technology (NIST) Risk Management Framework (RMF) requirements. Analyzes vulnerability scan results, system logs, and security control metrics to assess risk posture and identify trends. Develops metrics and reports to communicate security status, risks, and recommended corrective actions to leadership.

Conducts security investigations and incident responses for confirmed or suspected cybersecurity events. Leads technical analysis, determines scope and impact, preserves evidence, documents findings, and recommends remediation and preventive measures. Coordinates incident response activities with internal teams and, as necessary, external partners and vendors.

Provides security engineering expertise throughout the system life cycle. Reviews system architectures, cloud configurations, application designs, and proposed changes to ensure security controls are integrated, and risks are addressed prior to deployment. Assesses the security impact of system changes through change and configuration management processes.

Develops, reviews, and maintains cybersecurity documentation, including System Security Plans (SSPs), risk assessments, incident response documentation, and continuous monitoring artifacts. Ensures documentation accurately reflects system configurations and implemented security controls. Implements and enforces identity and access management, network security, endpoint security, and data protection controls.

Ensures least-privilege access, secure authentication, and protection of sensitive Court information. Provides advanced Tier 2/3 technical support for cybersecurity-related incidents and problems. Analyzes complex issues, determines root causes, and implements corrective actions in coordination with IT operations teams.

Develops cybersecurity policies, standards, and procedures. Provides technical guidance and training to IT staff and users on phishing awareness, malware prevention, security monitoring, and incident response responsibilities. Supports IT governance, acquisition, and vendor oversight by defining cybersecurity requirements, evaluating proposed solutions, and ensuring security considerations are integrated into Court IT initiatives.

Supports Information Program Specialist with sourcing, procurement, and vendor management activities, as necessary. Writes, reviews, and/or maintains technical documentation for assigned technology or product environments (i.e., cybersecurity).

Applicants must be United States Citizens or Nationals. All Court employees are required to adhere to the Code of Conduct for U.S. Tax Court Employees. Employees of the U.S. Tax Court are considered "at-will" employees, and, as such, may be terminated with or without cause.

Those who are required must abide by Selective Service registration requirements. Selection of this position is contingent upon favorable suitability determination and security background checks, including a credit check, a Federal income tax check and a criminal check. A candidate selected for this position must be current on his or her federal income tax obligations before employment with the U.S.

Tax Court and must remain current at all times while employed by the U.S. Tax Court. Continued employment post appointment is subject to satisfactory completion of the background investigation and credit check and favorable adjudication.

A background reinvestigation or supplemental investigation may be required at a later time during employment. All applicant information is subject to verification. The Federal Financial Reform Act requires direct deposit of federal wages for Court employees.

A Bachelor's or Master's degree from an accredited college or university is required.

How You Will Be Evaluated: If you meet the minimum qualifications for this position, the Court will then evaluate your application package to assess the quality, depth, and complexity of your accomplishments, experience, and education as they relate to the requirements listed in this vacancy announcement.

This is an "At-Will" position. The United States Tax Court is an Equal Opportunity Employer. Position should allow for maximum telework for those in the local commuting area. Must be onsite in DC Courthouse as required.

The work can be physically challenging requiring lifting and moving heavy equipment, walking, standing for prolonged periods, climbing ladders, crawling under desks and in tight spaces. There may be limited requirements for travel to attend training and support configuration of equipment at field courtrooms. The work area is adequately lighted, heated, and ventilated.

The work environment involves everyday risks or discomforts that require normal safety precautions. Some employees may occasionally be exposed to uncomfortable conditions in such places as research and production facilities.

All applicants must apply through usajobs.gov. Application documents must be received by 11:59 p.m. (ET) on the closing date of this announcement. To begin your online application, click the Apply Online button and follow the prompts to register or sign into USAJOBS, take the online questionnaire, and submit the required documents.

See Required Documents section for more details. Questions regarding this announcement may be directed to the Office of Human Resources at (202) 521-4700 or by email at [email protected]. The Court does not accept hard-copy application packages.

The Court reserves the right to modify the conditions of this job announcement or to withdraw the announcement, with or without prior written or other notice.

HOW TO APPLY: Applicants may apply by submitting the following: A letter of interest/cover letter; A resume highlighting relevant knowledge and experience; Transcripts showing your bachelor's degree and any advanced degrees from an accredited college or university; If you have federal government experience, your most recent Notification of Personnel Action, SF-50; and A supplemental written statement, not to exceed two pages, which provides a brief description of how your experience relates to the duties outlined in this vacancy announcement. These application materials are due by 11:59 PM (ET) on the closing date of this vacancy announcement.

NOTE: AN INCOMPLETE APPLICATION WILL NOT BE CONSIDERED. The United States Tax Court is an equal opportunity employer.