Summary

This is a full-time position with the Office of Information Technology at the Supreme Court of the United States in Washington, D.C.

Closing Date: Friday, 05/01/2026, 11:59 PM ET

Please note that this vacancy has a limit of 200 applicants. The job opportunity announcement will automatically close if that limit is reached prior to the closing date.

This job is open to

The public

U.S. Citizens, Nationals or those who owe allegiance to the U.S.

Clarification from the agency

United States Citizens Only

Duties

This position is a full-time position in the Office of Information Technology at the Supreme Court of the United States, in Washington, D.C. Under the guidance of the Court Information Security Officer, the incumbent will perform the full range of tasks and activities involved in developing, coordinating, implementing and maintaining standards, procedures and technical solutions to protect the confidentiality, integrity and availability of information systems and data.

The Tier-3 Cyber Incident Response Analyst protects the Court's systems and information by leading the detection, analysis, containment, and recovery efforts for cybersecurity incidents. This position must report on-site within the Washington DC area multiple times per week.

The incumbent will be responsible for the following duties:

As a senior-level Tier 3 incident responder, perform analysis of alerts and event logs from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to security;
Analyze network traffic to identify anomalous activity and potential threats to network resources;
As an Incident Response Team member, respond to threats and take mitigating actions to contain the malicious activity and minimize damage as well as facilitate forensics analysis to determine the source of the threat;
As an Incident Commander, lead, track and document cyber incidents from initial detection through final resolution, in addition to capturing after-action items and lessons-learned;
Participate in 24x7 on-call support rotation;
Contribute to insider threat protection through behavioral monitoring, threat detection, and forensic investigation;
Update and maintain the Incident Response Plan, playbooks, and standard operating procedures to ensure efficient and effective handling of security incidents aligned with evolving threat landscapes;
Receive cyber threat intelligence material and, working with SIEM/Detection engineers, create actionable detections, alerts, and response guidance;
Design and lead incident response tabletop exercises and attack simulations to test readiness and improve team coordination;
Integrate and align the Incident Response program and capabilities with Court Continuity of Operations (COOP) planning and exercises;
Contribute to the implementation, configuration, and continuous improvement of incident response tools and processes;
Work with stakeholders at all levels of the organization to communicate the state of information security, inform of possible risks, and suggest ways to improve security;
Make recommendations to senior management on results of analysis and work closely with other Information Technology groups to refine and enhance security controls;
Support and contribute to the broader information security program initiatives, and other duties as assigned.

Requirements

Conditions of employment

U.S. Citizenship
Meet Experience Requirements (see Qualifications)
Employment is subject to successful completion of a security background check.
If you are a male applicant born after December 31, 1959, you must certify that you have registered with the Selective Service System, or are exempt from having to do so under the Selective Service Law. See: www.sss.gov
Must be able to obtain and maintain a security clearance at the level of Top Secret

Qualifications

As a condition of continued employment, the candidate must be able to acquire and retain a Top Secret (TS) clearance. Candidate must possess the following knowledge, skills and abilities:

At least three (3) years of experience with Incident Response and handling methodologies, and at least two (2) additional years of applicable Information Technology (IT) or Information Security experience.
Experience with full lifecycle incident response handling, preparation, containment, eradication, and post incident reporting.
Experience and knowledge of malware analysis concepts and methodologies.
Knowledge of network protocols and concepts, common application protocols and ports, and user authentication processes.
Experience with signature construction to be implemented with cyber defense tools in response to threats and IOCs.
Experience investigating and troubleshooting alerts against network traffic using packet analysis tools.
High level understanding of operating systems such as Windows, Linux, and iOS and command-line tools.
Ability to communicate both orally and in writing, ability to create, manage, and prioritize tasks.
Understanding and knowledge of APT TTPs, intrusion vectors, and countermeasures.
Knowledge and experience with industry cybersecurity frameworks and concepts, such as cyber kill chain, ATT&CK framework, and diamond model.
Experience performing threat hunting desired but not required.
Knowledge of endpoint security events and how they relate to cyber security attacks and intrusions.
CISSP, GCIH, GCFA, GREM, ECIH, CySA+, and other security certifications desired but not required.

Education

Candidate must have a technology related college degree and five years of demonstrated IT and cyber security related experience or seven years of demonstrated cyber security and IT experience.

Additional information

Working for the Supreme Court of the United States offers a comprehensive benefits package that includes, in part, paid vacation, sick leave, holidays, life insurance, health benefits, and participation in the Federal Employees Retirement System. Additional benefits include flexible spending accounts, long-term care insurance, and the SmartBenefits transit subsidy. This position is eligible for regularly scheduled telework in accordance with agency policy.

The Court provides appropriate in-house and outside third-party technical training. Each staff member is provided with access to high levels of technical support; an in-house library of up-to-date commercially available technical books and software; a technology lab for development and testing of technology products; and a fully equipped computer training room. In addition, the Court provides all employees free access to an in-house exercise facility/weight training room.

Recruitment incentives may be authorized. If authorized, certain incentives will require you to sign a service agreement to remain an employee of the Supreme Court of the United States for a period of up to 2 years. This statement does not guarantee that an incentive will be offered and paid. Incentives may include a recruitment incentive and/or creditable service for annual leave for prior non-federal related work experience or prior uniformed service, if the applicant possesses the skills and experience that are essential to the position, are necessary to achieve an important agency mission or performance goal and were acquired in a position with duties directly related to those of the position in which he or she is seeking appointment.

Candidates should be committed to improving the efficiency of the Federal government, passionate about the ideals of our American republic, and committed to upholding the rule of law and the United States Constitution.

Review our benefits

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

We will review and assess your application package in comparison with the posted qualifications for the position.

Required Documents

The following documents are required:

A cover letter
A resume

How to Apply

You must upload the cover letter and resume. These two documents documents are required and must be received by the closing date, 05/01/2026, in order to be considered. Please submit only these documents unless you have prior federal and/or military experience. In that case your most recent SF-50, Statement of Service, and/or DD-214 will also be required.

To begin, click Apply Online to create a USAJobs account or log in to your existing account. Follow the prompts to select your USAJobs resume and/or other supporting documents and complete the occupational questionnaire.
Click the Submit My Answers button to submit your application package.
It is your responsibility to ensure your responses and appropriate documentation is submitted prior to the closing date.
To verify your application is complete, log into your USAJobs account, https://www.usajobs.gov, select the Application Status link and then select the More Information link for this position. The Details page will display the status of your application, the documentation received and processed, and any correspondence the agency has sent related to this application. Your uploaded documents may take several hours to clear the virus scan process.
To return to an incomplete application, log into your USAJobs account and click Update Application in the vacancy announcement. You must re-select your resume and/or other documents from your USAJobs account or your application will be incomplete.

Agency contact information

Human Resources Office

Phone: (202) 479-3404
Email: hr@supremecourt.gov

Address: Supreme Court of the United States
1 First Street NE
Washington, DC 20543
US

Next steps

Upon submission, you will receive an e-mail acknowledging receipt of your application. Please be advised that your application will not be considered complete unless all of the required documents have been received. All applicants will be notified once a selection has been made.

Senior Information Technology Specialist (Cyber Incident Response Analyst II) Job in Washington, DC