Get new jobs for this search by email

ManTech seeks a SOC Analyst to support a 24x7x365 Security Operations Center (SOC). This position is located on the customer site in Huntsville, AL. There are three shifts available: Morning, Afternoon/Evening, and Night, with rotation to support weekends and holidays. Your duties include analyzing cybersecurity event data and other sources for attack indicators and potential breaches; producing reports; assisting during incidents; and coordinating with the engineering team to ensure security monitoring systems are operational and up-to-date. Responsibilities include: Monitoring intrusion detection/prevention systems and other security data sources daily. Determining if security events should be escalated to incidents and following incident response procedures. Correlating data from SIEM/Splunk, EDR systems, and other sources like firewalls and Syslogs. Tuning and filtering events, creating custom views with the support of the Engineering and DevOps teams. Conducting threat hunting, monitoring, analysis, and response activities to support Cyber Defense operations. Ensuring SOC systems are operational and maintained in coordination with DevOps and engineering teams. Reviewing data with Threat Intelligence and Incident Response teams to assess risks. Documenting procedures for handling security events. Developing custom queries and use cases for better event correlation. Identifying misuse, malware, or unauthorized activities. Maintaining skills through training and self-study. Developing or maintaining SOPs and Playbooks for analysis, reporting, and incident response. Minimum qualifications include: 5+ years of IT experience with 2+ years as a SOC analyst or related cyber role. Experience with Splunk SIEM. Experience with incident detection, response, and security analysis. Preferred qualifications include a Bachelor's degree in a related field, cloud environment monitoring experience, and familiarity with Microsoft Sentinel. Certifications such as GIAC GMON, GCIH, GCFA, GCIA, GNFA, GCFR, or GCTD are desirable. Clearance requirement: Must have an active Top Secret clearance with the ability to obtain SCI eligibility prior to starting. Physical requirements include the ability to remain stationary for 50% of the time and to operate computers and office machinery. Excellent communication skills are essential for interacting with team members, management, and customers.

#J-18808-Ljbffr