Job Family:
IT Cyber Security
Travel Required:
Up to 10%
Clearance Required:
None
What You Will Do:
Our Security Architecture Technical Lead - Endpoint is a technical leader focused on IT Security solutions research, design, implementation, testing, and documentation for all corporate, virtual, and personal Windows and mobile endpoints. They will work hand in hand with the IT Security Architecture team and the IT Architecture team but are focused on the IT Security equities within the endpoint environment.
Effectively leads and manages complex IT Security Architecture projects that may span company-wide initiatives within scope, timeline, and budget. Applies technical knowledge to innovation and performance improvement while demonstrating critical thinking and sound logic when assessing problems and opportunities in generating solutions.
Contributes to ensuring the current and future over the horizon capabilities of Guidehouse security systems, maintaining, and protecting Guidehouse and Client data to meet the NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 20000, HIPAA, and HITRUST standards. Contributes to keeping Guidehouse abreast of all the best of breed capabilities that continue to make Guidehouse a technology pathfinder within the industry. Reports directly to the Chief Information Security Architect.
Job Function:
- Assists in the organization, development and implementation of IT Security Architecture initiatives that support overall IT Security goals and objectives that may span company-wide initiatives
- Demonstrates clear and effective written and verbal communication skills; delivered in a professional, respectful, and timely manner
- Produces “client-ready” deliverables and helps manage the quality of IT Security Architecture’s work products based on established or establishing KPIs and applicable professional standards and best practices, including appropriate methodologies, tools, and resources
- Structures work product that clearly conveys complex issues; synthesizing various inputs to articulate a clear point of view, as needed
- Identifies critical issues to be communicated and inform all appropriate stakeholders; adapting messages and approach based on the audience
- Configure and maintain security frameworks for all endpoints, ensuring they comply with regulatory requirements and industry standards
- Documents and maintains the Endpoint Security Architecture framework
- Assists in conducting risk assessments and security audits to identify vulnerabilities and recommending mitigations to enhance security posture
- Develop a plan to monitor and automate reconciliation of device misconfigurations and configuration drift
- Assist with the development of multiple security profiles based on specialized device requirements
- Design and implement a strategy for reducing privileges on the endpoint to reduce risk and align with the core principles of a Zero Trust strategy
- Design and implement a strategy for data protection on both corporate and personal devices
- Configure and maintain endpoint threat protection using Microsoft Defender for Endpoint, ASR, and Device Control policies
- Design and implement a strategy for passwordless authentication for the endpoints
- Configures and assists with management of Microsoft Defender XDR, BeyondTrust Privilege Management, and Absolute Secure Endpoint,
- Configures and assists with management of specialized data classifications and data protection mechanisms
- Designs and configures monitoring and alerts using Microsoft Defender XDR in accordance with Guidehouse Policies, Standards, and Procedures
- Assists with the development of incident response strategies and efforts to address security incidents and breaches, minimizing impact on business operations
- Demonstrates active listening skills that contribute to deeper understanding of the team and client
- Engages in complex technical discussions, ask open-ended questions where appropriate, suggest specific actions, and identify next steps
- Demonstrates honest and professional behavior in all interactions
- Helps keep the technical services provided to clients in compliance with regulations, laws, policies and procedures
- Anticipates and proposes solutions for areas of potential risk, resolving and/or escalating issues when appropriate
- Learns to assume and embrace an appropriate level of risk
- Contributes to risk mitigation and contingency planning in alignment with IT Security leadership guidance
- Uses creativity, analytical thinking, and good judgment to develop new technical solutions that solve complex problems
- Identifies and incorporates improvements to systems or processes to enhance performance of IT Security programs/projects
- Adapts to situational demands and model and encourage flexibility and willingness to take on diverse tasks across different areas/functions, working effectively in unstructured or unclear circumstances
- Promotes the development of new technical knowledge and skills within IT Security Architecture team
- Aligns work to support the execution of the strategy
- Stays current on best practices and methodologies relevant to work
- Facilitates discussions with stakeholders to ensure alignment on concepts and approaches, anticipating issues
- Leads by example, presenting themselves and the company in a manner that always promotes a positive lasting impression of high quality, promptness, and professional service
- Understands and properly manages client expectations in line with engagement scope; regularly communicate project status
- Seeks out impactful ways to deliver a positive client/stakeholder experience and add value, acting with the best interest of the client and the firm in mind
- Demonstrates subject matter expertise of endpoint technologies and services, as well as knowledge of best practices in endpoint security
- Ability to participate in cross- functional discussions on projects and processes
- Achieves operational targets with major impact on results
- Facilitates discussions with external clients or stakeholders to ensure alignment on concepts and approaches
- Demonstrates strong knowledge of project management
- Influences others inside and outside of IT Security to justify practices, policies, and procedures
- Introduces and applies fresh ideas and creative solutions to stimulate discussion and thinking in both internal and external situations
- Regularly employs ingenuity and creativity to develop new technical solutions to solve difficult and moderately complex problems
- Relies on extensive experience to independently develop approaches to solutions within IT Security Architecture
- Leads others to solve complex problems; uses sophisticated analytical thought to exercise judgement and identify innovative solutions
- Responsible for making moderate to significant improvements of systems or products to enhance performance of programs/projects
- Identifies and incorporates moderate improvements to systems or processes to enhance project performances within IT Security Architecture
- Contributes to or manages large projects or processes with limited guidance or oversight, delegates work to lower-level employees and reviews others' work products
- Responsible for providing guidance, coaching, and training to other employees across the Company within technical area of expertise. Typically, responsible for leading large, complex project initiatives of strategic importance to the organization, involving large cross-functional teams (without direct reporting relationships)
What You Will Need:
- Bachelor’s Degree, minimum 6-8 years professional experience OR (10 years of professional experience can be substituted for degree).
