Job Description

**MANTECH** seeks a motivated, career and customer-oriented **Computer Security Incident Response Team (CSIRT) Analyst** to join our team. This is a **remote** position. **Responsibilities include but are not limited to:** + Monitor Intrusion Detection/Prevention Systems (IDS/IPS), Endpoint Detection and Response (EDR), and other security event data sources to determine if events should be escalated to incidents. + Conduct threat hunting and analysis by correlating data from EDR, firewall, and syslog sources; leverage Zero-Trust methodologies and the MITRE ATT&CK framework to identify unauthorized activity. + Follow all applicable incident response and reporting procedures, documenting incidents in the ticketing system and supporting Computer Security Incident Response Team (CSIRT) leadership deliverables. + Tune and filter security events, create custom queries and use cases, and manage rules for EDR, Data Loss Prevention (DLP), firewalls, and other security technologies. + Develop and maintain CSIRT Standard Operating Procedures (SOPs) and Playbooks and utilize case management processes for incident tracking. + Collaborate with engineering, system administrators, and external entities like the United States Computer Emergency Readiness Team (US-CERT) to coordinate on threats and system maintenance. + Serve as a point of contact for the CSIRT, responding to the hotline and email, and maintaining proficiency through training and self-study. **Minimum Qualifications:** + A minimum of 1year of relevant work experience in incident response, cybersecurity analysis, or computer forensics, or related experience. + Demonstrated experience as an analyst in a Security Operations Center (SOC) supporting a Federal Government or large commercial enterprise. + Demonstrated experience with Incident Handling, including responding to and participating in efforts to remediate incidents. + Experience with cybersecurity technologies such as IDS, SIEM, etc. + Strong analytical, problem-solving, interpersonal, organizational, and communication skills and briefing skills. **Preferred Qualifications:** + 2+ years of experience in a SOC environment, including responding to incidents and working with packet capture (PCAP) data. + Working knowledge of tools such as Splunk Enterprise Security (ES), Security Orchestration, Automation and Response (SOAR), and User Behavior Analytics (UBA), as well as CrowdStrike Falcon, JIRA, and ServiceNow. + 1+ years of hands-on experience with Splunk Enterprise Security. + 1+ years of experience monitoring cloud environments. + Splunk Core Certified User + SANS GIAC Certified Intrusion Analyst (GCIA), or (ISC)² Certified Information Systems Security Professional (CISSP) or other cybersecurity related certifications. **Clearance Requirements:** + Must be a U.S. citizen and willing and able to obtain a CFPB Public Trust prior to starting this position. **Physical Requirements:** + Must be able to be in a stationary position more than 50% of the time + Constantly operates a computer and other office productivity machinery, such as a computer + The person in this position frequently communicates with co-workers, management and clients, which may involve delivering presentations ad must be able to exchange accurate information in these situations + The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc. ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. If you are a qualified individual with a disability and require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please email us at careers@mantech.com and provide your name and contact information.

Job Tags

Work experience placement, Work at office, Remote work,

Similar Jobs