IT Security Engineer - Lead

OurSecurity Engineer Lead plays a pivotal role within the Information Security Operations group that is dedicated to supporting Security Operations and Incident Management/Response processes SIEM engineering Threat Hunting Automation Cyber Architecture and Threat Intelligence.

• This position is responsible for enhancing SIEM and tool monitoring tuning detection and alerting across multiple domains to support cyber incident response capabilities and tooling with the goal of identifying analyzing and mitigating security threats across the Guidehouse environment to protecting Guidehouse and Client data within systems networks and cloud environments.

• You will be mentoring and working with SOC analysts to increase knowledge and skill with detection techniques and other SecOps technologies. You may also participate on IT Security projects to enhance IT Security capabilities improve monitoring coverage drive detection and threat hunting efforts leading to an overall improvement of enterprise cybersecurity posture.

• The successful candidate applies technical knowledge and experience to drive innovation and performance improvement while demonstrating critical thinking problem solving and sound logic when assessing problems and opportunities in generating solutions. This position reports to the IT Security Information Protection Associate Director.

Job Function:

• Solid understanding of platform network application and cloud security fundamentals threats attack techniques and mitigations

• Knowledge of cybersecurity concepts and network/web protocols

• Designs and configures monitoring and alerts using SIEM (Splunk) Azure Purview Defender CSPM etc.

• Experience with one or more of SIEMs SOAR technologies building/maintaining IR tools and processes programming/scripting threat hunting log ingestion and SIEM detection engineering/tuning.

• Demonstrates effective written and verbal communication skills; clearly and concisely conveying complex messages to IT Security Operations team and leadership; effectively presenting facts and recommendations

• Produces high quality work product leveraging templates tools and methodologies that align to applicable professional standards and best practices

• Assists with issue resolution risk mitigation and contingency planning in alignment with IT Security risk mitigation plans building a high level of trust with stakeholders and peers

• Uses critical thinking analysis expertise and collaboration to develop technical solutions and solve problems

• Mentor train and guide IT Security technical staff across the organization fostering a culture of technical excellence continuous learning and security-first principles.

• Promotes the development of new technical knowledge and skills within IT Security Operations team

• Takes ownership of tasks resolving issues prioritizing in a fast-paced environment escalating as appropriate

• Stays current on cybersecurity events trends and issues in the news relevant to IT Security

• Can map issues to prescribed IT Security policies procedures and standards apply to situations determine if they are followed and identify deviations.

• Bachelors degree plus 6 years of experience; OR 10 Years of experience in lieu of degree

• United States Citizenship

• Must be able to work East Coast US business hours

• Experience supporting Microsoft Windows operating systems

• Familiar with Microsoft Azure M365 and AWS cloud environments

• Knowledge of the MITRE ATT&CK framework

• Experience working with Security Operation Centers physically or virtually

• Experience executing processes and procedures in compliance with required NIST regulatory and IT standards

• Experience using a SIEM such as Splunk to do analysis of security anomalies and events developing queries with Search Processing Language (SPL) or Kusto Query Language (KQL)

• Action-oriented and able to manage and meet aggressive timelines and deadlines.

• Must have excellent organizational and time management skills

• Degree in computer-related or cyber field

• Working knowledge of NIST SP 800-171 NIST 800-61 and NIST SP 800-53

• Experience in one or more of application security security architecture security code reviews security/pen-testing cloud security cyber threat intelligence incident response or security infrastructure

• Experience interpreting vulnerability scan data and CVEs assessing and responding to vulnerabilities including a foundational understanding of risk management

• Demonstrated knowledge of adversary TTPs (Tactics Techniques and Procedures)

• Experience working with Executive Leadership

• Active US government security clearance (DoE DoD etc.).

• One or more of the following certifications

• (ISC)2 Certified Information Security Professional (CISSP) SANs GIAC certification (e.g. GCIH GCFA etc.) Offensive-Security Certified Professional (OSCP) EC-Council Certified Ethical Hacker (CEH) CompTIA Security AWS and/or Azure Cloud

• Experience working with firewalls/web application firewalls implementing changes and monitoring status

• Experience conducting Incident Response and Security Investigations

• Working knowledge of Active Directory Exchange SharePoint and Teams

• Preference will be given to candidates who are located within 50 miles of a Guidehouse office.