Become an integral part of a diverse team that leads the world in Mission, Cyber, and Intelligence Solutions. At ManTech International Corporation, you will help protect our national security while working on innovative projects that offer opportunities for advancement.
As a Senior SOC Analyst, you will provide critical systems, application and infrastructure support to our Department of Defense customer. You have the opportunity to work with a team across multiple technical areas to include operations, engineering, security, and systems development. This is a great opportunity for technical and professional growth, as you will get in on the ground floor while we stand up a new Security Operations Center (SOC) for the customer.
This Senior SOC Analyst position continuously monitors the security state of the system by building and maintaining queries, reports, and alerts in Splunk and displaying them in dashboards available to engineers, Information System Security Managers (ISSM), the Chief Information Security Officer (CISO), Information System Owners (ISO) and other ISSOs. You will gain an understanding of the daily operation of the system to identify, explain, and document anomalous events and behaviors, following established incident response and mitigation procedures.
Your excellent analytical skills will assist in quantifying risk to enterprise systems and level of compliance with security policy across a broad spectrum of daily operations. Your responsibilities will also include elements of physical and environmental protection, personnel security, incident handling, and security training and awareness. In close coordination with the ISSM and the rest of the Audit team, you will play an active role in monitoring the enterprise to include developing and maintaining the System Security Plan (SSP) and Security Controls Traceability Matrix (SCTM), and documenting the security impact of changes.
Responsibilities include but not limited to: As Senior SOC Analyst, you will:
Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
Create and maintain information system security documentation, Standard Operating Procedures (SOP), checklists, and Plans of Action and Milestones (POA&M)
Conduct periodic and continuous monitoring of the system, procedures, and documentation to ensure compliance with the authorization package
Conduct daily, weekly and monthly review and management of the audit collection system
Continuously review and evaluate best practices for implementing a comprehensive audit program
Implement existing media control and data transfer policies
Work with the IA team to perform basic system administration and maintain various IA tools, including audit collection and reporting systems, vulnerability management programs, and other continuous monitoring capabilities
Participate in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes
Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage
Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions; track findings with POA&M through mitigation and/or risk acceptance
Monitor and assist with security infractions and assist in security investigations and responses as requested
Work on project teams responsible for engineering and packaging releases to integrate within the customer's production IT environment
Communicate well, both written and verbal.
Position Requirements: A Senior SOC Analyst will have:
Graduated with a Bachelor's degree (preferably in telecommunications, computer science, information systems management, electrical engineering, computer engineering or similar field of study) and have 5 to 7 years? experience with information networks and related security concerns; or a Master's degree with 3 to 5 years? experience
Background and 1-2 years? experience with Security Event and Incident Management (SEIM) tools. Experience with Splunk is preferred and Splunk certifications are highly desired
Experience using various IA tools in audit collection, audit review, audit management, and end point protection
A background and some experience with RMF, ICD 503, NIST SP800-53 or DCID 6/3, or knowledge of current authorization practices, particularly within the DoD is desired.
Experience with security efforts related to modern Windows, Linux, UNIX, Cisco, SQL or Oracle databases, and virtualized systems are desired.
DoD 8570.1 / DoD 8140.01 certification (IAT Level I or II, IAM level I, or II, IASAE Level I, II, or III). Security+CE or equivalent required at a minimum; CISA preferred; CAP, CASP, CISSP, GSLC or CISM desired
Security requirements: US Citizenship and active TS clearance. SCI eligibility highly desired.