• Establish and maintain deep, consultative relationships with customer executives and security leaders, serving as their primary trusted advisor on cybersecurity matters • Identify and uncover opportunities where GuidePoint Security solutions can address customer cybersecurity needs and business objectives • Provide expert guidance on cybersecurity strategy, risk management, and security program development tailored to each customer's unique environment • Represent GuidePoint Security as a subject matter expert in the cybersecurity community through speaking engagements, publications, and industry events • Partner closely with sales, delivery, and product teams to ensure seamless customer experiences and drive solution alignment • Stay current on emerging threats, industry trends, and regulatory requirements affecting customers in the region, and proactively communicate relevant insights to customers • Serve as a senior resource and mentor to colleagues, contributing to the development of best practices, methodologies, and advisory frameworks across the organization

Role Description This position is in the Department of the Chief Information Office, Information Technology Security Office (ITSO), Security Operations Division. ITSO manages the Judiciary's IT security program, oversees the security operations of Judiciary IT assets and environments, proposes national IT security policies and develops guidelines for their implementation, and establishes and maintains collaborative relationships within the Judiciary and with third-party partners. The Supervisory Information Technology Specialist (Security) serves as the Security Operations Support Branch Chief within the Security Operations Support Branch (SOSB). The incumbent is responsible for leading detection engineering, threat hunting, and threat intelligence teams to identify cybersecurity threats that impact the confidentiality, integrity, and availability of judicial data. The position reports to the SOD Division Chief and is critical to protecting the confidentiality, integrity, and availability of Judiciary information systems. - Providing leadership, direction, and oversight for the Security Operations Support Branch, which delivers enterprise detection engineering, threat hunting, and threat intelligence capabilities in support of continuous cybersecurity operations. - Overseeing the development, testing, deployment, and lifecycle management of detection logic used to identify malicious activity across the Judiciary's information technology environment. - Leading the production and operational integration of threat intelligence to inform detection engineering priorities, threat hunting activities, and risk-based decision-making. - Directing proactive threat hunting efforts to identify emerging, novel, or evasive adversary behaviors not addressed by existing detection mechanisms. - Establishing and maintaining detection engineering standards, methodologies, and quality assurance processes to ensure accuracy, consistency, and operational effectiveness. - Overseeing the validation, tuning, and refinement of detections based on operational feedback, adversary emulation results, and observed threat activity. - Ensuring the development of metrics and reporting to measure detection coverage, effectiveness, and operational maturity. - Leading the development and maintenance of a common operational picture that identifies baseline activity and highlights meaningful deviations to support situational awareness, prioritization, and leadership decision-making. - Providing executive summaries and briefings to senior leadership and cybersecurity stakeholders to support enterprise risk awareness, prioritization, and resource allocation. - Coordinating with the Security Operations Center to improve alert fidelity, investigative workflows, and analytic outcomes. - Managing branch personnel, contractor support, and resource planning to sustain required capabilities. - Performing duties consistent with the skills, knowledge, and abilities defined in NIST Special Publication 800-181 (NICE Cybersecurity Workforce Framework) for Program Management (OG-WRL-010), Threat Analysis (PD-WRL-006), and Defensive Cybersecurity (PD-WRL-001) roles. Qualifications - Demonstrated experience leading enterprise detection engineering, threat hunting, and cyber threat intelligence programs in support of continuous cybersecurity operations and organizational cyber defense objectives. - Experience directing the development, implementation, and execution of proactive threat hunting strategies to identify sophisticated, emerging, or previously undetected adversary activity across enterprise environments. - Established and maintained governance, standards, methodologies, and quality assurance processes for detection engineering programs to ensure operational effectiveness, consistency, and alignment with organizational cybersecurity objectives. - Experience leading the production, analysis, and operational integration of cyber threat intelligence to inform detection engineering priorities, guide threat hunting activities, and support risk-based cybersecurity and organizational decision-making. Requirements - At least one full year (52 weeks) of specialized experience in or directly related to the line of work of this position. Benefits - Desired (but not required) certifications: - Offensive Security Professional (OSCP) - GIAC Reverse Engineering Malware (GREM) - GIAC Certified Forensic Analyst (GCFA) - GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) - Offensive Security certifications relevant to malware or exploit analysis

• Security Architecture Reviews • Perform holistic tabletop reviews covering both technical and non-technical risk across OT environments, without engaging in high-risk manual or automated activity • Analyze for areas of negative impact, high risk, and single points of failure (SPOF) within sensitive, legacy networks • Apply structured judgment to identify where risk is concentrated and where controls are missing • Adapt review depth and approach to the operational realities of each client environment • OT Risk Identification & Assessment • Identify vulnerabilities and weaknesses across Operational Technology environments, including Industrial Control Systems (ICS), SCADA, and field devices • Assess legacy and sensitive networks where conventional testing methods carry unacceptable operational risk • Distinguish between theoretical and operationally relevant risk to keep findings actionable • Prove impact where appropriate, exercising restraint where the environment demands it • Client Advisory & Program Improvement • Support OT clients with security program improvements, identifying which critical controls are needed • Refine testing scope collaboratively as engagements proceed and the environment becomes clearer • Translate technical findings into guidance that clients can act on across both technical and leadership audiences • Build client confidence through credibility, clear communication, and operational awareness • Methodology & Continuous Improvement • Contribute to the maturity of Packetlabs' OT testing methodology and practice • Stay current on OT threats, attack techniques, and defensive controls • Share knowledge with the broader team to minimize blind spots and strengthen collective capability • Help raise the standard of OT security work across the firm

• Design and refine security profiles for NATO communication standards • Analyze compliance with NATO Data Centric Security (DCS) requirements • Develop proof-of-concept implementations and concept demonstrators • Support interoperability and validation exercises • Design and execute security validation testing • Produce technical specifications and standards documentation • Develop and maintain software components supporting secure information exchange • Contribute to SCRUM-based development teams • Support knowledge transfer and technical handover activities