Job Description
Locations : Washington | Boston
Who We Are
Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.
To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.
What You'll Do
The IR CTI & VM Director is responsible for leading and driving BCG Federal’s cyber attack detection and response efforts, overseeing growth and maturity of digital forensics, incident response, threat hunting, investigations into information security incidents, purple teaming, and cyber threat intelligence gathering. This role interfaces closely with and influences first-line-of-defense technical product owners, portfolio leaders, security engineers, security solution architects, and red team leaders. This leader shines when the pressure is high, when BCG Federal is targeted by sophisticated threat actors.
The IR CTI & VM Director will drive the evolution of both proactive and reactive detection and investigation capabilities. They will drive strategy and improvements in enterprise information security risk management across the various branches of BCG Federal’s ability to detect and contain cyber-attacks in progress.
YOU'RE GOOD AT
Leading teams through change, ambiguity, and competing priorities
Understanding business, strategy, and security requirements in a federal contracting environment, distinguishing between outputs and outcomes, and delivering data-driven insights to stakeholders
Implementing security standards, overseeing incident response and threat hunts, and enhancing threat actor detection capabilities
Co-leading purple teaming, attack simulations, and cyber threat tabletop exercises with BCG Federal’s Cyber leadership team
Managing the vulnerability program, ensuring timely identification, assessment, and remediation of security risks
Collaborating with IT and security teams to prioritize and mitigate vulnerabilities while maintaining federal compliance
Developing and refining processes for continuous vulnerability scanning, patch management, and risk-based prioritization
Improving incident investigations in partnership with IT, HR, Risk, and Legal teams
Ensuring compliance with federal cybersecurity regulations, including CMMC, NIST 800-171, and DFARS
Analysing technical telemetry and reconstructing ongoing and past cyberattacks
Optimizing security operations by strategically balancing internal expertise with vendor capabilities to enhance detection, incident handling, forensics, threat hunting, and intelligence within a federal compliance framework
What You'll Bring
The desired candidate will have expertise in incident response, cyber threat intelligence, and vulnerability management within a federal contracting environment, with a proven ability to lead teams under pressure and ensure compliance with federal cybersecurity regulations. Key skills for this role include:
Bachelor’s degree (or equivalent)
At least 8 years of experience in information security risk management, with expertise in cloud infrastructure, network security, malware and ransomware, security applications, and technologies
U.S. Citizenship Required
Hands-on experience with Security Operations Centers (SOC), digital forensics tools (e.g., EnCase, FTK, Wireshark), threat intelligence feeds, and Security Information and Event Management (SIEM) tools
Knowledge of federal compliance frameworks, including CMMC, NIST 800-171, FedRAMP, and DFARS 252.204-7012
Proven ability to influence senior IT leaders and key stakeholders with strong executive presence
Experience developing clear, scalable incident response documentation
Expertise in managing enterprise vulnerability programs, including risk prioritization and remediation strategies
Ability to translate complex technical concepts for both technical and non-technical audiences to support informed risk decisions
Demonstrates leadership and composure in high-pressure situations
Must be able to obtain and maintain a U.S. government security clearance, as required for the role
Who You'll Work With
You will work in a fast-paced, intellectually intense, service-oriented environment to protect our applications and information systems within BCG Federal. You will interact daily with highly skilled engineers, architects, product experts, and security professionals, collaborating to create strategic cybersecurity advantages for U.S. government contracts. You will be an integral part of the BCG Federal Information Security Risk Management team, ensuring compliance and enhancing the security program for U.S. government engagements.
Additional info
At BCG, our people and relationships are at the heart of everything we do. We believe that in-person work is essential to our culture, mentorship, and professional development. That's why we operate on a hybrid model, with the expectation that team members will be in the office 3 to 5 days per week. This role is designed for those who thrive in a dynamic, collaborative environment and is not intended for remote or virtual work.
Compensation Information:
Total compensation for this role includes base salary, annual discretionary performance bonus, contributions to BCG’s Profit Sharing and Retirement Fund (PSRF), and a market leading benefits package described below.
In Washington, D.C. the base salary is between $154,000- $179,500 (USD); placement within this range will vary based on experience and skill level
In other locations, competitive pay is commensurate with the role and geography
Annual discretionary performance bonus between 0-30%
5% Profit Sharing Retirement Fund (PSRF) contribution, increasing to 10% after two years of service. Contributions are vested immediately and there is no waiting period
At BCG, we are committed to offering a comprehensive benefit program that includes everything our employees and their families need to be well and live life to the fullest. We pay the full cost of medical, dental, and vision coverage for employees – and their eligible family members.* That’s zero dollars in premiums taken from employee paychecks.
Zero dollar ($0) health insurance premiums for BCG employees, spouses, and children
Low $10 (USD) copays for trips to the doctor, urgent care visits and prescriptions for generic drugs
Dental coverage, including up to $5,000 in orthodontia benefits
Vision insurance with coverage for both glasses and contact lenses annually
Reimbursement for gym memberships and other fitness activities
Fully vested Profit Sharing Retirement Fund contributions made annually, whether you contribute or not, plus the option for employees to make personal contributions to a 401(k) plan
Paid Parental Leave and other family benefits such as elective egg freezing, surrogacy, and adoption reimbursement
Generous paid time off including 12 holidays per year, an annual office closure between Christmas and New Years, and 15 vacation days per year (earned at 1.25 days per month)
Paid sick time on an as needed basis
*Employees, spouses, and children are covered at no cost. Employees share in the cost of domestic partner coverage.
Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.
BCG is an E - Verify Employer. Click here for more information on E-Verify.
#J-18808-Ljbffr The Boston Consulting Group GmbH
Job Tags
Holiday work, Local area, Immediate start, 3 days per week,