ManTech is seeking a Cyber Intelligence Analyst to help support our current NCIS contract out of Quantico, VA. The Cyber Defense Intelligence Analyst is responsible for monitoring network activity and collecting intelligence to identify, assess, and help resolve/report on threats posed by foreign cyber actors targeting DON/NCIS networks, infrastructure, personnel, and technology. This role emphasizes law enforcement (LE) and counterintelligence (CI) processes and procedures by combining advanced cyber threat intelligence analysis with hands-on incident response and reporting.
Responsibilities include but are not limited to:
Conduct cyber threat hunting activities, focusing on detecting, assessing, and reporting on cyber threats, including addressing U.S. government and organizational (DON/NCIS) intelligence requirements.
Ability to leverage All-Source and OSINT skills, paired with technical expertise, to support the development of comprehensive and actionable intelligence products.
Perform in-depth analysis of network data, including NetFlow, email headers, PCAP, network logs, and Transport Layer Security (TLS) Certificate Pivoting, to detect malicious activity.
Conduct investigations of anomalies and irregularities to determine the root cause of incidents, including adversary tracking, incident reporting, and recommending appropriate responses.
Review, interpret, and evaluate information from multiple sources to produce intelligence products, including briefings, summaries, and Intelligence Information Reports (IIRs).
Correlate data from intrusion detection and prevention systems with other sources, such as firewalls, web servers, and DNS logs, to detect and attribute malicious behavior.
Guide and mentor junior analysts on cyber threat intelligence, incident response, and best practices.
Minimum Qualifications:
Bachelor's degree and minimum of 2 years of cyber threat intelligence and defense experience, with a focus on network log analysis and threat hunting to include the following: (Additional 2 years of experience can be substituted in lieu of degree.)
In-depth knowledge of network communication protocols (TCP/IP), NetFlow, DNS, PCAP analysis, and malware behavior/types.
Familiarity with advanced cyber threat hunting tools such as Security Information and Event Management (SIEM), Managed Detection and Response (MDR) systems, and managed attribution platforms (e.g., Domain Tools, VirusTotal, Maltego).
Experience conducting incident response and investigations, performing root cause analysis, and reporting findings to stakeholders.
Proficiency in utilizing analytical frameworks such as MITRE ATT&CK, Cyber Kill Chain, and the Diamond Model, with a demonstrated ability to identify Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and threat actor patterns.
Preferred Qualifications:
SANS GIAC Security Essentials (GSEC), or other SANS relevant cybersecurity certifications
CEH, Security+, CySA+, CISSP, GCIH, or other relevant cybersecurity certifications
Skills in Open-Source Intelligence (OSINT), Counterintelligence (CI)/Human Intelligence
(HUMINT), All-Source Analysis, and/or Digital Forensics
Clearance Requirements :
Secret with the ability to obtain TS/SCI
Physical Requirements:
Sedentary Work
S:SKCIN SKINTMISC