Job Family:

IT Cyber Security

Travel Required:

Up to 10%

Clearance Required:

Ability to Obtain Secret

What You Will Do:

Our Security Information Protection Technical Sr. Analyst is a member of a service team with upwards of four (4) personnel within the Information Security Operations group that are focused on data loss prevention (DLP), data aggregation/sharing monitoring, sensitive information management, cryptographic services, telemetry logging, and secure file transfer services. Effectively supports and executes multiple or more complex IT Security Information Protection projects that may span company-wide initiatives within scope, timeline, and budget. Applies technical knowledge to innovation and performance improvement while demonstrating critical thinking and sound logic when assessing problems and opportunities in generating solutions. Accountable for ensuring the day-to-day operations of Guidehouse Information Protection security systems, maintaining, and protecting Guidehouse and Client data within Azure and AWS to the NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 20000, HIPAA, and HITRUST standards, and managing Guidehouse and client information securely through all means of electronic transfer. Reports directly to the Security Information Protection Manager.

Job Function:

Understands and supports the IT Security Information Protection initiatives that support overall IT Security Operations goals and objectivesDemonstrates effective written and verbal communication skills; delivered in a professional, respectful, and timely mannerProduces high quality work product leveraging existing templates, tools, and methodologies that align to applicable professional standards and best practicesClearly and concisely conveys more complex messages to IT Security Information Protection team; effectively presenting facts and recommendationsDesigns and configures monitoring and alerts using Azure Purview, Defender, CSPM, etc. in accordance with Guidehouse Policies, Standards, and ProceduresAssists with the development of information protection strategies and efforts to address security data loss, minimizing impact on business operationsAssists in conducting risk assessments and security audits to identify vulnerabilities and recommending mitigations to enhance security postureProactively asks questions, validates what is heard, and shares relevant informed point of view in meetings and client discussionsDemonstrates the ability to sense and respond to verbal and non-verbal cues and adapt my messages and approach based on the audienceDemonstrates honest and professional behavior in all interactionsIdentifies risk issues (e.g., technical, client service, engagement, team, internal and external) and escalate them to IT Security supervisors and senior leadersHelps with issue resolution, risk mitigation and contingency planning in alignment with IT Information Protection leader guidance and IT Security risk mitigation plansUses critical thinking, analysis, expertise, and collaboration to develop technical solutions and solve problemsThinks innovatively to proactively identify opportunities for system and process enhancements and make recommendations to IT Security Information Protection leadershipWorks in unstructured or unclear circumstancesMentors and/or trains IT Security Information Protection team and/or IT Security, working with supervisor/leaders to position them for success, serving as a resource to peersPromotes the development of new technical knowledge and skills within IT Security Information Protection teamConducts quality assurance reviews using established or establishing KPIs and self-audit work before showing work to more senior staff and/or clients, learning from mistakesTakes ownership of tasks and the tasks delegated, resolving issues and escalating as appropriatePresents themselves and the company in a manner that always promotes a positive lasting impression of high quality, promptness, and professional serviceDraws from experience to propose solutions to meet needs, focusing the team accordinglyBuilds a high level of trust with stakeholders by meeting and anticipating needs and expectationsDemonstrates an advanced understanding within Azure and AWS and ability to apply technical or specialized knowledge specific to role, industry, business line, and/or functional area within Azure and AWSStays current on Azure and AWS events, trends, and issues in the news relevant to IT SecurityEnsures prescribed IT Security policies, procedures, and standards are followed while identifying opportunities for system and process enhancementsCommunicates with parties within and outside of IT Security; May have responsibility for communicating with parties external to the organization (e.g., customers, vendors, etc.)Works independently on mid to large or complex projects and assignments, with minimal guidance and to influence parties within and outside the job function at an operational level regarding policies, best practices, and proceduresResponsible for developing technical Azure and AWS solutions that may require collaboration with internal expertise and deep analysis of the technical systemProblems and issues faced are difficult and may require understanding of broader set of issues. Problems typically involve consideration of multiple issues, job areas or specialties; Problems are typically solved through drawing from prior Azure and AWS experience and analysis of issues.Manages projects while delegating work to lower-level employeesAbility to participate in cross- department discussions to influence job area processesExhibits practical knowledge of project managementAdvanced understanding and ability to apply standards, principles, theories, and technical concepts obtained through advanced education combined with experience

