- This announcement is open to Applicants who live in the Washington, D.C. commuting area and/or current federal Judiciary employees (nationwide.)*
The Administrative Office (AO), an agency of the Judicial Branch of the Federal government, is committed to serving and supporting the Federal court system of the United States. The AO provides a broad range of legislative, legal, financial, technology, management, administrative and program support services to the Federal courts.
AO positions are classified and paid under a broad-banded system with the exception of positions in the AO Executive Service. Salary is commensurate with experience. Most AO employees are eligible for full Federal and Judiciary benefits.
The AO is committed to attracting the best and brightest applicants in our support of the Third Branch of government. We take pride in serving the Judicial Branch and supporting its mission to provide equal justice under law.
This position is located in the Security Engineering Division, within the Information Technology Security Office (ITSO) of the Department of Technology Services (DTS).
This software security engineer position is specifically needed to promote robust software security architecture design; to assist with security requirements development and alignment to secure coding practices and frameworks; and to the Judicial Information Security Framework. The incumbent will provide assistance in the static code analysis of judicial applications prior to operational deployment.
As the Judiciary continues to develop in-house applications for both the desktop and mobile devices, a seasoned incumbent is needed to ensure the security requirements of the Judiciary are met in a secure, effective, and efficient manner. The incumbent is a recognized IT security expert with a strong background in software development, cyber security requirements analysis, and static/dynamic source code analysis as well as has a proven track record of successfully performing ” hands on” security activities, such as reviewing security architectures; assessing security activities in the software development lifecycle, including Fortify and other static and dynamic source code analysis tools to determine the robustness of the code base; and providing actionable advice to improve IT security across the systems development lifecycle (SDLC) regardless of the development methodology being followed (waterfall, Agile, DevOps, etc.). The incumbent will be responsible for the development of a secure coding assurance program in the Judiciary to include development of developer awareness training, creating and maintaining a secure code community of practice; and be the lead technical subject matter expert in reviewing static/dynamic code analysis results; and provide interpretation, guidance, and mitigation assistance to the multiple software development teams working throughout the Judiciary. The incumbent will perform multiple and varying assignments under the direction of the Chief, Security Engineering Division.
Duties include, but are not limited to the following:
Implementing the principles and process of either the SafeCode or BSIMM security frameworks;
Providing software architecture security guidance, including developing application threat models and methodically protecting against business logic and design flaws that could introduce security vulnerabilities;
Providing secure coding recommendations in a variety of programming languages;
Providing advice and guidance on how to remediate security vulnerabilities in a variety of programming languages;
Assisting in the planning and execution of application security testing and evaluation programs by providing best practices, static code testing results interpretation, and security tools technical support;
Advising and consulting internal clients on appropriate application of security practices and existing security services to solve problems or enable new business opportunities;
Explaining software vulnerabilities to both technical and non-technical audiences;
Administering the Fortify product suite or other commercial tools if acquired;
Planning and assisting in the integration of Fortify Static Code Analyzer (SCA) or other commercial tools if acquired into various project team’s development environments;
Assisting in the analysis and audit of static analysis results to help prioritize application vulnerabilities;
Demonstrating proficiency with the following tools and processes:
Fortify Audit Workbench – updating security content, scanning Java projects, scanning complex projects, analyzing scan results using the issues panel, setting filters and filter sets, viewing suppressed, removed and hidden issues;
Providing detailed and actionable security recommendations for the secure development of systems;
Assisting teams in secure development techniques using Fortify and set up Key Performance Metrics and reports in Fortify Software Security Center (or its successor tool);
Evaluating applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques specifically for Fortify SSC (or its successor tool);
Providing expert guidance to developers on the appropriate selection and implementation of relevant application security controls;
Performing duties related to the Security Awareness Training:Designing, developing and delivering presentations focused on raising awareness for crucial security relevant considerations and defensive programming techniques;
Serving as subject matter expert on application and information security technologies and methodologies; and
Creating documentation related to specific software security topics, as required.
Who May Apply
This job is open to…
US Citizens and Status Candidates
Questions? This job is open to 2 groups.
Job family (Series)
2210 Information Technology Management
Applications, Software Developers
Developers, Software Applications
Engineers, Software Applications
Information Technology Project Managers
Software Applications Engineers
Software Developers, Applications
Conditions of Employment
More than one selection may be made from this announcement.
All non-Judiciary appointees must serve a one-year trial period.
