Secure our Nation, Ignite your Future

Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.

We are seeking a highly skilled and motivated Cyber Security Forensics Analyst to join our team, providing crucial support to the Network Operations Security Center (NOSC). You will be responsible for conducting advanced digital forensics investigations, analyzing cyber threats, and developing strategies to mitigate risks. This role requires a deep understanding of cyber forensics, the MITRE ATT&CK framework, and the MITRE D3FEND framework.

Responsibilities include but are not limited to:

• Lead and conduct complex digital forensics investigations, including data recovery, analysis, and reporting.

• Utilize the MITRE ATT&CK framework and other techniques to identify, assess,

• and address cyber threats and vulnerabilities.

• Apply the MITRE D3FEND framework to develop and implement defensive measures against cyber threats.

• Collaborate with other cybersecurity professionals, law enforcement agencies, and intelligence organizations to share information and coordinate response efforts.

• Conduct technical analysis against target systems and networks, identify vulnerabilities, and support the development of new exploitation techniques.

• Analyze cyber activities to identify entities of interest, determine malicious behavior, and recognize patterns and linkages.

• Conduct dynamic malware analysis and performing memory and dead-box forensics.

• Investigate computer and information security incidents to determine the extent of compromise to information and automated information systems.

• Perform long-term and time-sensitive in-depth technical analysis of malicious code (malware), developing defensive countermeasures, and producing reports for dissemination.

• Using static and dynamic methodologies for malware analysis, such as debuggers, disassemblers, and sandbox execution.

• Write forensics and incident response reports, investigate computer attacks, and extract data from electronic systems.

• Perform technical analysis on suspicious or unknown activities.

• Draft and brief contract and government leadership, as needed.

• Collaborate with the Splunk team to implement, enhance, or change existing use cases.

• Assess scope of malware campaigns and determine necessary remediation actions.

• Conduct remote compromise assessments and producing assessment reports.

• Develop and maintain standard operating procedures (SOPs) and rules of engagement (ROE) templates.

• Cross-train and mentor other forensic analysts and staff on analysis, tools, and reporting.

Basic Qualifications:

• An 8570 compliant certifications in IAT Level III

• One of the following relevant certifications: GIAC Certified Forensic Analyst (GCFA), Certified Information Systems Security Professional (CISSP), or Certified Cyber Forensics Professional (CCFP)

• A bachelor’s degree in computer science, engineering, information technology, cybersecurity, or related field of study

• A minimum of (9) nine years of progressively responsible experience in cyber security, incident

• response, or forensic investigations including malware analysis

• Knowledge and experience with Threat Intel Frameworks (e.g. Cyber Kill Chain, MITRE ATT&CK, Diamond Model)

• Demonstrated experience using EnCase, FTK, and Open-Source methods and tools to perform Computer forensic investigations

• Experience with Splunk, CrowdStrike Falcon, Security Onion, EnCase, Axiom,

• FTK, Volatility, or Suricata

• Proficient with Windows and Linux operating systems

• Experience with network topologies and network security devices (e.g. Firewall, IDS/IPS, Proxy, DNS, WAF, etc).

Clearance Requirements:

• Must be a U.S. citizen

• Must hold a current Secret clearance

• Must be able to obtain and maintain DHS EOD suitability

• Must be able to obtain and maintain a TS/SCI clearance

Physical Requirements:

• Must be able to remain in a stationary position for extended periods of time.

• Needs to occasionally move about inside the office to access file cabinets, office machinery, etc.

• Constantly operates a computer and other office productivity machinery, such as a calculator, copy, machine, and computer printer.

• The person in this position frequently communicates with co-workers, management, and customers,

• which may involve delivering presentations. Must be able to exchange accurate information in these situations.

For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.

ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access http://www.mantech.com/careers/Pages/careers.aspx as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.