What You Will Need:

Bachelor’s degree with 4-6 years of experience; OR Master's with 2-5 years of experience; OR 8 Years of experience in lieu of degreeUnited States CitizenshipClearance: Ability to obtain a National Security Clearance or a U.S. Federal Government Public Trust Must be able to work East Coast US business hoursExperience working with Executive LeadershipExperience supporting Microsoft Windows 10/11 operating systemsExperience supporting Microsoft Azure and M365 cloud environmentsWorking knowledge of NIST SP 800-171 and NIST SP 800-53Working knowledge of the MITRE ATT&CK frameworkExperience working with Security Operation Centers, physically or virtuallyExperience executing processes and procedures in compliance with required NIST and IT standardsExperience using a SIEM, such as Splunk or Sentinel to do analysis of security anomalies and eventsExperience creating writing queries with Search Processing Language (SPL) or Kusto Query Language (KQL)Working knowledge of broad web application environment standards, implementation strategies, and best business practicesSignificant experience with the operational employment of data loss protection (DLP) and sensitive information management such as Azure DLP, Microsoft MSIP/AIPExperience working with secure file transfer systems, such as: Kiteworks, IBM Aspera, Globalscape EFT, WinSCP, or other Secure File Transfer toolsExperience working with file share monitoring systems, such as: Varonis, SolarWinds, Atera, Netwrix, ManageEngine, or other file share monitoring toolsExperience in one or more of the following cryptographic capabilities:S/MIME generationCode signing certificatesHSM cryptographic key generationKey encryption keysKey material supersession proceduresNIST SP 800-88 cryptographic erasure proceduresCryptographic Key ManagementAbility to work on many concurrent, and changing prioritiesAction-oriented and able to manage and meet aggressive timelines and deadlines.Must have excellent organizational and time management skills

What Would Be Nice To Have:

Degree in computer-related or cyber fieldOne or more of the following certifications:(ISC)2 Certified Information Security Professional (CISSP)ISACA Certified Information Security Manager (CISM)SANs GIAC certification (e.g., GPEN or GW APT)Offensive-Security Certified Professional (OSCP)EC-Council Certified Ethical Hacker (CEH)CompTIA Security+Microsoft Security (Operations Analyst/Engineer/Administrator) AssociateMicrosoft Information Protection Administrator AssociateExperience working with firewalls/web application firewalls, secure file transfer systems, implementing changes, and monitoring statusExperience working with US Federal Law Enforcement and/or Intelligence CommunitiesExperience with Threat IntelligenceExperience conducting Incident Response and Security InvestigationsWorking knowledge of Active Directory, Exchange, SharePoint, and TeamsDemonstrated ability to learn and document new technologies/solutionsExperience with ServiceNow is a plusExperience working in an ITIL environmentExperience with KiteworksExperience with VaronisPreference will be given to candidates who are located within 50 miles of a Guidehouse office.

The annual salary range for this position is $86,500.00-$129,700.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.

What We Offer:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

Medical, Rx, Dental & Vision Insurance

Personal and Family Sick Time & Company Paid Holidays

Position may be eligible for a discretionary variable incentive bonus

Parental Leave and Adoption Assistance

401(k) Retirement Plan

Basic Life & Supplemental Life

Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts

Short-Term & Long-Term Disability

Student Loan PayDown

Tuition Reimbursement, Personal Development & Learning Opportunities

Skills Development & Certifications

Employee Referral Program

Corporate Sponsored Events & Community Outreach

Emergency Back-Up Childcare Program

Mobility Stipend

About Guidehouse
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.

Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.

If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.