Mantech

Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first.  At ManTech International Corporation, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.

The SOC Investigative Analyst plays a crucial role in the rapid response, investigation, and remediation of advanced cyber-attacks. This position requires deep analysis and remediation skills, often handling escalations from the Triage Team. The Investigative Analyst is responsible for investigating events and known attacker campaigns, performing root-cause analysis, and providing comprehensive investigation, response, remediation, forensics, and proactive hunting. The role also involves maintaining technologies that support SecOps, developing and implementing enterprise SecOps solutions, and enforcing cybersecurity policies and SOPs. Candidates should have a strong background in cybersecurity, with experience in SecOps activities, threat detection and response, as well as excellent analytical and technical reporting skills. This role may include the need to work outside of core hours on high priority investigations and may also include on-call responsibilities.

Responsibilities include, but are not limited to:

• Perform root-cause-analysis to reconcile technical details obtained from various sources (Windows, Linux, Cloud-native resources)
• Provide deep investigation, response, remediation, light forensics, proactive hunting and technical reporting to cyber-attacks/intrusions, anomalous activities, and misuse activities.
• Provide maintenance of technologies that directly support SecOps (including EDR, XDR, SIEM, SOAR, and other tools).
• Conduct regular intermediate to advanced SecOps activities for Identity Management, Privileged User Access, Access Control, End Point Protection, Internet Protection, Vulnerability Scanning.
• Develop and implement enterprise SecOps solutions to enhance threat detection and response to complex vulnerabilities, cybersecurity, and insider threats: Playbooks, SOAR, Workbooks, Watchlists, etc.
• Enforce and recommend updates to cybersecurity policy/SOPs and participate in incident response events (table-tops, Red/Purple Team, etc.).
• Interpret and participated in internal/external operations and recommend and implement the best practices and solutions.
• Participate in cybersecurity related exercises to manage and reduce cybersecurity risk; use analytical thinking, tools, and judgement to identify innovative solutions.

Basic Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology or another related field) AND 3+ years of experience in Security Operations, Cyber Threat Hunting, Incident Response, DFIR, Cyber Compliance/IA, OR 5+ years of hands-on experience in Security Operations, Cyber Threat Hunting, Incident Response, DFIR, Cyber Compliance/IA or related Cybersecurity experience.
• DoD 8570 IAT Level 2 or DoD 8140 compliant certification.
• 1+ year of hands -on experience with SIEM, SOAR, XDR, and/or enterprise vulnerability management tools.
• 1+ year of experience and proficiency with querying languages (KQL, SQL, SPL, etc.).
• 1+ year of experience operating in a cloud environment (e.g. Azure, AWS, GCP, Oracle).
• Deep understanding and experience with Windows and/or Linux Operating Systems.
• Must obtain Microsoft SC-200 within (6) months of hire.
• Experience working on teams in operational environments.

Preferred Qualifications:

• Ability to work independently with guidance in complex situations.
• Proficient in oral and written communication
• Experienced with Microsoft Security products.
• Experience in scripting (e.g., Bash, PowerShell, Python)
• Working knowledge and strong understanding of advanced persistent threats (APT) and associated tactics, attack frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain) and TTPs across the global threat landscape.
• DOD 8570 CSSP Incident Responder similar certification highly desired
• Experience with DevSecOps pipelines and SAFe methodology supporting Security Operations

Security Clearance Requirements:

• Active Top-Secret Clearance with SCI Eligibility.

Physical Requirements:

• Sedentary work that primarily involves sitting/standing/walking/talking.
• Moving about to accomplish tasks or moving from one work site to another.
• Communicating with others to exchange information.
• The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.
• Working with Computers.