Cyber Intrusion Analyst

MANTECH seeks a motivated, career and customer-oriented Cyber Intrusion Analyst to join our team in Stuttgart, Germany. The Cyber Intrusion Analyst will be supporting multiple components and subscribers of the Defense Information Systems Agency (DISA) Computer Network Defense Service Provider (CND-SP). There is daily interaction with members of intrusion analysis, incident response, vulnerability assessment, external assessment, and cyber threat analysis teams to support the capabilities of the organization and provide effective services to its subscribers.

This is a funded position on a multiyear contract through March 2031. Relocation will be provided, and you will have access to all base privileges, including the military commissary and BX/PX. You will also receive HOLA/COLA allowances and have DoDDS schooling or international schooling for all dependents.

Responsibilities include but are not limited to:

• Perform computer network incident detection, and response activities to detect, correlate, identify and characterize anomalous activity that may be indicative of threats to the enterprise.
• Monitor various security tools and applications for possible malicious activities, investigate any associated alerts or indicators, and develop recommendations for a course of action, including mitigation strategies as necessary.
• Conduct analysis of low-level ("low and slow") events to identify unauthorized activity utilizing exploratory problem-solving or self-learning techniques.
• Conduct near real-time event triage and analysis, which can result in network traffic validations or a Mission Partner's incident report.
• Utilize formal monitoring policies and procedures that include the appropriate use of DoD-approved network monitoring and traffic analysis tools to assist with identifying suspicious, anomalous, or overtly malicious network traffic on a 24/7/365 basis.
• Review and analyze available logs in a timely manner to detect intruders and notify Mission Partners of activity through a formal reporting process/pending an incident report.
• Apply, develop, tune, and distribute or optimize new and existing countermeasures or guidance to prevent or mitigate potential cyber event impacts when possible.
• Perform network traffic analysis utilizing raw packet data, net flow, IDS, IPS and custom sensor output, as it pertains to the cyber security of communications networks.
• Understand attack signatures, tactics, techniques, and procedures associated with advanced threats.

Minimum Qualifications:

• 11 years' experience, two years of which shall be with an accredited Computer Network Defense Service Provider or equivalent to meet the German Technical Expert Status Accreditation (TESA) requirements. In lieu of 11 years' experience, a Bachelor's degree in computer science, or similarly related technical discipline plus 3 years' experience in a technical environment; or Associate's degree plus 7 years' experience.
• Must hold DoD-8570 IAT Level 2 or higher baseline certification (Security+ CE or equivalent); within 5 months of start date, must obtain Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or CySA+.
• Knowledge of security concepts, protocols (TCP/IP, HTTP, etc.), well-known ports (DNS, SMTP, FTP, LDAP, etc.), processes, architecture, and tools (authentication and access control technologies, intrusion detection, network traffic analysis, SIM technology, incident handling, media/malware analysis, etc.)
• Experience with analyzing network traffic for suspicious and malicious activity using tools such as Wireshark (or equivalent) for packet capture analysis and the Carnegie-Mellon SiLK suite for flow data analysis.
• Willingness to perform shift work to support 24/7/365 operations; assignments are based on both preference and contract requirements.

Preferred Qualifications:

• Command Line Scripting skills (PERL, python, shell scripting) to automate analysis tasks.
• Knowledge of hacker tactics, techniques and procedures (TTP).
• Familiarity with computing security frameworks such as MITRE ATT&CK and Cyber Kill Chain.
• Monitoring of intrusion detection and computer defense appliances (Splunk, Elastic), applications, and analysis of associated alerts.
• Knowledge of advanced threat actor tactics, techniques, and procedures (TTP)
• Understanding of software exploits

Clearance Requirements:

• An active DoD Secret clearance with the ability to obtain Top Secret/SCI is required for this position.

Physical Requirements:

• Must be able to remain in a stationary position 50%.
• Needs to occasionally move about inside the office to access file cabinets, office machinery, etc.
• Frequently communicates with co-workers, management, and customers, which may involve delivering presentations.