Today
Public Trust
Unspecified
Unspecified
Security
Remote/Hybrid• (Off-Site/Hybrid)
MANTECH seeks a motivated, career and customer-oriented Computer Security Incident Response Team (CSIRT) Analyst to join our team. This is a remote position.
Responsibilities include but are not limited to:
Minimum Qualifications:
Preferred Qualifications:
Clearance Requirements:
Physical Requirements:
Responsibilities include but are not limited to:
- Monitor Intrusion Detection/Prevention Systems (IDS/IPS), Endpoint Detection and Response (EDR), and other security event data sources to determine if events should be escalated to incidents.
- Conduct threat hunting and analysis by correlating data from EDR, firewall, and syslog sources; leverage Zero-Trust methodologies and the MITRE ATT&CK framework to identify unauthorized activity.
- Follow all applicable incident response and reporting procedures, documenting incidents in the ticketing system and supporting Computer Security Incident Response Team (CSIRT) leadership deliverables.
- Tune and filter security events, create custom queries and use cases, and manage rules for EDR, Data Loss Prevention (DLP), firewalls, and other security technologies.
- Develop and maintain CSIRT Standard Operating Procedures (SOPs) and Playbooks and utilize case management processes for incident tracking.
- Collaborate with engineering, system administrators, and external entities like the United States Computer Emergency Readiness Team (US-CERT) to coordinate on threats and system maintenance.
- Serve as a point of contact for the CSIRT, responding to the hotline and email, and maintaining proficiency through training and self-study.
Minimum Qualifications:
- A minimum of 1year of relevant work experience in incident response, cybersecurity analysis, or computer forensics, or related experience.
- Demonstrated experience as an analyst in a Security Operations Center (SOC) supporting a Federal Government or large commercial enterprise.
- Demonstrated experience with Incident Handling, including responding to and participating in efforts to remediate incidents.
- Experience with cybersecurity technologies such as IDS, SIEM, etc.
- Strong analytical, problem-solving, interpersonal, organizational, and communication skills and briefing skills.
Preferred Qualifications:
- 2+ years of experience in a SOC environment, including responding to incidents and working with packet capture (PCAP) data.
- Working knowledge of tools such as Splunk Enterprise Security (ES), Security Orchestration, Automation and Response (SOAR), and User Behavior Analytics (UBA), as well as CrowdStrike Falcon, JIRA, and ServiceNow.
- 1+ years of hands-on experience with Splunk Enterprise Security.
- 1+ years of experience monitoring cloud environments.
- Splunk Core Certified User
- SANS GIAC Certified Intrusion Analyst (GCIA), or (ISC)² Certified Information Systems Security Professional (CISSP) or other cybersecurity related certifications.
Clearance Requirements:
- Must be a U.S. citizen and willing and able to obtain a CFPB Public Trust prior to starting this position.
Physical Requirements:
- Must be able to be in a stationary position more than 50% of the time
- Constantly operates a computer and other office productivity machinery, such as a computer
- The person in this position frequently communicates with co-workers, management and clients, which may involve delivering presentations ad must be able to exchange accurate information in these situations
- The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc.
group id: RTX14564a
ManTech Corporate Capabilities
