Description & Requirements
Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.
ManTech is seeking a motivated, career and customer-oriented individual to provide unparalleled support to our customer and to begin an exciting and rewarding career within ManTech. You are the right candidate for this job if you like working in a fast-paced, dynamic environment and have a passionate commitment to national security and securing the homeland. The position may be based in the DC/Maryland/Virginia area, or Chandler, AZ.
We are looking for a Tier 2 NOSC Analyst with responsibility to provide daily management and oversight to a team of 40+ operators providing support for a network, cybersecurity and cloud operations on a 24x7x365 basis. The team will monitor network and cloud resources to detect and respond to service impacting events, cybersecurity incidents, and alerts.
Responsibilities include, but are not limited to:
- Provide Tier 2 support by analyzing network traffic and various log data to determine the threat/impact against the network, recommending appropriate countermeasures, facilitating the tracking, handling, and reporting of all security events and computer incidents.
- Monitor, detect, scan, record, audit, analyze, report, remedy, coordinate, and track security related events for customer networks/endpoints.
- Perform in-depth analysis of security events and incidents independently, and in support of Tier 1 SOC Analysts
- Investigate and respond to security incidents escalated from Tier 1 SOC Analysts, conduct in-depth analysis, and identify the root cause of incidents
- Conduct forensic analysis and detailed investigations of security incidents to determine the root cause and extent of compromise
- Document analysis, findings, and actions in a case/knowledge management system.
- Provide guidance and support to Tier 1 SOC Analysts, including coaching and knowledge sharing to enhance their technical skills
- Support senior-level SOC personnel with the creation and distribution of incident reports
- Participate in vulnerability assessments and penetration testing activities to identify and address potential security weaknesses
- Responsible for working in a 24x7 Security Operation Center (SOC) environment
- Other duties as assigned or required
Basic Qualifications:
- Possess either a Certified Ethical Hacker (CEH) or a GIAC Certified Incident Handler (GCIH)
- A Bachelor of Science degree in Information Security, Computer Science, or related field
- A minimum of (4) four years of related experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC).
- A minimum of (6) six months experience in one or more of the following areas: computer network penetration testing/techniques; computer evidence seizure, computer forensic analysis, data recovery; computer intrusion analysis/incident response, intrusion detection; computer network surveillance/monitoring; network protocols, network devices,
- Experience with Incident Response; identifying, investigating, reporting and remediating
- Captures, protects, and retains digital forensic data and information maintaining proper legal chain of custody for legal and law enforcement activities
- Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption
- Experience analyzing in/outbound e-mail traffic
- Understanding of SIEM alerting and analytic processes
- Capable of solving technical problems following established procedures and policies
- Experience with common Cybersecurity tools such as Splunk, HBSS, Nessus
- Proficiency in security incident response methodologies and best practices
- Familiarity with scripting languages (Python, PowerShell, etc.) for automation and data analysis
- Understanding of cloud platforms and their impact on SOC operations (e.g., AWS, Azure, GCP)
Preferred Qualifications:
- Possess one or more of the following certifications: DOD 8570 Industry Related Certification - CSSP Analyst, CSSP Infrastructure Support or CSSP Incident Responder, Penetration Testing, GIAC Certified Forensic Examiner (GCFE), GIAC Advanced Smartphone Forensics Certification (GASF)
Clearance Requirements:
- Must be a U.S. citizen
- Must hold a TS/SCI clearance
- Must be able to obtain DHS EOD suitability; an active EOD suitability is highly desired
Physical Requirements:
- Must be able to remain in a stationary position 50%
- Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer
- The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc.