Full Time Employee Contractor
Become an integral part of a diverse team that leads the world in the Mission, Cyber, and Intelligence Solutions group. At ManTech International Corporation, you will help protect our national security while working on innovative projects that offer opportunities for advancement.
Currently, ManTech is seeking a motivated, career and customer oriented SOC Analyst to join our team in the Washington, DC area to provide unparalleled support to our customer and to begin an exciting and rewarding career within ManTech.
As a SOC Analyst, your duties will include analyzing all relevant cyber security event data and other data sources for attack indicators and potential security breaches. We are looking for candidates with excellent written and oral communication in order to produce reports, assist in coordination during incidents; and coordinate with the O&M & Help Desk teams ensuring all security monitoring systems are on-line, up to date, and fully operational.
Responsibilities include, but are not limited to:
? Monitoring intrusion detection and prevention systems and other security event data sources on the appointed shift. Determine if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures
? Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and Syslogs.
? Tune and filter events, creating custom views and content using all available tools following an approved methodology and with approval of concurrence from the gov?t management.
? Provide support for the Government CSIRT Hotline and appropriately document each call in an existing tracking database for this purpose.
? Coordinate with the O&M or help desk teams to ensure production CSIRT systems are operational.
? Review assembled data with firewall administrators, engineering, system administrators and other appropriate groups to determine the risk of a given event.
? Use your previous experience to enhance procedures for handling detected security events.
? Create custom content and develop new use cases to better correlate security event information.
? Develop and utilize ?Case Management? processes for incident and resolution tracking. The processes should also be used for historic recording of all anomalous or suspicious activity. Currently, processes in place now using internal reporting tool.
? Identify misuse, malware, or unauthorized activity on monitored networks. Report the activity appropriately as determined by CSIRT Management.
? Monitor, document and respond to centrally collected virus data and indicators.
? Experience of an operational environment such as a SOC or CSIRT
? Excellent writing and presentation skills are required in order to communicate findings and recommendations and provide status on ongoing investigations
? Experience with security products and technologies, especially related to event and incident handling (e.g. SIEM, HIDS/NIDS, AV)
? Deep understanding of TCP/IP, common application-layer protocols and network architecture within an enterprise environment
? Deep familiarity with common operating systems
? Deep understanding of attacker TTPs
? Exceptional log analysis skills
? Ability to problem solve, ask questions, and discover why things are happening
? Industry certifications: GCIH, GREM or other related SANS certifications
? Penetration testing and/or forensics experience
? Splunk experience is a plus.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Candidate must be clearable and pass a background investigation.