There are many opportunities for DHS Cybersecurity Service employees to contribute their skills and talents to secure our Nation's information technology infrastructure.
DHS Cybersecurity Service employees work across our cybersecurity missions and Components in jobs that span 17 different cybersecurity specializations – which we call technical capabilities. In the DHS Cybersecurity Service, you can chart a career path based on your interests, while honing critical skills. Whether you are looking for your first cybersecurity job or have spent years in the field, DHS has opportunities for you.
The work we do spans multiple cybersecurity technical capabilities. Our jobs are structured around these capabilities. Most employees join with a primary technical capability, reflecting the majority of their cybersecurity technical expertise and experience. If you are just beginning your cybersecurity career, we will work with you to identify and develop a primary technical capability.
Our work also requires core professional and, as applicable, leadership capabilities. Visit Resources for more information about DHS Cybersecurity Service capabilities.
Develops system concepts and works on the capabilities phases of the systems development lifecycle. Translates technology and environmental conditions (e.g., laws, regulations, policies, and technical standards) into system and security designs and processes. Provides recommendations for investment standards and policies that drive how controls will be applied across the organization.
Responsible for the integration, management, and execution of all aspects of the cyber attack lifecycle to inform cyber defensive operations. Plans and executes end-to-end cybersecurity operations to defend protected assets. Plans collection operations, retrieves and analyzes key intelligence data. Understands where to focus surveillance. Oversees specialized denial and deception operations and collection of cybersecurity information that informs and develops the end-to-end operations.
Note: There are two subtypes of Cybersecurity Defensive Operations. An individual whose primary technical capability is Cybersecurity Defensive Operations –s Intelligence Collection and Analysis focuses on the underlying competencies above.
Responsible for the integration, management, and execution of all aspects of the cyber attack lifecycle to inform cyber defensive operations. Plans and executes end-to-end cybersecurity operations to defend protected assets. Plans collection operations, retrieves and analyzes key intelligence data. Understands where to focus surveillance. Oversees specialized denial and deception operations and collection of cybersecurity information that informs and develops the end-to-end operations.
Note: There are two subtypes of Cybersecurity Defensive Operations. An individual whose primary technical capability is Cybersecurity Defensive Operations – Planning, Execution, and Analysis focuses on the underlying competencies above.
Conducts software, hardware, and systems engineering to develop new and refine/enhance existing technical capabilities, ensuring full integration with security objectives, principles and processes. Builds practical solutions in full consideration of lifecycle of costs, acquisitions, program and projects, and management and budget. Identifies engineering requirements for, and ensures interoperability of, internal and external systems. Demonstrates strategic risk understanding, considering impact of security breaches or vulnerabilities in every aspect of the engineering process. Stays current on emerging technologies, and their applications to current and emerging business processes (e.g., cloud, mobile), and identifies and recommends methods for incorporating promising technologies to meet organizational cybersecurity requirements.
Applies knowledge of information security to define the organization's direction and direct resources to achieve the mission. Develops and recommends policy changes to support mission needs. Manages security implications within the organization as directed.
Manages information security programs within the organization, to include strategic, personnel, security infrastructure, policy enforcement, emergency planning, security awareness, and acquisition considerations.
Conducts technology and/or feasibility research, development, and assessments. Provides, builds, tests, and supports a prototype capability and/or evaluates its security and utility. Plans, conducts or oversees comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems. Ensures appropriate security measures are considered throughout each phase of the R&D lifecycle.
Oversees, evaluates, and supports the documentation, validation, assessment, and authorization processes necessary to ensure that existing and new information technology systems meet the Department’s cybersecurity and risk requirements, and provide decision makers with the knowledge to make well-informed risk decisions. Ensures that strategic considerations drive investment and operational decisions with regard to managing risk to organizational operations (including mission, function, image, and reputation), organizational assets, individuals, other organizations (collaborating or partnering with federal agencies and contractors) and the Nation. Understands and utilizes the National Institute of Standards and Technology (NIST) series of documents.
Collects, analyzes, and reports on cybersecurity threats and threat actors to support operations. Understands and analyzes different sources of information (e.g., INTs [intelligence], open source, law enforcement data) on specific topics or targets. Provides tactical/operational analysis, including attribution of cyber actors using a variety of analytic techniques and tools. May also provide strategic-level analysis to support broader mission. Develops and communicates situational awareness of local, regional, and international cybersecurity threats impacting stakeholder missions and interests.
Examines data with the goal of providing new insight for the purposes of cybersecurity. Designs and implements custom algorithms, flow processes and layouts for complex, enterprise-scale data sets used for modeling, data analytics, and research purposes. Applies understanding of cybersecurity field to inform analytical methodologies and algorithms selected for implementation. Designs, builds, implements, integrates, and maintains systems and tools for data trend and pattern analysis of cyber data. Applies knowledge of statistics and mathematical theory to develop and integrate new and emerging technologies, such as machine learning and deep learning concepts and techniques. Communicates insights gained to mission user.
Collects, processes, analyzes, interprets, preserves, and presents digital evidence in support of network vulnerability mitigation, intelligence operations, and different types of investigations (including but not limited to administrative, criminal, counterintelligence, and law enforcement). Applies tactics, techniques, and procedures (TTPs) for investigative processes.
Tracks and responds to prioritized urgent IT and cyber events and indicators of compromise (IOCs) to mitigate threats to networks, systems, and applications. Investigates and analyzes response activities and employs various advanced response and recovery approaches as appropriate. Applies understanding of tactics, techniques, and procedures (TTPs) for investigative processes, including identifying adversaries’ TTPs and applying corresponding defense or security controls. Conducts root cause analysis and response coordination, providing recommendations for mitigation. Executes recovery action plans and adapts plans to handle new developments.
Applies expertise to understand designs, protocols, and physical configurations of purpose-built interconnected systems—such as industrial control systems, physical systems, and embedded systems—and can define and implement comprehensive countermeasures to detect threats and maintain the overall cybersecurity posture of these systems.
Understands the installation, configuration, testing, operation, maintenance, and management of networks and their firewalls, including hardware and software, which permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.
Conducts software system planning and development to create new, and enhance existing, technical solutions, following industry best practices for quality, security, scalability, and reliability. Develops software using modern best practices and cross-functional knowledge of the entire software development landscape including agile methodologies, continuous integration and continuous deliver (CI/CD) processes, automated testing, and secure system design and analysis. Creates software that accounts for common and uncommon security risks throughout the software development lifecycle (SDLC) and reviews existing systems and software development processes for potential security issues. Stays current on emerging technologies, trends, and practices and recommends pathways to implement such improvements to meet organizational goals and requirements.
Implements, configures, and manages security devices and systems (such as firewalls, intrusion detection and log collectors, and vulnerability scanners) in accordance with policies, procedures, and best practices. Installs, manages, and monitors security measures to support mitigation efforts; shares relevant information with system and network administrators.
Conducts assessments of threats and vulnerabilities on networks/systems software and hardware, and develops and recommends appropriate mitigation countermeasures. Develops and conducts tests of systems to evaluate compliance with specifications and requirements in accordance with policy, benchmarks and industry best practices, by validating technical, functional, and performance characteristics of systems or their elements. Coordinates and aligns with program offices and various stakeholders.