Cyber Defense Forensics Lead

MANTECH seeks a motivated, career and customer-oriented Cyber Defense Forensics Lead to join our team in Ashburn, VA.

The ultimate purpose of this role is to provide the disciplined leadership and structural organization necessary to rapidly implement critical, high-impact security solutions that directly protect the Nation's digital borders while ensuring continuous, compliant contract delivery for 24x7x365 network, cyber, and cloud services.

Responsibilities include but are not limited to:

• Leading, mentoring, and managing the Cyber Defense Forensics team in support of Insider Threat Operations and Security Operations.
• Conducting enterprise and individual system endpoint and network-based digital forensic analysis.
• Serving as a subject matter expert (SME) in the preservation of evidence, including proper chain of custody for sensitive/classified data30.
• Architecting and fine-tuning the near real-time monitoring of Data Loss Prevention (DLP) policies, solutions, and other applicable tools.
• Assisting with conducting malware analysis and performing static/dynamic file analysis.

Minimum Qualifications:

• Bachelor's degree in computer science, engineering, information technology, or cybersecurity.
• Certified Information System Security Professional (CISSP) and at least one of the following: SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Certified Incident Handler (GCIH), SANS GIAC Certified Forensic Analyst (GCFA), SANS GIAC Certified Enterprise Defender (GCED), or other IAT Level III certification.
• Seven (7+) years of professional experience with a solid understanding of incident response, insider threat investigations, forensics, cyber threats, and information security.
• Five (5+) years of hands-on experience (with experience in the last two years) including host-based and network-based security monitoring, insider threat monitoring software, and host-based forensic tools.
• Ability to create insider threat-focused dashboards, reports, and workflow diagrams.

Clearance Requirements:

• Must have a current/ active TS/SCI clearance.
• Must be able to obtain and maintain a CBP BI (Background Investigation)

Physical Requirements:

• Must be able to be in a stationary position more than 50% of the time
• Must be able to communicate, converse, and exchange information with peers and senior personnel
• Constantly operates a computer and other office productivity machinery, such as a computer
• The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations
• The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc.