ManTech
SOC Incident Manager
ManTech, Lorton, Virginia, us, 22199
Description & Requirements
Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International Corporation, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.
The core responsibility of the SOC Incident Manager is to oversee the Incident Management program, processes, and procedures within the SOC. This role involves leading and coordinating the response to cybersecurity incidents, ensuring the protection of infrastructure and data for customers. The SOC Incident Manager manages the lifecycle of all cybersecurity incidents, including detection, analysis, containment, eradication, remediation, and recovery. This person will coordinate with internal and external leadership, legal teams, and other relevant stakeholders to resolve incidents. The role also includes coordinating actions across functions including continuous monitoring, threat analysis, and post-incident reviews to improve SOC capabilities. This position may require working outside of core hours on high-priority investigations and includes on-call responsibilities.
Responsibilities include, but are not limited to:
Incident Response Planning: Develop, maintain, and regularly update incident response plans, playbooks, and procedures. Ensure all SOC staff are trained and familiar with these plans.
Incident Management: Lead and coordinate the response to cybersecurity incidents, ensuring timely and effective resolution. Manage the entire incident lifecycle, from detection and analysis to containment, eradication, remediation, and recovery.
Communication: Serve as the primary point of contact during incidents, ensuring clear and effective communication with internal and external stakeholders, including executive leadership, legal teams, and customers.
Collaboration: Work closely with other Security teams, Networking/NOC, Engineering, Legal, business units and other stakeholders to ensure a coordinated and effective response to incidents. Foster strong relationships with external partners and law enforcement agencies.
Monitoring and Detection: Assist in overseeing continuous monitoring of security systems, including SIEM and other security tools, to detect and respond to threats.
Threat Analysis: Lead the conduct of in-depth analyses and investigation of security incidents to identify root causes, attack vectors, and potential impacts. Develop and implement strategies to mitigate risks and prevent future incidents.
Post-Incident Review: Conduct thorough post-incident reviews to identify lessons learned, document findings, and implement improvements.
Compliance and Reporting: Ensure compliance with relevant security standards, regulations, and policies. Prepare and present detailed incident reports to executive leadership and other stakeholders.
Training and Development: Provide ongoing training and guidance to SOC staff on incident response best practices, tools, and procedures. Mentor junior team members on Incident Response/Management and promote a culture of continuous learning and improvement.
Continuous Improvement: Stay updated with the latest cybersecurity trends, tools, and technologies. Recommend and implement improvements to SOC incident response capabilities, processes, and technologies.
Automation and Efficiency: Identify opportunities to automate incident response processes and improve operational efficiency. Develop and implement automation scripts and tools to streamline incident management tasks.
Basic Qualifications:
Bachelor’s degree in Cybersecurity, Information Technology or another related field AND 3+ years of experience in Incident Response, Security Operations, Cybersecurity, DFIR, Risk Management, IT Service Management, NOC, OR 5+ years of hands-on experience in Incident Response, Security Operations, Cybersecurity, DFIR, Compliance/IA or related Cybersecurity experience.
1+ year(s) of leadership experience in operational environments
DoD 8570 IAT Level 2 or DoD 8140 compliant certification.
Expert knowledge of technical and non-technical aspects of incident response, including processes, SOPs, Playbooks, and cyber investigative TTPs.
2+ years of experience with technical report writing, strong professional and technical writing skills.
Ability to effectively communicate facts, findings, and solutions to leadership and external stakeholders at varying levels.
Preferred Qualifications:
Ability to work independently with guidance in complex situations.
Proficient in oral and written communication
Experienced with Microsoft Security products.
Experience in scripting (e.g., Bash, PowerShell, Python)
Working knowledge and strong understanding of advanced persistent threats (APT) and associated tactics, attack frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain) and TTPs across the global threat landscape.
DOD 8570 CSSP Incident Responder similar certification highly desired
Experience with DevSecOps pipelines and SAFe methodology supporting Security Operations
Security Clearance Requirements:
Active Top-Secret Clearance with SCI Eligibility.
Physical Requirements:
Sedentary work that primarily involves sitting/standing/walking/talking.
Moving about to accomplish tasks or moving from one work site to another.
Communicating with others to exchange information.
The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.
For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.
ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.
If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access https://mantech.avature.net/en_US/careers (https://sandboxmantech1.avature.net/en_US/careers) as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.
Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International Corporation, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.
The core responsibility of the SOC Incident Manager is to oversee the Incident Management program, processes, and procedures within the SOC. This role involves leading and coordinating the response to cybersecurity incidents, ensuring the protection of infrastructure and data for customers. The SOC Incident Manager manages the lifecycle of all cybersecurity incidents, including detection, analysis, containment, eradication, remediation, and recovery. This person will coordinate with internal and external leadership, legal teams, and other relevant stakeholders to resolve incidents. The role also includes coordinating actions across functions including continuous monitoring, threat analysis, and post-incident reviews to improve SOC capabilities. This position may require working outside of core hours on high-priority investigations and includes on-call responsibilities.
Responsibilities include, but are not limited to:
Incident Response Planning: Develop, maintain, and regularly update incident response plans, playbooks, and procedures. Ensure all SOC staff are trained and familiar with these plans.
Incident Management: Lead and coordinate the response to cybersecurity incidents, ensuring timely and effective resolution. Manage the entire incident lifecycle, from detection and analysis to containment, eradication, remediation, and recovery.
Communication: Serve as the primary point of contact during incidents, ensuring clear and effective communication with internal and external stakeholders, including executive leadership, legal teams, and customers.
Collaboration: Work closely with other Security teams, Networking/NOC, Engineering, Legal, business units and other stakeholders to ensure a coordinated and effective response to incidents. Foster strong relationships with external partners and law enforcement agencies.
Monitoring and Detection: Assist in overseeing continuous monitoring of security systems, including SIEM and other security tools, to detect and respond to threats.
Threat Analysis: Lead the conduct of in-depth analyses and investigation of security incidents to identify root causes, attack vectors, and potential impacts. Develop and implement strategies to mitigate risks and prevent future incidents.
Post-Incident Review: Conduct thorough post-incident reviews to identify lessons learned, document findings, and implement improvements.
Compliance and Reporting: Ensure compliance with relevant security standards, regulations, and policies. Prepare and present detailed incident reports to executive leadership and other stakeholders.
Training and Development: Provide ongoing training and guidance to SOC staff on incident response best practices, tools, and procedures. Mentor junior team members on Incident Response/Management and promote a culture of continuous learning and improvement.
Continuous Improvement: Stay updated with the latest cybersecurity trends, tools, and technologies. Recommend and implement improvements to SOC incident response capabilities, processes, and technologies.
Automation and Efficiency: Identify opportunities to automate incident response processes and improve operational efficiency. Develop and implement automation scripts and tools to streamline incident management tasks.
Basic Qualifications:
Bachelor’s degree in Cybersecurity, Information Technology or another related field AND 3+ years of experience in Incident Response, Security Operations, Cybersecurity, DFIR, Risk Management, IT Service Management, NOC, OR 5+ years of hands-on experience in Incident Response, Security Operations, Cybersecurity, DFIR, Compliance/IA or related Cybersecurity experience.
1+ year(s) of leadership experience in operational environments
DoD 8570 IAT Level 2 or DoD 8140 compliant certification.
Expert knowledge of technical and non-technical aspects of incident response, including processes, SOPs, Playbooks, and cyber investigative TTPs.
2+ years of experience with technical report writing, strong professional and technical writing skills.
Ability to effectively communicate facts, findings, and solutions to leadership and external stakeholders at varying levels.
Preferred Qualifications:
Ability to work independently with guidance in complex situations.
Proficient in oral and written communication
Experienced with Microsoft Security products.
Experience in scripting (e.g., Bash, PowerShell, Python)
Working knowledge and strong understanding of advanced persistent threats (APT) and associated tactics, attack frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain) and TTPs across the global threat landscape.
DOD 8570 CSSP Incident Responder similar certification highly desired
Experience with DevSecOps pipelines and SAFe methodology supporting Security Operations
Security Clearance Requirements:
Active Top-Secret Clearance with SCI Eligibility.
Physical Requirements:
Sedentary work that primarily involves sitting/standing/walking/talking.
Moving about to accomplish tasks or moving from one work site to another.
Communicating with others to exchange information.
The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.
For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.
ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.
If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access https://mantech.avature.net/en_US/careers (https://sandboxmantech1.avature.net/en_US/careers) as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.