Guidehouse Incident Response, Senior Consultant in Helena, Montana
Guidehouse is a leading management consulting firm serving the public and commercial markets. We help our clients solve complex challenges and guide them to a future that builds trust in society. Put your expertise to work. Join us at Guidehouse.
Our Cybersecurity consultants are a team of business integrators with extensive consulting and industry experience who help our clients solve their complex business issues from strategy through execution. A Cybersecurity Consultant will provide the opportunity to grow and contribute to our clients' business issues every day, applying a collection of security spectrum capabilities including cyber strategy and governance, IT risk, security technologies, cybercrime and breach response.
The ideal candidate will be highly technical and should possess an advanced understanding across a broad range of security technologies and will take a proactive approach to cyber incidents. The candidate should have several years of experience working with each phase of the Incident Response Life Cycle in NIST and ISO standards and should have hands-on experience in creating and executing cyber hunting missions. The candidate must be a world-class problem-solver with the ability to handle challenges under pressure. The ideal candidate will have experience and proven track record of finding and responding to cyber threats and incidents. As a key member of the Cyber Security Solutions Incident Response offering team, flexibility, and broad knowledge of security processes, along with strong communication and collaboration skills will result in a successful candidate. A successful candidate would possess direct hands-on expertise in the following areas of information security: knowledge of information security solutions including data loss prevention; intrusion detection and prevention; network security monitoring; and vulnerability management in global environments.
Responsibilities include assessing private sector client and public sector agency IT environments for incident response readiness and post incident responsiveness including forensic investigation and the recommendation of best practices to reduce the impact of current cyber incidents and reduce the likelihood of occurrence of future cyber incidents. Tasks may include the following activities depending on the specific client engagement.
Must be a US Citizen able to obtain a Secret Clearance
Bachelors degree in Computer Science, Cyber Security or related field
4-6+ years’ experience in cyber security risk management, cyber security operations, and incident response.
Excellent analytical and written and verbal communication skills
At least one of the industry certifications: CISSP, CEH, GCFA, GCFE, EnCE, or GCIH
Experienced with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open source forensic tools
Follows proper evidence handling procedures and chain of custody protocols and produces written reports documenting digital forensic findings;
Determines programs that have been executed, finds files that have been changed on disk and in memory and uses timestamps and logs (host and network) to develop authoritative timelines of activity;
Finds evidence of deleted files and hidden data and identifies and documents case relevant file-system artifacts (browser histories, account usage and USB histories, etc.);
Creates forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis;
Performs all-source research for similar or related network events or incidents;
Possesses skills in identifying different classes of attacks and attack stages and is knowledgeable of system and application security threats and vulnerabilities; and
Knowledgeable in proactive analysis of systems and networks, to include creating trust levels of critical resources.
Monitor and analyze Intrusion Detection Systems (IDS) logs to identify security issues for remediation.
Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
Communicate alerts to clients regarding intrusions and compromises to their network infrastructure, applications, and operating systems.
Recommend counter-measures and mitigating controls. Must be able to review multiple data sources to gather Indications and Warnings and Attack Sensing and Warnings information.
Perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
Prepare incident reports of analysis methodology and results.
Maintain current knowledge of relevant cyber security technologies.
Must have a good understanding of networks at a packet level. Must be able to analyze packet captures at the expert level.
Must have experience using computer network defense (CND) tools to detect network and endpoint attacks; these tools are:
Enhanced Detection and Response (Carbon Black, Crowdstrike).
Intrusion detection and prevention systems (Snort, Security Onion).
Web Content monitoring systems (WebSense; Bluecoat).
Secret Clearance preferred
Minimum degree required: Bachelor's
US Citizenship required
Ability to obtain up to a Secret clearance
The successful candidate must not be subject to employment restrictions from a former employer (such as a non-compete) that would prevent the candidate from performing the job responsibilities as described.
This position is open to candidates virtually from Montana, New Mexico, Utah, Wyoming, Arizona or Eastern, Pacific, and Central time zones.
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.
Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.
If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.
Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.
Rewards and Benefits
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Medical, Rx, Dental & Vision Insurance
Personal and Family Sick Time & Company Paid Holidays
Parental Leave and Adoption Assistance
401(k) Retirement Plan
Basic Life & Supplemental Life
Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
Short-Term & Long-Term Disability
Tuition Reimbursement, Personal Development & Learning Opportunities
Skills Development & Certifications
Employee Referral Program
Corporate Sponsored Events & Community Outreach
Emergency Back-Up Childcare Program
Position may be eligible for a discretionary variable incentive