Become an integral part of a diverse team that leads the world in Mission, Cyber, and Intelligence Solutions. At ManTech International Corporation, you will help protect our national security while working on innovative projects that offer opportunities for advancement.
As a SOC Cybersecurity Analyst, you will be responsible for providing full time support to a large enterprise Department of Defense customer. The core responsibility of the CTOC Triage Analyst is responsible for the initial triage and analysis of cyber threat reports and alerts to protect infrastructure and data. This role involves monitoring alert queues for sensitive assets and known attacker campaigns, performing automated and manual remediation of adverse events, and ensuring the health of signal ingestion across Microsoft and third-party tools. The Triage Analyst will work closely with other teams to escalate incidents and recommend improvements to response techniques and automation playbooks. This role may include the need to work outside of core hours on high priority investigations and may also include on-call responsibilities
Responsibilities include, but are not limited to:
Alert Prioritization and Triage: Focuses on the monitoring, initial triage, managing, and reviewing incidents to assess their urgency, and escalating incidents if necessary.
Signal Ingestion Health: Monitors and diagnoses the health of signal ingestion to ensure that alerts are properly received and processed.
Daily Security Checks: Performs daily checks of security tools to maintain the health and functionality of security tools.
Incident Investigation and Remediation: Conducts initial investigation, remediation, and documentation of security incidents.
Escalation: Escalates incidents for advanced investigation and remediation for more complex issues.
Root-Cause Analysis: Performs initial root-cause analysis to reconcile technical details (5Ws) obtained from various sources.
SecOps Activities: Conducts basic SecOps activities for Identity, Device, Applications and Workloads, Data, Network, and SOAR.
Incident Response Participation: Participates in incident response events and enforces cybersecurity policies/SOPs.
Improvement Recommendations: Recommend and assist in the implementation of improvements to Indicators of Compromise (IOCs), response techniques, and automation playbooks.
Maintenance: Assists in the maintenance of technologies that directly support SecOps, such as EDR, XDR, SIEM, and SOAR.
Modernization: Leverage modern technologies (i.e., Artificial Intelligence, etc.) to improve efficiency, reliability, and SecOps metrics.
Triage analysts may be involved in various investigation types including malicious adversarial actions, common IOC remediation, Insider Threat Inquiries
Works independently, with guidance in only the most complex situations
May lead teams or projects with moderate resource requirements, risk, and/or complexity
Participate in exercises to solve complex problems; uses analytical thinking, tools, and judgement to identify innovative solutions
Ability to use MS Office, Ability to use PC, Analytical and Critical Thinking Skills, Interpersonal and People Skills, Listening Skills, Multi-Tasking Ability, Oral and Written Communication Skills, Organizational Skills, Presentation Skills using PowerPoint, Public Speaking Skills.
Job Requirements:
Bachelor's Degree in Cybersecurity, Information Technology or another related field AND 1+ year of hands-on experience in Security Operations, Incident Response, or Cybersecurity Threat Management, OR 2-3 years of hands-on experience in Security Operations, Incident Response, or Cybersecurity Threat Management.
DoD 8570 IAT Level 2 or DoD 8140 compliant certification.
Must obtain Microsoft SC-200 within (6) months of hire.
Knowledge and/or experience protecting network environments against external and insider threats.
Experience completing and analyzing SCAP Vulnerability scans.
Hands-on experience with SIEM, SOAR, XDR, and/or enterprise vulnerability management tools.
Experience with Splunk, ACAS, McAfee, or Sentris is desired.
Experience with JSIG and DISA STIGs.
Familiarity with Common Vulnerabilities and Exposures (CVE) tracking and remediation.
Familiarity with Windows and Linux Operating Systems.
Fundamental proficiency in scripting (e.g., Bash, PowerShell, Python)
Fundamental understanding of security in cloud environments (e.g. Azure, AWS, GCP, Oracle).
Fundamental experience and proficiency with querying languages (KQL, SQL, SPL, etc.).
Desired Skills:
Fundamental understanding of advanced persistent threats (APT) and associated tactics, attack frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain), credential compromise techniques, technology and security principles, and knowledge of the cyber threat landscape.
Knowledge or experience with Splunk Enterprise, HBSS, ACAS, Microsoft Sentinel, or similar tools.
CSSP Analyst Certifications highly desired (Ex. GCIA, GCIH, Cloud+, CEH)
Security Clearance Requirements:
Active Top Secret Clearance with SCI Eligibility.
Physical Requirements:
Sedentary work that primarily involves sitting/standing/walking/talking.
Moving about to accomplish tasks or moving from one work site to another.
Communicating with others to exchange information.
The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations
Working with Computers.
S:SKINTIAGP2