Security Information Protection, Senior Associate

at Guidehouse in Topeka, Kansas, United States

Job Description


Guidehouse is a leading global provider of consulting services to the public sector and commercial markets, with broad capabilities in management, technology, and risk consulting. By combining our public and private sector expertise, we help clients address their most complex challenges and navigate significant regulatory pressures focusing on transformational change, business resiliency, and technology-driven innovation. Across a range of advisory, consulting, outsourcing, and digital services, we create scalable, innovative solutions that help our clients outwit complexity and position them for future growth and success. The company has more than 12,000 professionals in over 50 locations globally. Guidehouse is a Veritas Capital portfolio company, led by seasoned professionals with proven and diverse expertise in traditional and emerging technologies, markets, and agenda-setting issues driving national and global economies. For more information, please visit


Our Security Information Protection Sr. Associate is a member of a service team with upwards of two (2) personnel within the Information Security Operations group that are focused on data loss prevention (DLP), data aggregation/sharing monitoring, sensitive information management, cryptographic services, and secure file transfer services. Effectively supports and executes multiple or more complex IT Security Information Protection projects that may span company-wide initiatives within scope, timeline, and budget. Applies technical knowledge to innovation and performance improvement while demonstrating critical thinking and sound logic when assessing problems and opportunities in generating solutions. Accountable for ensuring the day-to-day operations of Guidehouse Information Protection security systems, maintaining, and protecting Guidehouse and Client data to the NIST SP 800-171 standards, and managing Guidehouse and client information securely through all means of electronic transfer. Reports directly to the Security Information Protection Manager. Job Description/Responsibilities:

+ Can articulate core services of corporate functional areas as well as core services offered by Guidehouse (at a high level) and demonstrates an interest in participating in company-wide initiatives.

+ Understands and supports the IT Security Information Protection initiatives that support overall IT Security Operations goals and objectives

+ Takes responsibility for own actions and works accordingly to get the job done with minimal supervision

+ Understands hot topics related to designated industries/service lines and, broadly, how they impact our clients

+ Establishes and maintains effective working relationships with management and staff Settles differences with others in a way that preserves ongoing work relationships

+ Demonstrates focus on quality and reviews work product of self and others

+ Recognizes issues and escalates to the appropriate parties; Recognizes and resolves issues as they arise, with guidance

+ Anticipates and addresses customer needs and expectations and provides excellent customer service

+ Interprets established policies, procedures, and processes to effectively impact business operations

+ Organizes and executes job responsibilities for self and others so as to maintain a well-organized, timely and high-quality work product

+ Sets priorities and organizes tasks

+ Communicates with team about project status, as directed

+ Manages pieces of a project, and assists with project implementation

+ Assists/guides junior team members in executing assigned tasks

+ Performs the services provided to practices without supervision through sound, well-structured deliverables

+ Openly shares techniques, methodologies, and approaches to help others be more successful

+ Participates in the performance management process and meets key milestones for self (goal setting, self-assessment)

+ Meets regularly with supervisor and direct reports (if applicable) to discuss progress towards goals and career development

+ Maintains a learning plan that includes classroom and online learning as well as achieving/maintaining relevant certifications; completes all required training

+ Actively seeks to learn, collaborate with, and observe more experienced practitioners on areas of mutual interest

+ Understands the company’s market, market trends, target client base and primary competitors

+ Participates in recruiting activities and the integration of new hires

+ Monitors and grows internal and external professional network; attends networking events

+ Understands organizational goals and suggests opportunities to help meet or exceed them

+ Shares credit for team’s success

+ Holds oneself to a high standard of professional behavior; operates with integrity and respect for colleagues (all levels)

+ Able to apply both logical and creative thinking in approach to problem solving Communicates confidently and with effective writing, presentation, and facilitation skills among different audiences that conveys more complex messages to own team and clients

+ Manages independent external and internal assessments to ensure full compliance within the scope of regulatory and contractual requirements

+ Produces work and deliverables that require minimal re-work or editing



+ United States Citizenship

+ Clearance: Ability to obtain a National Security Clearance or a U.S. Federal Government Public Trust

+ Bachelor’s in computer-related or cyber field with 5-8 years of experience; OR Master’s with 2-5 years of experience

+ Shall possess one or more of the following certifications:

+ (ISC)2 Certified Information Security Professional (CISSP)

+ ISACA Certified Information Security Manager (CISM)

+ SANs GIAC certification (e.g., GPEN or GW APT)

+ Offensive-Security Certified Professional (OSCP)

+ EC-Council Certified Ethical Hacker (CEH)

+ Microsoft Security (Operations Analyst/Engineer/Administrator) Associate

+ Microsoft Information Protection Administrator Associate

+ Must be able to work East Coast US business hours

+ Experience working with Executive Leadership

+ Experience supporting Microsoft Windows 10 operating system

+ Experience supporting Microsoft Azure and O365 cloud environments

+ Working knowledge of NIST SP 800-171 and NIST SP 800-53

+ Working knowledge of the MITRE ATT&CK framework

+ Experience working with Security Operation Centers, physically or virtually

+ Experience executing processes and procedures in compliance with required NIST and IT standards

+ Experience using a SIEM, such as Splunk or Sentinel to do analysis of security anomalies and events

+ Experience creating writing queries with Search Processing Language (SPL) or Kusto Query Language (KQL)

+ Working knowledge of broad web application environment standards, implementation strategies, and best business practices

+ Significant experience with the operational employment of data loss protection (DLP) and sensitive information management such as Azure DLP, Microsoft MSIP/AIP

+ Experience working with secure file transfer systems, such as: Kiteworks, IBM Aspera, Globalscape EFT, WinSCP, or other Secure File Transfer tools

+ Experience working with file share monitoring systems, such as: Varonis, SolarWinds, Atera, Netwrix, ManageEngine, or other file share monitoring tools

+ Experience in one or more of the following cryptographic capabilities:

+ S/MIME generation

+ Code signing certificates

+ HSM cryptographic key generation

+ Key encryption keys

+ Key material supersession procedures

+ NIST SP 800-88 cryptographic erasure procedures

+ Cryptographic Key Manag

To view full details and how to apply, please login or create a Job Seeker account
How to Apply Copy Link

Job Posting: JC211866704

Posted On: Apr 28, 2022

Updated On: Aug 17, 2022