IT Security Engineer - Lead

Our SecurityEngineer Leadplays a pivotal role within the Information Security Operations group that isdedicated tosupporting Security Operations and Incident Management/Response processes, SIEM engineering, Threat Hunting, Automation, Cyber Architecture, and Threat Intelligence. 

• This position is responsible for enhancing SIEM and tool monitoring, tuning, detection, and alerting across multiple domains, to support cyber incident response capabilities and tooling, with the goal of identifying, analyzing, and mitigating security threats across the Guidehouse environment to protecting Guidehouse and Client data within systems, networks, and cloud environments.

• You will be mentoring and working with SOC analysts to increase knowledge and skill with detection techniquesand other SecOps technologies. You may also participateon IT Security projectsto enhance IT Security capabilities, improve monitoring coverage, drive detection and threat hunting efforts, leading to an overall improvement of enterprise cybersecurity posture.

• The successful candidate applies technical knowledge and experience to drive innovation and performance improvement while demonstrating critical thinking, problem solving, and sound logic when assessing problems and opportunities in generating solutions. This position reports to theIT Security Information Protection Associate Director.

Job Function:

• Solid understanding of platform, network, application, and cloud security fundamentals, threats, attack techniques, and mitigations

• Knowledge of cybersecurity concepts, and network/web protocols

• Designs and configures monitoring and alerts using SIEM (Splunk), Azure Purview, Defender, CSPM, etc.

• Experience with one or more of SIEMs, SOAR technologies, building/maintaining IR tools and processes, programming/scripting, threat hunting, log ingestion, and SIEM detection engineering/tuning.

• Demonstrates effective written and verbal communication skills; clearly and concisely conveying complex messages to IT Security Operations team and leadership; effectively presenting facts and recommendations

• Produces high quality work product leveraging templates, tools, and methodologies that align to applicable professional standards and best practices

• Assists with issue resolution, risk mitigation and contingency planning in alignment with IT Security risk mitigation plans, building a high level of trust with stakeholders and peers

• Uses critical thinking, analysis, expertise, and collaboration to develop technical solutions and solve problems

• Mentor, train, and guide IT Security technical staff across the organization, fostering a culture of technical excellence, continuous learning, and security-first principles.

• Promotes the development of new technical knowledge and skills within IT Security Operations team

• Takes ownership of tasks, resolving issues, prioritizing in a fast-paced environment, escalating as appropriate

• Stays current on cybersecurity events, trends, and issues in the news relevant to IT Security

• Can map issues to prescribed IT Security policies, procedures, and standards, apply to situations, determine if they are followed, and identify deviations.

• Bachelor’s degree plus 6 years of experience; OR 10+ Years of experience in lieu of degree

• United States Citizenship

• Must be able to work East Coast US business hours

• Experience supporting Microsoft Windows operating systems

• Familiar with Microsoft Azure, M365, and AWS cloud environments

• Knowledge of the MITRE ATT&CK framework

• Experience working with Security Operation Centers, physically or virtually

• Experience executing processes and procedures in compliance with required NIST, regulatory, and IT standards

• Experience using a SIEM, such as Splunk, to do analysis of security anomalies and events, developing queries with Search Processing Language (SPL) or Kusto Query Language (KQL)

• Action-oriented and able to manage and meet aggressive timelines and deadlines.

• Must have excellent organizational and time management skills

• Degree in computer-related or cyber field

• Working knowledge of NIST SP 800-171, NIST 800-61, and NIST SP 800-53

• Experience in one or more of application security, security architecture, security code reviews, security/pen-testing, cloud security, cyber threat intelligence, incident response, or security infrastructure

• Experience interpreting vulnerability scan data and CVEs, assessing and responding to vulnerabilities, including a foundational understanding of risk management

• Demonstrated knowledge of adversary TTPs (Tactics, Techniques and Procedures)

• Experience working with Executive Leadership

• Active US government security clearance (DoE, DoD, etc.).

• One or more of the following certifications

• (ISC)2 Certified Information Security Professional (CISSP), SANs GIAC certification (e.g., GCIH, GCFA, etc.), Offensive-Security Certified Professional (OSCP), EC-Council Certified Ethical Hacker (CEH), CompTIA Security+, AWS and/or Azure Cloud

• Experience working with firewalls/web application firewalls, implementing changes, and monitoring status

• Experience conducting Incident Response and Security Investigations

• Working knowledge of Active Directory, Exchange, SharePoint, and Teams

• Preference will be given to candidates who are located within 50 miles of a Guidehouse office.