Secure our Nation, Ignite your Future

The core responsibility for Investigative Analysts is rapid investigation and remediation of advanced attacks that require deeper analysis and remediation often escalated from Triage Team. Investigative Analysts also directly monitor alerts for sensitive assets and known attacker campaigns. This role may include the need to work outside of core hours on high priority investigations and may also include on-call responsibilities.

Responsibilities:

• Proactively Hunting for adversaries using Microsoft + 3rd party tools

• Directly monitoring and investigating for sensitive asset compromise

• Recommending remediation or perform remediation steps outside of automated responses

• Reconciling technical details obtained from various sources of information during adverse events

• Determining impacted assets, endpoints, and users from attacks

• Conducting threat hunt across the Microsoft and 3rd party ecosystem using available tools

• Creating and improving upon Security Orchestration, Automation and Response (SOAR) + Security Information and Event Management (SIEM) capabilities

• Conducting Incident Management, after-action reporting, and documentation

• Evaluating security risks and their impact to the Microsoft Cloud platform + 3rd party tools

Qualifications:

• 4+ years of experience directly supporting Security Operations and/or Incident Response

• Working knowledge and strong understanding of advanced persistent threats (APT) and associated tactics, attack frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain), credential compromise techniques, technology and security principles, and knowledge of the cyber threat landscape

• Deep analytical thinking and information processing skills

• DOD 8570 IAT Level II or higher certification upon start

• Experience in 1 or more of the following: Bash, Python, Kusto Query Language, RegEx

• Experience working with small expert teams in 8x5 or 24x7x365 environments

Security Clearance:

DOD TS/SCI

Preferred Skills:

• Experienced with Splunk, HBSS, ACAS, Microsoft Security Products

• Knowledge or experience in defensive cyber operations supporting DOD and/or IC

• DOD 8570 CSSP Incident Responder certification highly desired (Ex. GCFA, GCIH, CEH, SCYBER)

• Experience with DevSecOps pipelines supporting Security Operations

• Experience leading Incident Response teams

For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.

ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access