Cyber Incident Response Team Lead

MANTECH seeks a motivated, career and customer-oriented Cyber Incident Response Team Lead to join our team in Ashburn, VA.

The ultimate purpose of this role is to provide the disciplined leadership and structural organization necessary to rapidly implement critical, high-impact security solutions that directly protect the Nation's digital borders while ensuring continuous, compliant contract delivery for 24x7x365 network, cyber, and cloud services.

Responsibilities include but are not limited to:

• Serve as the primary operational leader to the SOC for all major computer-related cybersecurity incidents, driving eradication efforts. Developing detailed post-incident reporting for senior leadership and the government client.
• Ensuring that the Incident Response Plan (IRP) lifecycle and the SOC's incident response capabilities are compliant with DHS 4300A and NIST 800-61 standards.
• Managing the lifecycle of all SOC investigations from creation to closure, using the Case Management System to track all of the incident response metrics (Mean Time To Detect, Mean Time To Contain, etc). Driving continuous improvement against contractual Service Level Agreements (SLAs).
• Assist with advanced analysis of data file system artifacts, memory, network, and log analysis during incidents.
• Support and manage Information/Data Spillage Incident Response efforts.

Minimum Qualifications:

• Bachelor's degree in computer science, engineering, information technology, or cybersecurity (or five years of relevant work experience in lieu of a degree).
• Certified Information System Security Professional (CISSP) and at least one of the following: SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Certified Incident Handler (GCIH), SANS GIAC Certified Forensic Analyst (GCFA), SANS GIAC Certified Enterprise Defender (GCED), or other IAT Level III certification.
• Seven (7+) years of progressively responsible experience in cyber security, incident response, security engineering, or network engineering.
• Proficient use of cyber tools including SIEM, endpoint detection, and IDS/IPS.

Clearance Requirements:

• Must have an active/ current TS/SCI clearance.
• Must be able to obtain and maintain a CBP BI (Background Investigation)

Physical Requirements:

• Must be able to be in a stationary position more than 50% of the time
• Must be able to communicate, converse, and exchange information with peers and senior personnel
• Constantly operates a computer and other office productivity machinery, such as a computer
• The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations
• The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc.