Job Family *: *
Cyber Consulting
Travel Required *: *
None
Clearance Required *: *
Ability to Obtain Public Trust
What You Will Do
Provide cybersecurity operations support, including analytical, administrative, and documentation support to enable the daily operations of cybersecurity operations units.
Provide administrative support, including project management, incident management, workflow development, workflow optimization, document development, and more
Ensure that the team remains on task and is responsive to taskers
Identify duplicative efforts within the unit and help foster efficiencies
Attend meetings as required, take meeting notes / minutes, capture action items on behalf of the Cyber Ops Unit, and provide that information back to the team
Develop ad hoc reports, presentations, and documents as required by the Cyber Ops Unit to support operations
Support FISMA reporting as needed
Review reports, presentations, and documents developed by others in the Cyber Ops Unit and provide comments and/or in-line edits at the request of other team members
Develop / author incident status reports for consumption at various levels within the Board, to include information such as a summary, an explanation of the incident itself, impact to the Board, completed actions, next steps, etc.
Develop / author recurring quarterly metrics reports on behalf of the Cyber Ops Unit, to include measurements of the various functions within the Cyber Ops Unit; develop messaging that drives leadership awareness and informs decision-making
Develop / author Situational Reports (SITREPS) for events that are important for broad awareness but may not yet be considered an incident
Monitor open-source threat intelligence reporting sources for information that is actionable within Board systems; sources might include blogs, reports, articles, etc.; share findings with the Cyber Ops Unit analysts for action, as needed
Support Cyber Ops Unit analysts in the analysis of log data and potential incidents
Report on anomalous activity and potential cybersecurity incidents detected and addressed through daily monitoring of security devices and logs
At the direction of the Federal Cyber Ops Unit analysts, author and implement custom detection content for the Board's perimeter and endpoint security solutions
Provide advanced analysis and adversary hunting to proactively uncover evidence of adversary presence within the Board's systems and networks
Perform the duties of a computer network defense operations analyst, including intrusion detection, intrusion prevention, and incident response, to include authoring and implementing custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logic
Monitor and defend both local (on-premises) and cloud computing systems in support of the Cyber Ops Unit
Investigate network anomalies and respond to cybersecurity incidents in either local (on[1]premises) or cloud computing systems, including all phases of the digital forensics and incident response process (e.g. preparation, scoping, containment, eradication, remediation, recovery, lessons learned, and closeout)
What You Will Need
Bachelor's Degree
Minimum of ONE (1) year experience creating reporting and metrics that demonstrate the health and well-being of a cybersecurity program; knowledge of and experience with reporting and visualization tools and dashboarding capabilities such as Splunk, Tableau, PowerApps, or other measurement and reporting tools is highly desirable
Experience creating impactful and visually appealing reports that communicate the point clearly
Knowledge and experience with technical writing for computer network defense subjects
Experience performing all-source threat intelligence analysis to support computer network defense activities
Experience with computer network defense operations, including intrusion detection, intrusion prevention, and incident response, to include authoring and implementing custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logic; Splunk experience is highly desirable
Experience monitoring and defending both local (on-premises) and cloud computing systems, to include Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Cisco networking appliances, F5, Bluecoat, Palo Alto, VMware, CrowdStrike, Tenable, FireEye, Gigamon, and other common enterprise security technology providers
Experience investigating network anomalies and responding to cybersecurity incidents in either local (on-premises) or cloud computing systems, including all phases of the digital forensics and incident response process (e.g. preparation, scoping, containment, eradication, remediation, recovery, lessons learned, and closeout)
Knowledge of FISMA reporting
What Would Be Nice To Have *: *
Certifications: GIAC Certified Incident Handler (GCIH), GIAC Security Essentials (GSEC), and/or CompTIA Security What We Offer:
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits include:
Medical, Rx, Dental & Vision Insurance
Personal and Family Sick Time & Company Paid Holidays
Parental Leave
401(k) Retirement Plan
Group Term Life and Travel Assistance
Voluntary Life and AD&D Insurance
Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts
Transit and Parking Commuter Benefits
Short-Term & Long-Term Disability
Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities
Employee Referral Program
Corporate Sponsored Events & Community Outreach
Care.com annual membership
Employee Assistance Program
Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)
Position may be eligible for a discretionary variable incentive bonus
About Guidehouse
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.
Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.
If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.
Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.
S:SKINTIAGP2