Cyber Security Forensics Analyst

ManTech seeks a motivated, career and customer-oriented Cyber Security Forensics Analyst to join our team in the DC, Maryland, and Virginia (Northern) DMV area .

In this role you will be responsible for conducting advanced digital forensics investigations, analyzing cyber threats, and developing strategies to mitigate risks. This role requires a deep understanding of cyber forensics, the MITRE ATT&CK framework, and the MITRE D3FEND framework.

Responsibilities include but are not limited to:

• Lead and conduct complex digital forensics investigations, including data recovery, analysis, and reporting ; Develop briefings and reports providing briefings to contract and government leadership and others as requested /required .
• Utilize the MITRE ATT&CK framework and other techniques to identify , assess, and address cyber threats and vulnerabilities ; Apply the MITRE D3FEND framework to develop and implement defensive measures against cyber threats.
• Collaborate with other cybersecurity professionals, cybersecurity and network teams, law enforcement agencies, and intelligence organizations to share information and coordinate response efforts.
• Analyze cyber activities to identify entities of interest, determine malicious behavior, and recognize patterns and linkages; Conduct technical analysis against target systems and networks, identify vulnerabilities, and support the development of new exploitation techniques.
• Investigate computer and information security incidents to determine the extent of compromise to information and automated information systems ; Conduct dynamic malware analysis and perform memory and dead-box forensics ; Assess scope of malware campaigns and determine necessary remediation actions.
• Perform long-term and time-sensitive in-depth technical analysis of malicious code (malware), developing defensive countermeasures, and producing reports for dissemination.
• Using static and dynamic methodologies for malware analysis, such as debuggers, disassemblers, and sandbox execution. Develop and maintain standard operating procedures (SOPs) and rules of engagement (ROE) templates.

Minimum Qualifications:

• 9 + years of progressively responsible experience in cyber security, incident response, or forensic investigations including malware analysis and a B achelor's degree in computer science , engineering, information technology, cybersecurity, or related field of study
• An 8570 compliant certifications in IAT Level III
• One of the following relevant certifications: GIAC Certified Forensic Analyst (GCFA), Certified Information Systems Security Professional (CISSP), or Certified Cyber Forensics Professional (CCFP)
• Knowledge and experience with Threat Intel Frameworks ( e.g. Cyber Kill Chain, MITRE ATT&CK, Diamond Model)
• Demonstrated experience using EnCase, FTK, and Open-Source methods and tools to perform Computer forensic investigations
• Experience with Splunk, CrowdStrike Falcon, Security Onion, EnCase, Axiom,
• Experience with network topologies and network security devices ( e.g. Firewall, IDS/IPS, Proxy, DNS, WAF, etc ).

Clearance Requirements:

• Must have a current/active Secret clearance with the ability to obtain and maintain a TS/SCI.
• The ability to obtain and maintain a DHS EOD suitability is required prior to starting this position.

Physical Requirements:

• Must be able to remain in a stationary position for extended periods of time.
• Needs to occasionally move about inside the office to access file cabinets, office machinery, etc.
• Constantly operates a computer and other office productivity machinery, such as a calculator, copy, machine, and computer printer.
• The person in this position frequently communicates with co-workers, management, and customers,
• which may involve delivering presentations. Must be able to exchange accurate information in these situations.