Cybersecurity Operations - Public Sector

Job Family:

Cyber Consulting

Travel Required:

None

Clearance Required:

Ability to Obtain Public Trust

What You Will Do

Provide cybersecurity operations support, including analytical, administrative, and documentation support to enable the daily operations of cybersecurity operations units.

• Provide administrative support, including project management, incident management, workflow development, workflow optimization, document development, and more
• Ensure that the team remains on task and is responsive to taskers
• Identify duplicative efforts within the unit and help foster efficiencies
• Attend meetings as required, take meeting notes / minutes, capture action items on behalf of the Cyber Ops Unit, and provide that information back to the team
• Develop ad hoc reports, presentations, and documents as required by the Cyber Ops Unit to support operations
• Support FISMA reporting as needed
• Review reports, presentations, and documents developed by others in the Cyber Ops Unit and provide comments and/or in-line edits at the request of other team members
• Develop / author incident status reports for consumption at various levels within the Board, to include information such as a summary, an explanation of the incident itself, impact to the Board, completed actions, next steps, etc.
• Develop / author recurring quarterly metrics reports on behalf of the Cyber Ops Unit, to include measurements of the various functions within the Cyber Ops Unit; develop messaging that drives leadership awareness and informs decision-making
• Develop / author Situational Reports (SITREPS) for events that are important for broad awareness but may not yet be considered an incident
• Monitor open-source threat intelligence reporting sources for information that is actionable within Board systems; sources might include blogs, reports, articles, etc.; share findings with the Cyber Ops Unit analysts for action, as needed
• Support Cyber Ops Unit analysts in the analysis of log data and potential incidents
• Report on anomalous activity and potential cybersecurity incidents detected and addressed through daily monitoring of security devices and logs
• At the direction of the Federal Cyber Ops Unit analysts, author and implement custom detection content for the Board’s perimeter and endpoint security solutions
• Provide advanced analysis and adversary hunting to proactively uncover evidence of adversary presence within the Board’s systems and networks
• Perform the duties of a computer network defense operations analyst, including intrusion detection, intrusion prevention, and incident response, to include authoring and implementing custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logic
• Monitor and defend both local (on-premises) and cloud computing systems in support of the Cyber Ops Unit
• Investigate network anomalies and respond to cybersecurity incidents in either local (on[1]premises) or cloud computing systems, including all phases of the digital forensics and incident response process (e.g. preparation, scoping, containment, eradication, remediation, recovery, lessons learned, and closeout)

What You Will Need

• Bachelor's Degree
• Minimum of ONE (1) year experience creating reporting and metrics that demonstrate the health and well-being of a cybersecurity program; knowledge of and experience with reporting and visualization tools and dashboarding capabilities such as Splunk, Tableau, PowerApps, or other measurement and reporting tools is highly desirable
• Experience creating impactful and visually appealing reports that communicate the point clearly
• Knowledge and experience with technical writing for computer network defense subjects
• Experience performing all-source threat intelligence analysis to support computer network defense activities
• Experience with computer network defense operations, including intrusion detection, intrusion prevention, and incident response, to include authoring and implementing custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logic; Splunk experience is highly desirable
• Experience monitoring and defending both local (on-premises) and cloud computing systems, to include Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Cisco networking appliances, F5, Bluecoat, Palo Alto, VMware, CrowdStrike, Tenable, FireEye, Gigamon, and other common enterprise security technology providers
• Experience investigating network anomalies and responding to cybersecurity incidents in either local (on-premises) or cloud computing systems, including all phases of the digital forensics and incident response process (e.g. preparation, scoping, containment, eradication, remediation, recovery, lessons learned, and closeout)
• Knowledge of FISMA reporting

What Would Be Nice To Have:

• Certifications: GIAC Certified Incident Handler (GCIH), GIAC Security Essentials (GSEC), and/or CompTIA Security+

What We Offer:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

• Medical, Rx, Dental & Vision Insurance

• Personal and Family Sick Time & Company Paid Holidays

• Parental Leave

• 401(k) Retirement Plan

• Group Term Life and Travel Assistance

• Voluntary Life and AD&D Insurance

• Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts

• Transit and Parking Commuter Benefits

• Short-Term & Long-Term Disability

• Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities

• Employee Referral Program

• Corporate Sponsored Events & Community Outreach

• Care.com annual membership

• Employee Assistance Program

• Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)

• Position may be eligible for a discretionary variable incentive bonus

About Guidehouse
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.

Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.

If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.