Selectee must favorably complete a background investigation.
All requirements must be met by the closing date of this announcement.
CONDITIONS OF EMPLOYMENT
All information is subject to verification. Applicants are advised that false answers or omissions of information on application materials or inability to meet the following conditions may be grounds for non-selection, withdrawal of an offer of employment, or dismissal after being employed.
Selection for this position is contingent upon completion of OF-306, Declaration of Federal Employment during the pre-employment process and proof of U.S. citizenship for competitive status positions or conversion to a competitive status position with the Administrative Office of the US Courts. In instances where non-citizens are considered for hire into temporary or any other position with non competitive status or when it is confirmed by the AO’s Human Resources Office that there are no qualified U.S. citizens for a competitive status position (unless prohibited by a law or statue), non-citizens must provide proof of authorization to work in the United States and proof of entitlement to receive compensation. Additional information on the employment of non-citizens can be found at
. For a list of documents that may be used to provide proof of citizenship or authorization to work in the United States, please refer to
Form I-9, Employment Eligibility Verification
A background security investigation is required for all selectees. Appointment will be subject to a successful completion of a background security investigation and favorable adjudication. Failure to successfully meet these requirements may be grounds for appropriate personnel action. A background security reinvestigation or supplemental investigation may be required at a later time.
All new AO employees must identify a financial institution for direct deposit of pay before appointment.
You will be required to serve a trial period if selected for a first-time appointment to the Federal government, transferring from another Federal agency, or serving as a first-time supervisor. Failure to successfully complete the trial period may result in termination of employment.
If appointed to a temporary position, management may have the discretion of converting the position to permanent depending upon funding and staffing allocation.
Relocation expenses may be provided, but only if authorized by the Director of the AO.
The selectee of this position may be assigned to an official duty station outside the advertised area.
Applicants must have demonstrated experience as listed below. This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions.
You must have Information Technology (IT) related experience which demonstrates proficiency in each of the following competencies:
Attention to Detail
- Is thorough when performing work and conscientious about attending to detail.
- Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
- Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
- Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
: Applicants must have at least one year of specialized experience which is in or directly related to the line of work of this position. Specialized experience must demonstrate
areas defined below:
(1) Performing work involving the design, development, modification, testing, installation, implementation, and support of new or existing applications software;
(2) Promoting robust security architecture design in the software development process including secure coding activities;
(Resume must show clear and convincing evidence of all areas of specialized experience. We cannot make assumptions.)
One or more of the following certification are desired but not required, CSSLP is the most preferred:
Similar cybersecurity certification
This job series does not require education to qualify.
The AO is an Equal Opportunity Employer.
How You Will Be Evaluated
You will be evaluated for this job based on how well you meet the qualifications above.
We will review your resume and supporting documentation and compare this information to your responses on the occupational questionnaire to determine if you meet the minimum qualifications for this job. If you meet the minimum qualifications for this job, we will evaluate your application package, to assess the quality, depth, and complexity of your accomplishments, experience, and education as they relate to the requirements listed in this vacancy announcement.
You should be aware that your ratings are subject to evaluation and verification. If a determination is made that you have rated yourself higher than is supported by your resume and/or narrative responses, you will be assigned a rating commensurate to your described experience. Failure to submit the mandatory narrative responses will result in not receiving full consideration and/or rating credit. Deliberate attempts to falsify information may be grounds for not selecting you, withdrawing an offer of employment, or dismissal after being employed.
Background checks and security clearance
Public Trust – Background Investigation
For this job announcement the following documents and/or information are required:
Resume – Any written format you choose to describe your job-related qualifications.
Citizenship – Include country of citizenship on resume.
Notification of Personnel Action (SF-50) – All applicants outside of the AO must submit a copy of your latest SF-50 to verify current or former Federal employment status.
Veterans Preference documentation – Certificate of Release or Discharge from Active Duty (DD Form 214), if applicable Application for 10-Point Veteran Preference (SF-15) and an official statement, dated 1991 or later, from the Department of Veterans Affairs or from a branch of the Armed Forces, certifying to the veteran’s present receipt of compensation.
If you are relying on your education to meet qualification requirements:
Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from
schools accredited by accrediting institutions recognized by the U.S. Department of Education
Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.
A career with the U.S. Government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding.
Benefits for federal employees
Pay and leave
Review our benefits
Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time, or intermittent. Contact the hiring agency for more information on the specific benefits offered.