What are the responsibilities and job description for the Cyber Incident Response & Digital Forensics Lead - Security Clearance Required position at ManTech?
ManTech seeks a highly skilled and knowledgeable Cyber Incident Response & Digital Forensics Lead who will lead a team of incident responders and forensic analysts. This position is located on customer site in Washington, D.C.
Responsibilities include but are not limited to :
Assist in analyzing alerts, identifying true positives, and prioritizing incidents and incident response based on severity and impact.
Lead ing the analysis and identification of mobile threats, including malware, vulnerabilities, and other malicious activities targeting mobile devices and applications. Working with the SOC / watch floor to develop and refine incident response plans and SOPs.
Gather ing and analyz ing extensive datasets to bridge informational gaps associated with cyber-attacks. This involves identifying perpetrators, understanding their intrusion methods, and meticulously documenting the precise sequence of actions that compromise system integrity.
Gather ing evidence, analyz ing ar ti facts, and reconstruct ing events to understand the scope and impact of incidents, determine how the compromise occurred , and identify root causes.
Conduct ing forensic analysis on systems and networks to determine the scope and impact of security incidents. Conducting regular joint training exercises and tabletop simula ti ons help strengthen coordina ti on between teams and ensure compliance with security policies.
Analyz ing threat intelligence feeds, indicators of compromise (IOCs), and TTPs to identify and conduct incident respon se to emerging threats.
Responsible for preserving and presenting evidence for legal proceedings.
Minimum Qualifications :
Bachelor’s degree, preferably in IT, cybersecurity, or related discipline.
12 years of IT experience with 8 years of cyber incident response experience.
Must possess GIAC Certified Incident Handler (GCIH) certification.
2 years of experience leading a team of incident responders.
2 years of experience with digital forensics.
3 years of hands-on Splunk experience.
Proficient understanding of mobile operating systems architecture (such as Android, iOS), including the security features and limitations of each platform, as well as proficient understanding of mobile application security, network protocols, and the potential exploitation vectors associated with mobile devices.
Advanced knowledge of Windows, Linux, and macOS, enabling effective analysis and response across diverse technical environments.
Preferred Qualifications :
Experience using the Axiom Forensics Suite.
Desirable certifications : GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA).
Other preferred certifications : GIAC Continuous Monitoring Certification (GMON), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Cloud Threat Detection (GCTD), GIAC Cloud Forensics Responder (GCFR), GIAC Advanced Smartphone Forensics Certification (GASF), GIAC Mobile Device Security Analyst (GMOB).
Security Clearance Requirements :
Must possess an active Top Secret security clearance
Physical Requirements :
The person in this position must be able to remain in a stationary position 50% of the time.
Occasionally move about inside the office to access file cabinets, office machinery, or to communicate with co-workers, management, and customers, via email, phone, and or virtual communication, which may involve delivering presentations.
