Secure our Nation, Ignite your Future
Network Based Systems Analyst III
Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International Corporation, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.
Currently, ManTech is seeking a motivated, career and customer-oriented Network Based Systems Analyst III to join our team at the DHS Facility.
Responsibilities include, but are not limited to:
- Provide Network-based Analysis Support for Cybersecurity to include:
- a) Perform analysis of log files from a variety of sources (e.g., network traffic logs, firewall logs, intrusion detection system logs, Domain Name System (DNS) logs) to identify possible threats to network security.
- b) Collect intrusion artifacts (e.g., domains, Uniform Resource Identifiers (URIs), certificates, etc.) and use discovered data to enable mitigation of potential CND hunts and incidents.
- c) Analyze identified malicious network activity to determine weaknesses exploited, exploitation methods, effects on system and information.
- d) Identify and document network based tactics, techniques, and procedures used by an attacker to gain unauthorized system access.
- e) Track and document CND incidents from initial detection through final resolution.
- f) Perform real-time CND Incident Handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable incident response teams.
- g) Create and disseminate technical reports in response to conducted analysis.
- h) Assist with writing CND guidance and reports on incident findings to appropriate constituencies.
- i) Assist with developing and maintaining SOPs.
- j) Participate in inter-agency sponsored community of interest analysis groups, participate in technical briefings and exchanges.
- k) Serve as technical expert and liaison to leadership, NCCIC, the IC, and law enforcement personnel explaining incident details as required.
- l) Manual review network device configurations for suspicious configurations or signs of compromise.
- m) Assess network topology and network device configurations identifying critical security concerns and providing network security best practice recommendations to identify critical security concerns from an architecture perspective (e.g., external internet traffic bypassing firewall boundary) and a network device configuration perspective (e.g., default administrator account on a network device).
- n) Collect network device integrity data, utilizing specialized tools, to detect unauthorized access (login access, configuration changes, interface changes, physical access, unscheduled reboots, blocked attempts, downgraded encryption, etc.).
- o) Collect network device integrity data, utilizing specialized tools, to detect software modifications (file verification, online/offline hash, published hashed, memory verification, firmware verification, rootkit detection).
- p) Collect network device integrity data, utilizing specialized tools, to detect hardware modifications (operating statistics, network traffic analysis).
- q) Support network device integrity analysis on multi-vendor products (e.g., Cisco, Juniper, HP, Dell, etc.).
- r) Assist with maintaining the readiness of all fly-away kits, storage media and forensic VM analyst images.
- s) Divert/deploy teams of Contractor resources to provide on-site support and assistance in the event of an exercise or cyber incident.
Basic Qualifications:
- Knowledge of Computer Network Defense policies, procedures, and regulations
- Knowledge of defense-in-depth principles and general attack stages with respect to network security architecture
- Ability to characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
- Identify and analyze anomalies in network traffic using metadata
- Reconstruct a malicious attack or activity based on network traffic
- Examine network topologies to understand data flows through the network
- Knowledge of network device integrity concepts and methodologies
- Skill in preserving
Preferred Qualifications:
Level I
- (Minimum 3 years network investigations experience with a High school diploma; or a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with a minimum 1 year of network investigations experience)
- Proficiency at Level I includes all basic qualifications mentioned above in addition to the following:
- Monitor external data sources to maintain currency of Computer Network Defense threat conditions
- Perform analysis of log files from a variety of sources (e.g., network traffic logs, firewall logs, intrusion detection system logs, DNS logs) to identify possible threats to network security
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
- Track and document
Level II
- (4-6 years network investigations experience with a High school diploma; or a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 2-4 years of network investigations experience)
- Proficiency at Level II includes all skills defined at Level I in addition to the following:
- Collect network intrusion artifacts (e.g., domains, URI’s, certificates, etc.) and use discovered data to enable mitigation of potential Computer Network Defense incidents.
- Analyze identified malicious network activity to determine weaknesses exploited, exploitation methods, effects on system and information
- Collect network device integrity data and analyze for signs of tampering or compromise
- Assist with real-time CND incident handling (i.e., forensic collections, intrusion correlation and tracking, threat analysis, and advising on system remediation) tasks to support onsite engagements
Level III
- (7-9 years network investigations experience with a High school diploma; or a Bachelor’s degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 5-7 years of network investigations experience)
- Proficiency Level III includes all skills defined at Level II in addition to the following:
- Assist the Government lead in coordinating teams in preliminary incident response investigations
- Assist the Government lead with interfacing with the customer while onsite
- Determine appropriate courses of actions in response to identified and analyzed anomalous network activity
- Assess network topology and device configurations identifying critical security concerns and providing security best practice recommendations
- Assist with the writing and publishing of Computer Network Defense guidance and reports on incident findings to appropriate constituencies
- Serve as technical expert and liaison to intra-organizational components and leadership
Security Clearance Requirements:
Physical Requirements:
- Office work, typically sedentary with some movement around the office.
ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.
If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access http://www.mantech.com/careers/Pages/careers.aspx as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.
