- ManTech
- McLean, VA
- Full-time
- 2024-02-01T00:00:00Z
- $134700 - $224700 year
Cloud Cyber Incident Response Analyst
Location: Remote, with travel requirements
Job Type: Full-time
Salary: $134700 - $224700 per year
Job Description
Secure our Nation and ignite your future with ManTech. Join our team as a Cloud Cyber Incident Response Analyst and contribute to safeguarding critical targets while working on cutting-edge projects dedicated to national security.
This primarily remote position entails leading incident response, detection engineering, and threat hunting activities, with specific onsite training and meeting requirements.
Responsibilities
- Execute cyber analysis and response, detection engineering, and automation in commercial cloud environments.
- Develop metrics and reports to communicate identified risks to the customer's environment.
- Create and refine SIEM dashboards for clear identification of findings scope or activity monitoring.
- Identify patterns and outliers in data sets aligned with threat actor Tactics, Techniques, and Procedures (TTPs), post-compromise behavior, and unusual activities like insider threats.
- Conduct dynamic and static malware analysis on samples obtained during incident handling or hunt operations to identify Indicators of Compromise (IOCs).
- Track investigations to resolution and provide an after-action report as required.
- Identify misuse, malware, or unauthorized activity on monitored networks.
- Coordinate during incidents and identify intrusions using various detection and prevention systems and security event data sources on a 24x7x365 basis.
- Analyze intrusion related data to determine root cause and identify follow on activity while coordinating with Incident Handlers, Hunters, and various partners.
- Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs, to include NetFlow, metadata, and pcap analysis.
- Contribute to the tuning and filtering of events and information, creating custom views and content using all available tools.
- Contribute to the development of playbooks and procedures for handling each security event detected.
Required Qualifications
- 5+ years of experience in Cyber Security, InfoSec, Security Engineering, or Network Engineering with emphasis in cyber security issues and operations, computer incident response, systems architecture, and data management.
- Understanding of enterprise cyber defense technologies, such as SIEM systems, network and host malware detection, and prevention.
- Ability to demonstrate effective interpersonal, organizational, writing, communications, and briefing skills.
- Ability to use analytical and problem-solving skills.
- Ability to travel to ManTech offices for training and to customer site as needed for meetings.
- DOD 8570 IAT Level I or CSSP-A certification (can be obtained within 6 months of start date).
- Active/Current TS/SCI with polygraph clearance.
Preferred Requirements
- Bachelor’s Degree in Information Technology or related technical field of study.
Security Clearance Requirement
- Active/Current TS/SCI with polygraph.
Physical Requirements
- Must be able to remain in a stationary position 50%
- Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer.
- The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc.