Incident Response Security Director

Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

The IR CTI & VM Director is responsible for leading and driving BCG Federal’s cyber attack detection and response efforts, overseeing growth and maturity of digital forensics, incident response, threat hunting, investigations into information security incidents, purple teaming, and cyber threat intelligence gathering. This role interfaces closely with and influences first-line-of-defense technical product owners, portfolio leaders, security engineers, security solution architects, and red team leaders. This leader shines when the pressure is high, when BCG Federal is targeted by sophisticated threat actors.

The IR CTI & VM Director will drive the evolution of both proactive and reactive detection and investigation capabilities. They will drive strategy and improvements in enterprise information security risk management across the various branches of BCG Federal’s ability to detect and contain cyber-attacks in progress.

YOU'RE GOOD AT

• Leading teams through change, ambiguity, and competing priorities
• Understanding business, strategy, and security requirements in a federal contracting environment, distinguishing between outputs and outcomes, and delivering data-driven insights to stakeholders
• Implementing security standards, overseeing incident response and threat hunts, and enhancing threat actor detection capabilities
• Co-leading purple teaming, attack simulations, and cyber threat tabletop exercises with BCG Federal’s Cyber leadership team
• Managing the vulnerability program, ensuring timely identification, assessment, and remediation of security risks
• Collaborating with IT and security teams to prioritize and mitigate vulnerabilities while maintaining federal compliance
• Developing and refining processes for continuous vulnerability scanning, patch management, and risk-based prioritization
• Improving incident investigations in partnership with IT, HR, Risk, and Legal teams
• Ensuring compliance with federal cybersecurity regulations, including CMMC, NIST 800-171, and DFARS
• Analysing technical telemetry and reconstructing ongoing and past cyberattacks
• Optimizing security operations by strategically balancing internal expertise with vendor capabilities to enhance detection, incident handling, forensics, threat hunting, and intelligence within a federal compliance framework
  
  

What You'll Bring

Skills

The desired candidate will have expertise in incident response, cyber threat intelligence, and vulnerability management within a federal contracting environment, with a proven ability to lead teams under pressure and ensure compliance with federal cybersecurity regulations. Key skills for this role include:

• Bachelor’s degree (or equivalent)
• At least 8 years of experience in information security risk management, with expertise in cloud infrastructure, network security, malware and ransomware, security applications, and technologies
• Hands-on experience with Security Operations Centers (SOC), digital forensics tools (e.g., EnCase, FTK, Wireshark), threat intelligence feeds, and Security Information and Event Management (SIEM) tools
• Knowledge of federal compliance frameworks, including CMMC, NIST 800-171, FedRAMP, and DFARS 252.204-7012
• Proven ability to influence senior IT leaders and key stakeholders with strong executive presence
• Experience developing clear, scalable incident response documentation
• Expertise in managing enterprise vulnerability programs, including risk prioritization and remediation strategies
• Ability to translate complex technical concepts for both technical and non-technical audiences to support informed risk decisions
• Demonstrates leadership and composure in high-pressure situations
• Must be able to obtain and maintain a U.S. government security clearance, as required for the role
  
  

Who You'll Work With

You will work in a fast-paced, intellectually intense, service-oriented environment to protect our applications and information systems within BCG Federal. You will interact daily with highly skilled engineers, architects, product experts, and security professionals, collaborating to create strategic cybersecurity advantages for U.S. government contracts. You will be an integral part of the BCG Federal Information Security Risk Management team, ensuring compliance and enhancing the security program for U.S. government engagements.

Additional info

Format

At BCG, our people and relationships are at the heart of everything we do. We believe that in-person work is essential to our culture, mentorship, and professional development. That's why we operate on a hybrid model, with the expectation that team members will be in the office 3 to 5 days per week. This role is designed for those who thrive in a dynamic, collaborative environment and is not intended for remote or virtual work.

Compensation Information

Total compensation for this role includes base salary, annual discretionary performance bonus, contributions to BCG’s Profit Sharing and Retirement Fund (PSRF), and a market leading benefits package described below.

• Competitive pay is commensurate with the role and geography
• Annual discretionary performance bonus between 0-20%
• 5% Profit Sharing Retirement Fund (PSRF) contribution, increasing to 10% after two years of service. Contributions are vested immediately and there is no waiting period
  
  

At BCG, we are committed to offering a comprehensive benefit program that includes everything our employees and their families need to be well and live life to the fullest. We pay the full cost of medical, dental, and vision coverage for employees – and their eligible family members.* That’s zero dollars in premiums taken from employee paychecks.

All Of Our Plans Provide Best In Class Coverage

• Zero dollar ($0) health insurance premiums for BCG employees, spouses, and children
• Low $10 (USD) copays for trips to the doctor, urgent care visits and prescriptions for generic drugs
• Dental coverage, including up to $5,000 in orthodontia benefits
• Vision insurance with coverage for both glasses and contact lenses annually
• Reimbursement for gym memberships and other fitness activities
• Fully vested Profit Sharing Retirement Fund contributions made annually, whether you contribute or not, plus the option for employees to make personal contributions to a 401(k) plan
• Paid Parental Leave and other family benefits such as elective egg freezing, surrogacy, and adoption reimbursement
• Generous paid time off including 12 holidays per year, an annual office closure between Christmas and New Years, and 15 vacation days per year (earned at 1.25 days per month)
• Paid sick time on an as needed basis
• Employees, spouses, and children are covered at no cost. Employees share in the cost of domestic partner coverage.
  
  

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.

BCG is an E - Verify Employer. Click here for more information on E-Verify.