- Clearance: Ability to obtain a National Security Clearance or a U.S. Federal Government Public Trust.
- Must be able to work East Coast US business hours.
- Experience working with executives.
- Extensive experience with Microsoft Intune and JAMF management solutions, Windows Autopilot, Apple Business Manager, and Entra ID.
- Experience configuring and managing CIS benchmarks, Microsoft Security Baselines, Group Policy, and Device Compliance policies on endpoints.
- Experience in Mobile Device Management.
- Experience in Mobile Application Management, including App Protection, and App Configuration policy Extensive experience with Conditional Access policies.
- Experience securing Citrix and Azure Virtual Desktop infrastructures.
- Experience with Microsoft Defender XDR, Attack Surface Reduction, Device Control, Bitlocker and FileVault encryption, and Microsoft Purview Endpoint DLP.
- Experience with Azure MFA, Windows Hello for Business, FIDO2 and other passwordless technologies.
- Experience with Splunk, Qualys VMDR, and BeyondTrust Privilege Management.
- Advanced expertise with PowerShell and Bash.
- Experience architecting IT General Controls.
- Working knowledge of NIST SP 800-171 and NIST SP 800-53.
- Experience managing multi-geographic cloud resources while implementing controls compliant with NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 20000, HIPAA, HITRUST, or GDRP.
- Experience documenting processes and procedures to comply with required NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 20000, HIPAA, HITRUST, or GDRP.
- Significant demonstrated experience working with cloud first solutions that are implemented globally.
- Working knowledge of Zero Trust environments, implementation strategies, and best business practices related to endpoint security and management
- Ability to work on many concurrent, and changing priorities.
- Action-oriented and able to manage and meet aggressive timelines and deadlines.
- Strong analytical skills, attention to detail, and effective communication abilities are essential.
- Must have excellent organizational and time management skills.
What Would Be Nice To Have:
- Experience working with US Federal Law Enforcement and/or Intelligence Communities.
- Shall possess one OR more of the following certifications OR equivalent:
- Microsoft Certified: Microsoft Security Operations Analyst Associate
- Microsoft 365 Certified: Administrator Expert
- Microsoft Certified: Information Protection and Compliance Administrator Associate
- Microsoft Cybersecurity Architect Expert
- (ISC)2 Certified Information Security Professional (CISSP) – Information Systems Security Architecture Professional (ISSAP)
- CREST Registered Technical Security Architecture (CRTSA)
- EC-Council Certified Network Defense Architect (CNDA)
- GIAC Defensible Security Architecture (GDSA)
- Demonstrated ability to learn and document new technologies/solutions.
- Experience with ServiceNow is a plus.
- Experience working in an ITIL environment.
The annual salary range for this position is $99,500.00-$149,300.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.
What We Offer:
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits include:
Medical, Rx, Dental & Vision Insurance
Personal and Family Sick Time & Company Paid Holidays
Position may be eligible for a discretionary variable incentive bonus
Parental Leave and Adoption Assistance
401(k) Retirement Plan
Basic Life & Supplemental Life
Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
Short-Term & Long-Term Disability
Student Loan PayDown
Tuition Reimbursement, Personal Development & Learning Opportunities
Skills Development & Certifications
Employee Referral Program
Corporate Sponsored Events & Community Outreach
Emergency Back-Up Childcare Program
Mobility Stipend
About Guidehouse
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.
Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.
If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at [email protected]. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.
Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.