ManTech is seeking a motivated, career and customer-oriented SeniorCyber Security Engineer, Detectionsto join our team inSpringfield, VA.
Responsibilities include, but are not limited to:
Support Cyber Operations Squadron (COS) activities to publish up-to-date cybersecurity tool signatures (e.g. anti-virus and host based security systems)
Provide focused analysis, including reverse malware engineering, against intrusion, anomalies, malware, viruses to identify critical information about source, intended target, affected systems or hosts, recommended mitigation measures and risk to mission
Formulate custom Security Information and Event Management (SIEM) tool content and IDS/IPS signatures to address threats
Performs security event and incident correlation using information gathered from a variety of sources within the enterprise
Analyzes and assesses damage to the data / infrastructure as a result of cyber incidents
Performs cyber incident trend analysis and reporting.
Characterizes and performs analysis of network traffic and system data to identify anomalous activity and potential threats to resources.
Providesdetection, identification, and reporting of possiblecyber-attacks/intrusions,anomalous activities, and misuse activities
Create and deploy threat-based signatures for operational intrusiondetectioncapabilities.
Create and implementdetectionrules from intelligence reporting
Basic Qualifications:
Minimum Education: B.S. or 4 additional years of experience
Minimum/GeneralExperience: 5 years of related experience
Experience with modern Windows, UNIX, Linux, network operating systems, databases, and virtual computing
Experience with Splunk
DoD 8570 certification meeting IAT Level II ((GSEC, Security+, SSCP, or CCNA-Security)) required
Experience performing analysis of network traffic and correlating diverse security logs to perform recommendations for signature development
Knowledge with implementation of counter-measures or mitigating controls.
Ability to support incident response and forensic operations as required to include static/dynamic malware analysis and reverse engineering
Experience with enterprise security tools, including Security information and event management (SIEM), Threat intelligence platforms (TIPs), or Network monitoring tools
Experience in creating, modifying, tuning, IDS signatures/SIEM correlation searches and otherdetectionsignatures.
Preferred Qualifications:
Advanced skills in Linux/Unix (command line user - proficient and used in last 6 months)
Working knowledge of current COTS Cybersecurity technologies.
Familiar with MITRE ATT&CK Framework
CNDSP-A (GCIA, GCIH, or CEH) or CNDSP-IR (GCIH, CSIH, or CEH) certification