Where applicable, confirmation that you meet customer requirements for facility access which may include proof of vaccination and/or attestation and testing, unless an accommodation has been approved.

Secure our Nation, Ignite your Future

Job Duties and Responsibilities:

Can you protect and defend the most coveted targets in the world to ensure the safety of information systems assets and protect systems from intentional or inadvertent access or destruction? Join ManTech and help protect our national security while working on innovative projects that offer opportunities for advancement.

We are currently seeking a Cyber Incident Response Site Lead located in San Antonio, TX. This is a hybrid role which will require some on-site presence while allowing you to enjoy the benefits working remotely. In this role, you will lead a team of incident responders, detection engineers, and cyber defense professionals.

Responsibilities include, but are not limited to:

• Manage a team of remote analysts performing cyber analysis and response, detection engineering, and automation for commercial cloud environments.
• Develop metrics and reporting to inform the customer of identified risks to their environment.
• Establish and maintain processes and communication plans to enable a team of hybrid remote analysts.
• Create and modify SIEM dashboards to clearly identify scope of findings or monitor activity.
• Identify patterns/outliers within data sets that match threat actor TTPs, post compromise behavior, and otherwise unusual activity, such as insider threat.
• Conduct dynamic and static malware analysis on samples obtained during incident handling or hunt operations to identify IOCs.
• Track investigations to resolution and provide an after-action report as required.
• Identify misuse, malware, or unauthorized activity on monitored networks
• Analyze all relevant cyber security event data and other data sources for attack indicators and potential security breaches
• Assist in coordination during incidents
• Identify intrusions utilizing various detection and prevention systems and other security event data sources on 24x7x365 basis
• Analyze intrusion related data to determine root cause and identify follow on activity while coordinating with Incident Handlers, Hunters, and various partners
• Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs, to include NetFlow, metadata, and pcap analysis
• Contributes to tuning and filtering of events and information, creating custom views and content using all available tools
• Review assembled data with firewall administrators, engineering, system administrators and other appropriate groups to determine the risk of a given event
• Contribute to the development of playbooks and procedures for handling each security event detected

Required Experience/Skills:

• Bachelor's degree and 5 years of related experience
• DOD 8570 IAT Level I or CSSP-A certification
• Excellent interpersonal, organizational, writing, communications, and briefing skills.
• Strong analytical and problem-solving skills.

Security Clearance Required:

• Current/active TS/SCI with Polygraph

Preferred Tools:

• Familiarity with the following classes of enterprise cyber defense technologies:
• Security Information and Event Management (SIEM) systems
• Sysmon
• Azure
• Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
• Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
• Network and Host malware detection and prevention
• Network and Host forensic applications
• Web/Email gateway security technologies
• Log aggregation tools

5.24.IGLB.JD.22

The projected compensation range for this position is $104,500-$174,900. There are differentiating factors that can impact a final salary/hourly rate, including, but not limited to, Contract Wage Determination, relevant work experience, skills and competencies that align to the specified role, geographic location (For Remote Opportunities), education and certifications as well as Federal Government Contract Labor categories. In addition, ManTech invests in it's employees beyond just compensation. ManTech's benefits offerings include, dependent upon position, Health Insurance, Life Insurance, Paid Time Off, Holiday Pay, Short Term and Long Term Disability, Retirement and Savings, Learning and Development opportunities, wellness programs as well as other optional benefit elections.

For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.

ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access http://www.mantech.com/careers/Pages/careers.aspx as a result of your disability. To request an accommodation please click [email protected] and provide your name and contact information.