This talented analyst will monitor antivirus, intrusion prevention systems (IPS), network access control (NAC) and Security information and event management SIEM systems to identify and report adverse system and network activity. Working independently and with little supervision, this "quarterback" will lead systems managers in running the applicable incident response "plays". The qualified candidate will be capable of conducting system and network security incident analysis, including: query and extraction of data from SIEM and log management systems; identifying common network attack techniques, tools, and signatures; correlation of observed system and network behavior with open and/or government sources; follow-up with system owners to validate detected network activity; writing and presentation of incident reports for technical and non-technical audiences.
Other highly desirable capabilities include: specification and recommendation of system, network and IDS sensor countermeasures, workarounds, and/or changes; explanation of security issues to non-technical staff. Develops and applies advanced methods, theories and research techniques in the solution of security environment requirements and problems. Reviews information systems security environments to include all aspects of physical, technical and administrative security issues. Develops client-specific information system risk-management alternatives and implementation plans. Provides information system security training to other employees and performs oversight of all task-specific activities such as document preparation, writing, methodologies, etc. Evaluates government and commercial policies, manuals, regulations and other documents for relevance to information security management issues and ongoing efforts. Performs other duties and assignments that may include project guidance and leadership to other team members.
Bachelor’s degree or equivalent work experience
Current shift opening: 6pm-6am with alternating Wed, Thurs / Wed, Thurs, Fri, Sat, Sun Candidate must be able to obtain Interim Secret clearance
Current CISSP or SANS GCIA is required. Other relevant certifications (Such as 8570 IAT Level 2 CNSDSP) may be considered and approved. Selected candidate may be required to obtain appropriate certification within 6 months of start date.
Requires Bachelor’s degree or equivalent and two to four years of related experience with a minimum of six months experience in one or more of the following: computer network penetration testing and techniques; computer evidence seizure, computer forensic
Equivalent Experience/Education Bachelor's Degree
Years of Experience
For more than 40 years, ManTech employees have been solving complex problems for the national security community. We are comprised of approximately 10,000 talented employees around the world. We adhere to the simple, no-nonsense values on which ManTech was founded more than four decades ago, aligning squarely with the mission objectives of our customers. As our customer base continues to expand and diversify, we continue to diversify our workforce and solutions. Half our employees have a military background, and more than 70 percent hold a government security clearance. As a leading provider of innovative technology services and solutions for the nation's defense, security, space, and intelligence communities; we hold nearly 1,000 active contracts with more than 40 different government agencies.