What are the responsibilities and job description for the Cyber Incident Response & Digital Forensics Lead position at ManTech?
ManTech is seeking a highly skilled and knowledgeable Cyber Incident Response & Digital Forensics Lead who will lead a team of incident responders and forensic analysts. This position is located on customer site in Washington, D.C.
Responsibilities include but are not limited to :
Assist in analyzing alerts, identifying true positives, and prioritizing incidents and incident response based on severity and impact.
Leading the analysis and identification of mobile threats, including malware, vulnerabilities, and other malicious activities targeting mobile devices and applications.
Ensuring incident response activities comply with legal and regulatory requirements.
Working with the SOC / watch floor to develop and refine incident response plans and SOPs.
Gathering and analyzing extensive datasets to bridge informational gaps associated with cyber-attacks. This involves identifying perpetrators, understanding their intrusion methods, and meticulously documenting the precise sequence of actions that compromise system integrity.
Gathering evidence, analyzing artifacts, and reconstructing events to understand how the compromise occurred.
Conducting a thorough post-incident analysis to identify root causes and vulnerabilities.
Conducting forensic analysis on systems and networks to determine the scope and impact of security incidents.
Conducting regular joint training exercises and tabletop simulations help strengthen coordination between teams.
Conducting advanced malware analyses; capable of devising and executing targeted threat mitigation strategies tailored to program and customer needs.
Ensuring that response procedures are documented, regularly tested, and align with the organization's security policies.
Analyzing threat intelligence feeds, indicators of compromise (IOCs), and TTPs to identify and conduct incident response to emerging threats.
Analyzing and synthesizing complex digital forensic evidence to inform strategic decision making and drive efficient and effect incident response.
Responsible for preserving and presenting evidence for legal proceedings.
Minimum Qualifications :
Bachelor’s degree, preferably in IT, cybersecurity, or related discipline.
12 years of IT experience with 8 years of cyber incident response experience.
2 years of experience as the Lead for incident response team(s).
2 years of experience with digital forensics.
Must possess GIAC Certified Incident Handler (GCIH) certification.
3 years of Splunk experience.
Proficient understanding of preserving and presenting evidence for legal proceedings.
Proficient understanding of mobile operating systems architecture (such as Android, iOS), including the security features and limitations of each platform, as well as proficient understanding of mobile application security, network protocols, and the potential exploitation vectors associated with mobile devices.
Advanced knowledge of Windows, Linux, and macOS, enabling effective analysis and response across diverse technical environments
In-depth understanding of intricate network protocols and technologies, facilitating strategic assessments of complex network incidents and vulnerabilities.
Extensive experience with threat intelligence frameworks, integrating insights into incident response protocols.
Preferred Qualifications :
Experience using the Axiom Forensics Suite.
Desirable certifications : GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA).
Other preferred certifications : GIAC Continuous Monitoring Certification (GMON), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Cloud Threat Detection (GCTD), GIAC Cloud Forensics Responder (GCFR), GIAC Advanced Smartphone Forensics Certification (GASF), GIAC Mobile Device Security Analyst (GMOB).
Security Clearance Requirements :
- Must possess an active Top Secret security clearance
ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
If you are a qualified individual with a disability and require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please email us at careers@mantech.com and provide your name and contact information.
