IT Security Engineer – Lead

IT Security Engineer – Lead

Requirements

• Bachelor’s degree with 6 years of experience; OR 10+ Years of experience in lieu of degree
• United States Citizenship
• Must be able to work East Coast US business hours
• Experience supporting Microsoft Windows operating systems
• Experience supporting Microsoft Azure and M365 cloud environments
• Knowledge of the MITRE ATT&CK framework
• Experience working with Security Operation Centers, physically or virtually
• Experience executing processes and procedures in compliance with required NIST and IT standards
• Experience using a SIEM, such as Splunk or Sentinel, to do analysis of security anomalies and events
• Experience creating writing queries with Search Processing Language (SPL) or Kusto Query Language (KQL)
• Ability to work on many concurrent, and changing priorities
• Action-oriented and able to manage and meet aggressive timelines and deadlines
• Must have excellent organizational and time management skills

Responsibilities

• Enhancing SIEM and tool monitoring, tuning, detection, and alerting across multiple domains
• Mentoring and working with SOC analysts to increase knowledge and skill with detection techniques and other SecOps technologies
• Participating on IT Security projects to enhance IT Security capabilities
• Applying technical knowledge and experience to drive innovation and performance improvement
• Identifying risk issues and escalating them to IT Security supervisors and senior leaders
• Helping with issue resolution, risk mitigation and contingency planning in alignment with IT Security risk mitigation plans
• Using critical thinking, analysis, expertise, and collaboration to develop technical solutions and solve problems
• Working independently on mid to large or complex projects and assignments, with minimal guidance

Preferred Qualifications

• Experience with AWS and/or Azure cloud services
• Degree in computer-related or cyber field
• Working knowledge of NIST SP 800-171, NIST 800-61, and NIST SP 800-53
• Experience in one or more of application security, security architecture, security code reviews, security/pentesting, cloud security, cyber threat intelligence, incident response, or security infrastructure
• Experience interpreting vulnerability scan data and CVEs, assessing and responding to vulnerabilities, including a foundational understanding of risk management
• Assists in conducting risk assessments and security audits to identify vulnerabilities and recommending mitigations to enhance security posture
• Demonstrated knowledge of adversary TTPs (Tactics, Techniques and Procedures)
• Experience working with Executive Leadership
• Active US government security clearance (DoE, DoD, etc.)
• One or more of the following certifications: (ISC)2 Certified Information Security Professional (CISSP), SANs GIAC certification (e.g., GCIH, GCFA, etc.), Offensive-Security Certified Professional (OSCP), EC-Council Certified Ethical Hacker (CEH), CompTIA Security+, AWS and/or Azure Cloud, Microsoft Security (Operations Analyst/Engineer/Administrator) Associate
• Experience working with firewalls/web application firewalls, implementing changes, and monitoring status
• Experience conducting Incident Response and Security Investigations
• Working knowledge of Active Directory, Exchange, SharePoint, and Teams
• Demonstrated ability to learn and document new technologies/solutions
• Experience with ServiceNow is a plus
• Experience working in an ITIL environment
• Preference will be given to candidates who are located within 50 miles of a Guidehouse office.