Arlington, USA
8 days ago
Cybersecurity Operations - Public Sector

Job Family:

Cyber Consulting


Travel Required:

None


Clearance Required:

Ability to Obtain Public Trust


What You Will Do

Provide cybersecurity operations support, including analytical, administrative, and documentation support to enable the daily operations of cybersecurity operations units.

Provide administrative support, including project management, incident management, workflow development, workflow optimization, document development, and moreEnsure that the team remains on task and is responsive to taskersIdentify duplicative efforts within the unit and help foster efficienciesAttend meetings as required, take meeting notes / minutes, capture action items on behalf of the Cyber Ops Unit, and provide that information back to the teamDevelop ad hoc reports, presentations, and documents as required by the Cyber Ops Unit to support operationsSupport FISMA reporting as neededReview reports, presentations, and documents developed by others in the Cyber Ops Unit and provide comments and/or in-line edits at the request of other team membersDevelop / author incident status reports for consumption at various levels within the Board, to include information such as a summary, an explanation of the incident itself, impact to the Board, completed actions, next steps, etc.Develop / author recurring quarterly metrics reports on behalf of the Cyber Ops Unit, to include measurements of the various functions within the Cyber Ops Unit; develop messaging that drives leadership awareness and informs decision-makingDevelop / author Situational Reports (SITREPS) for events that are important for broad awareness but may not yet be considered an incidentMonitor open-source threat intelligence reporting sources for information that is actionable within Board systems; sources might include blogs, reports, articles, etc.; share findings with the Cyber Ops Unit analysts for action, as neededSupport Cyber Ops Unit analysts in the analysis of log data and potential incidentsReport on anomalous activity and potential cybersecurity incidents detected and addressed through daily monitoring of security devices and logsAt the direction of the Federal Cyber Ops Unit analysts, author and implement custom detection content for the Board’s perimeter and endpoint security solutionsProvide advanced analysis and adversary hunting to proactively uncover evidence of adversary presence within the Board’s systems and networksPerform the duties of a computer network defense operations analyst, including intrusion detection, intrusion prevention, and incident response, to include authoring and implementing custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logicMonitor and defend both local (on-premises) and cloud computing systems in support of the Cyber Ops UnitInvestigate network anomalies and respond to cybersecurity incidents in either local (on[1]premises) or cloud computing systems, including all phases of the digital forensics and incident response process (e.g. preparation, scoping, containment, eradication, remediation, recovery, lessons learned, and closeout)

What You Will Need

Bachelor's DegreeMinimum of ONE (1) year experience creating reporting and metrics that demonstrate the health and well-being of a cybersecurity program; knowledge of and experience with reporting and visualization tools and dashboarding capabilities such as Splunk, Tableau, PowerApps, or other measurement and reporting tools is highly desirableExperience creating impactful and visually appealing reports that communicate the point clearlyKnowledge and experience with technical writing for computer network defense subjectsExperience performing all-source threat intelligence analysis to support computer network defense activitiesExperience with computer network defense operations, including intrusion detection, intrusion prevention, and incident response, to include authoring and implementing custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logic; Splunk experience is highly desirableExperience monitoring and defending both local (on-premises) and cloud computing systems, to include Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Cisco networking appliances, F5, Bluecoat, Palo Alto, VMware, CrowdStrike, Tenable, FireEye, Gigamon, and other common enterprise security technology providersExperience investigating network anomalies and responding to cybersecurity incidents in either local (on-premises) or cloud computing systems, including all phases of the digital forensics and incident response process (e.g. preparation, scoping, containment, eradication, remediation, recovery, lessons learned, and closeout)Knowledge of FISMA reporting

What Would Be Nice To Have:

Certifications: GIAC Certified Incident Handler (GCIH), GIAC Security Essentials (GSEC), and/or CompTIA Security+


What We Offer:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

Medical, Rx, Dental & Vision Insurance

Personal and Family Sick Time & Company Paid Holidays

Parental Leave

401(k) Retirement Plan

Group Term Life and Travel Assistance

Voluntary Life and AD&D Insurance

Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts

Transit and Parking Commuter Benefits

Short-Term & Long-Term Disability

Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities

Employee Referral Program

Corporate Sponsored Events & Community Outreach

Care.com annual membership

Employee Assistance Program

Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)

Position may be eligible for a discretionary variable incentive bonus

About Guidehouse
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.


Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.


If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.


Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.

Confirm your E-mail: Send Email