Key Role:

Support a client-facing incident response process, incident response playbooks, and Cyber tabletop exercises. Communicate with client and Booz Allen leadership while providing leadership and mentoring for employees and contributing to the development of innovative principles and ideas. Lead significant or high-profile incidents, including validating and escalating incidents and coordinating response activities across client business groups. Employ rapid, independent decision making in stressful or fluid situations, including those that impact critical business systems. Provide strategic guidance on and tracking of tool, visibility, or capabilities gaps affecting information security posture. Serve as a liaison between the Security Operations Center and impacted business and technical teams during an incident and coordinate and direct efforts among security. Apply expertise in business needs and commitment to delivering high-quality, prompt, and efficient service to business and clients, weigh the relative costs and benefits of potential actions, and identify the most appropriate one. This position will require travel of up to 80% of the time.

Basic Qualifications:

-10+ years of experience in leading project delivery teams with private and public sector clients as a technical consultant or subject matter expert

-5+ years of experience with Cybersecurity consulting

-5+ years of experience with incident response and security operations

-Experience with triage analysis, forensics, threat hunting, and Cyber threat intelligence

-Ability to lead fast-paced delivery in challenging commercial environments and work with senior leaders to foster positive client relationships

-Ability to identify new business opportunities with existing clients and develop new intellectual capital

-Ability to build relationships with technology vendors and develop mutually beneficial partnerships

-Ability to travel up to 80% of the time

-BA or BS degree or 6+ years of experience with cyber investigations and digital forensics

Additional Qualifications:

-7+ years of experience with leading significant or high-profile incidents, including validating and escalating incidents and coordinating response activities across multiple entities

-Experience with testing and updating incident response plans and processes to address existing and emerging threats

-Experience with large-scale and complex incidents of all types, including APT, DDOS, Web and mobile applications, or data exfiltration

-Experience with providing strategic guidance on and tracking of tool, visibility, or capability gaps affecting information security posture

-Experience with forensic analysis and Big Data concepts

-Experience with key Cybersecurity operations related tools, including SIEM and TIP

-Ability to conduct rapid, independent decision making in stressful or fluid situations, including those that impact critical life, safety, and business systems

-Ability to provide clients with timely reports and updates

-Possession of excellent oral and written communication skills, including with multiple stakeholders, being a liaison between the Security Operations Center and business, and technical teams during an incident

-GCIH, GCIA, GCFA, or GCFE Certification

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.