ManTech
SOC Investigative Analyst
ManTech, Lorton, Virginia, us, 22199
Description & Requirements
Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International Corporation, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.
The SOC Investigative Analyst plays a crucial role in the rapid response, investigation, and remediation of advanced cyber-attacks. This position requires deep analysis and remediation skills, often handling escalations from the Triage Team. The Investigative Analyst is responsible for investigating events and known attacker campaigns, performing root-cause analysis, and providing comprehensive investigation, response, remediation, forensics, and proactive hunting. The role also involves maintaining technologies that support SecOps, developing and implementing enterprise SecOps solutions, and enforcing cybersecurity policies and SOPs. Candidates should have a strong background in cybersecurity, with experience in SecOps activities, threat detection and response, as well as excellent analytical and technical reporting skills. This role may include the need to work outside of core hours on high priority investigations and may also include on-call responsibilities.
Responsibilities include, but are not limited to:
Perform root-cause-analysis to reconcile technical details obtained from various sources (Windows, Linux, Cloud-native resources)
Provide deep investigation, response, remediation, light forensics, proactive hunting and technical reporting to cyber-attacks/intrusions, anomalous activities, and misuse activities.
Provide maintenance of technologies that directly support SecOps (including EDR, XDR, SIEM, SOAR, and other tools).
Conduct regular intermediate to advanced SecOps activities for Identity Management, Privileged User Access, Access Control, End Point Protection, Internet Protection, Vulnerability Scanning.
Develop and implement enterprise SecOps solutions to enhance threat detection and response to complex vulnerabilities, cybersecurity, and insider threats: Playbooks, SOAR, Workbooks, Watchlists, etc.
Enforce and recommend updates to cybersecurity policy/SOPs and participate in incident response events (table-tops, Red/Purple Team, etc.).
Interpret and participated in internal/external operations and recommend and implement the best practices and solutions.
Participate in cybersecurity related exercises to manage and reduce cybersecurity risk; use analytical thinking, tools, and judgement to identify innovative solutions.
Basic Qualifications:
Bachelor’s degree in Cybersecurity, Information Technology or another related field) AND 3+ years of experience in Security Operations, Cyber Threat Hunting, Incident Response, DFIR, Cyber Compliance/IA, OR 5+ years of hands-on experience in Security Operations, Cyber Threat Hunting, Incident Response, DFIR, Cyber Compliance/IA or related Cybersecurity experience.
DoD 8570 IAT Level 2 or DoD 8140 compliant certification.
1+ year of hands -on experience with SIEM, SOAR, XDR, and/or enterprise vulnerability management tools.
1+ year of experience and proficiency with querying languages (KQL, SQL, SPL, etc.).
1+ year of experience operating in a cloud environment (e.g. Azure, AWS, GCP, Oracle).
Deep understanding and experience with Windows and/or Linux Operating Systems.
Must obtain Microsoft SC-200 within (6) months of hire.
Experience working on teams in operational environments.
Preferred Qualifications:
Ability to work independently with guidance in complex situations.
Proficient in oral and written communication
Experienced with Microsoft Security products.
Experience in scripting (e.g., Bash, PowerShell, Python)
Working knowledge and strong understanding of advanced persistent threats (APT) and associated tactics, attack frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain) and TTPs across the global threat landscape.
DOD 8570 CSSP Incident Responder similar certification highly desired
Experience with DevSecOps pipelines and SAFe methodology supporting Security Operations
Security Clearance Requirements:
Active Top-Secret Clearance with SCI Eligibility.
Physical Requirements:
Sedentary work that primarily involves sitting/standing/walking/talking.
Moving about to accomplish tasks or moving from one work site to another.
Communicating with others to exchange information.
The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.
Working with Computers.
For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.
ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.
If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access https://mantech.avature.net/en_US/careers as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.
Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International Corporation, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.
The SOC Investigative Analyst plays a crucial role in the rapid response, investigation, and remediation of advanced cyber-attacks. This position requires deep analysis and remediation skills, often handling escalations from the Triage Team. The Investigative Analyst is responsible for investigating events and known attacker campaigns, performing root-cause analysis, and providing comprehensive investigation, response, remediation, forensics, and proactive hunting. The role also involves maintaining technologies that support SecOps, developing and implementing enterprise SecOps solutions, and enforcing cybersecurity policies and SOPs. Candidates should have a strong background in cybersecurity, with experience in SecOps activities, threat detection and response, as well as excellent analytical and technical reporting skills. This role may include the need to work outside of core hours on high priority investigations and may also include on-call responsibilities.
Responsibilities include, but are not limited to:
Perform root-cause-analysis to reconcile technical details obtained from various sources (Windows, Linux, Cloud-native resources)
Provide deep investigation, response, remediation, light forensics, proactive hunting and technical reporting to cyber-attacks/intrusions, anomalous activities, and misuse activities.
Provide maintenance of technologies that directly support SecOps (including EDR, XDR, SIEM, SOAR, and other tools).
Conduct regular intermediate to advanced SecOps activities for Identity Management, Privileged User Access, Access Control, End Point Protection, Internet Protection, Vulnerability Scanning.
Develop and implement enterprise SecOps solutions to enhance threat detection and response to complex vulnerabilities, cybersecurity, and insider threats: Playbooks, SOAR, Workbooks, Watchlists, etc.
Enforce and recommend updates to cybersecurity policy/SOPs and participate in incident response events (table-tops, Red/Purple Team, etc.).
Interpret and participated in internal/external operations and recommend and implement the best practices and solutions.
Participate in cybersecurity related exercises to manage and reduce cybersecurity risk; use analytical thinking, tools, and judgement to identify innovative solutions.
Basic Qualifications:
Bachelor’s degree in Cybersecurity, Information Technology or another related field) AND 3+ years of experience in Security Operations, Cyber Threat Hunting, Incident Response, DFIR, Cyber Compliance/IA, OR 5+ years of hands-on experience in Security Operations, Cyber Threat Hunting, Incident Response, DFIR, Cyber Compliance/IA or related Cybersecurity experience.
DoD 8570 IAT Level 2 or DoD 8140 compliant certification.
1+ year of hands -on experience with SIEM, SOAR, XDR, and/or enterprise vulnerability management tools.
1+ year of experience and proficiency with querying languages (KQL, SQL, SPL, etc.).
1+ year of experience operating in a cloud environment (e.g. Azure, AWS, GCP, Oracle).
Deep understanding and experience with Windows and/or Linux Operating Systems.
Must obtain Microsoft SC-200 within (6) months of hire.
Experience working on teams in operational environments.
Preferred Qualifications:
Ability to work independently with guidance in complex situations.
Proficient in oral and written communication
Experienced with Microsoft Security products.
Experience in scripting (e.g., Bash, PowerShell, Python)
Working knowledge and strong understanding of advanced persistent threats (APT) and associated tactics, attack frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain) and TTPs across the global threat landscape.
DOD 8570 CSSP Incident Responder similar certification highly desired
Experience with DevSecOps pipelines and SAFe methodology supporting Security Operations
Security Clearance Requirements:
Active Top-Secret Clearance with SCI Eligibility.
Physical Requirements:
Sedentary work that primarily involves sitting/standing/walking/talking.
Moving about to accomplish tasks or moving from one work site to another.
Communicating with others to exchange information.
The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.
Working with Computers.
For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.
ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.
If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access https://mantech.avature.net/en_US/careers as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.