Cyber Incident Detection and Response Analyst - ManTech
Herndon, VA
About the Job
Description & Requirements
Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.
We are seeking a highly skilled and motivated Cyber Incident Detection and Response Analyst to join our Network Operations Security Center (NOSC). You will report to the Lead Cyber Security Incident Response Analyst and be responsible for identifying, analyzing, and responding to cybersecurity threats and incidents to protect DHS infrastructure and data. This role requires expertise in threat detection, incident response, and cybersecurity best practices.
Responsibilities:
+ Provide 24/7 support for incident data flow and response, content, and remediation, and interfaces with other incident response centers in maintaining an understanding of threats, vulnerabilities, and exploits that could impact networks and assets.
+ Monitor network traffic and system logs for signs of cyber threats and suspicious activity.
+ Perform the role of Incident Coordinator for IT Security events requiring focused response, containment, investigation, and remediation.
+ Perform real-time proactive event investigation on various security enforcement systems, such as SIEM, Anti-virus, Internet content filtering/reporting, malcode prevention, Firewalls, IDS & IPS, Web security, antispam, etc.
+ Assist with forensic analysis on hosts supporting investigations.
+ Conduct malware analysis in out of-band environment (static and dynamic), including complex malware.
+ Analyze operational anomalies, network behavior and perform mitigation actions derived from cyber threat monitoring and anomaly analysis, and actively monitor the networks for cybersecurity threats and vulnerabilities.
+ Perform quality assurance on Incident Closures.
+ Assist with Knowledge Management - Standard Operating Procedures and procedural support data.
+ Develop and implement detection use cases and signatures to enhance threat identification capabilities.
+ Respond promptly to security incidents, conducting thorough investigations and mitigating threats.
+ Stay current with emerging threats and vulnerabilities, updating detection and response strategies accordingly.
+ Produce comprehensive incident reports, including root cause analysis and recommendations for future prevention.
+ Work closely with other cybersecurity teams, including threat intelligence, vulnerability management, and risk assessment.
+ Communicate findings and provide actionable recommendations to management and other relevant parties.
+ Participate in cybersecurity exercises and incident response training to maintain a high state of readiness.
+ Continuously assess and improve incident detection and response processes.
+ Provide training and guidance to junior analysts and other team members, support and report to the Cyber Security Incident Response Lead.
Basic Qualifications:
+ An 8570 compliant certification
+ One of the following relevant certifications: Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH)
+ A bachelor’s degree in computer science, information technology, cybersecurity, or a related field of study (or equivalent experience).
+ A minimum of (7) seven years of experience in cybersecurity, with a focus on incident detection and response.
+ Proficiency with SIEM tools (e.g., Splunk, ArcSight).
+ Experience with intrusion detection/prevention systems (IDS/IPS), endpoint detection and response (EDR) tools, and firewalls.
+ Strong understanding of network protocols, operating systems, and security architectures.
+ Familiarity with digital forensics tools and techniques.
Preferred Qualifications:
+ Experience working in a government or defense environment.
+ Familiarity with DHS policies and procedures.
+ Knowledge of broader cybersecurity frameworks (e.g., NIST, ISO 27001).
Clearance Requirements:
+ A Secret security clearance
+ Must be able to pass DHS Suitability
+ Must be able to obtain and maintain a TS/SCI clearance.
Physical Requirements:
+ Must be able to remain in a stationary position for extended periods of time.
+ Needs to occasionally move about inside the office to access file cabinets, office machinery, etc.
+ Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer.
+ The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.
For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.
ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.
If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access https://mantech.avature.net/en_US/careers as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.
Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.
We are seeking a highly skilled and motivated Cyber Incident Detection and Response Analyst to join our Network Operations Security Center (NOSC). You will report to the Lead Cyber Security Incident Response Analyst and be responsible for identifying, analyzing, and responding to cybersecurity threats and incidents to protect DHS infrastructure and data. This role requires expertise in threat detection, incident response, and cybersecurity best practices.
Responsibilities:
+ Provide 24/7 support for incident data flow and response, content, and remediation, and interfaces with other incident response centers in maintaining an understanding of threats, vulnerabilities, and exploits that could impact networks and assets.
+ Monitor network traffic and system logs for signs of cyber threats and suspicious activity.
+ Perform the role of Incident Coordinator for IT Security events requiring focused response, containment, investigation, and remediation.
+ Perform real-time proactive event investigation on various security enforcement systems, such as SIEM, Anti-virus, Internet content filtering/reporting, malcode prevention, Firewalls, IDS & IPS, Web security, antispam, etc.
+ Assist with forensic analysis on hosts supporting investigations.
+ Conduct malware analysis in out of-band environment (static and dynamic), including complex malware.
+ Analyze operational anomalies, network behavior and perform mitigation actions derived from cyber threat monitoring and anomaly analysis, and actively monitor the networks for cybersecurity threats and vulnerabilities.
+ Perform quality assurance on Incident Closures.
+ Assist with Knowledge Management - Standard Operating Procedures and procedural support data.
+ Develop and implement detection use cases and signatures to enhance threat identification capabilities.
+ Respond promptly to security incidents, conducting thorough investigations and mitigating threats.
+ Stay current with emerging threats and vulnerabilities, updating detection and response strategies accordingly.
+ Produce comprehensive incident reports, including root cause analysis and recommendations for future prevention.
+ Work closely with other cybersecurity teams, including threat intelligence, vulnerability management, and risk assessment.
+ Communicate findings and provide actionable recommendations to management and other relevant parties.
+ Participate in cybersecurity exercises and incident response training to maintain a high state of readiness.
+ Continuously assess and improve incident detection and response processes.
+ Provide training and guidance to junior analysts and other team members, support and report to the Cyber Security Incident Response Lead.
Basic Qualifications:
+ An 8570 compliant certification
+ One of the following relevant certifications: Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH)
+ A bachelor’s degree in computer science, information technology, cybersecurity, or a related field of study (or equivalent experience).
+ A minimum of (7) seven years of experience in cybersecurity, with a focus on incident detection and response.
+ Proficiency with SIEM tools (e.g., Splunk, ArcSight).
+ Experience with intrusion detection/prevention systems (IDS/IPS), endpoint detection and response (EDR) tools, and firewalls.
+ Strong understanding of network protocols, operating systems, and security architectures.
+ Familiarity with digital forensics tools and techniques.
Preferred Qualifications:
+ Experience working in a government or defense environment.
+ Familiarity with DHS policies and procedures.
+ Knowledge of broader cybersecurity frameworks (e.g., NIST, ISO 27001).
Clearance Requirements:
+ A Secret security clearance
+ Must be able to pass DHS Suitability
+ Must be able to obtain and maintain a TS/SCI clearance.
Physical Requirements:
+ Must be able to remain in a stationary position for extended periods of time.
+ Needs to occasionally move about inside the office to access file cabinets, office machinery, etc.
+ Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer.
+ The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.
For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.
ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.
If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access https://mantech.avature.net/en_US/careers as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.
Source : ManTech