Job Duties and Responsibilities Become an integral part of a diverse team that leads the world in Mission, Cyber, and Intelligence Solutions. At ManTech International Corporation, you will help protect our national security while working on innovative projects that offer opportunities for advancement.
Perform the items below at Journeyman Level, defined as: Possesses and applies expertise on multiple complex work assignments. Assignments may be broad in nature, requiring originality and innovation in determining how to accomplish tasks. Operates with appreciable latitude in developing methodology and presenting solutions to problems. Contributes to deliverables and performance metrics where applicable.
Monitor intrusion detection and prevention systems and other security event data sources on a 24x7x365 basis.
Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs.
Determine if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures.
Notify the Customer of significant changes in the security threat against the Customer networks in a timely manner and in writing via established reporting methods.
Provide support for the A/V hotline and appropriately document each call in an existing tracking database for this purpose.
Produce daily/weekly/monthly/quarterly reporting as required by management.
Coordinate with appropriate organizations regarding possible security incidents. Conduct intra-office research to evaluate events as necessary, maintain the current list of coordination points of contact.
Produce reports identifying significant or suspicious security events to appropriate parties.
Include latest security threat information and tie back to specific intrusion sets of nation state actors when possible.
Review assembled data with firewall administrators, engineering, system administrators and other appropriate groups to determine the risk of a given event.
Establish procedures for handling each security event detected.
Maintain knowledge of the current security threat level by monitoring related Internet postings, Intelligence reports, and other related documents as necessary.
Develop and utilize “Case Management” processes for incident and resolution tracking. The processes should also be used for historic recording of all anomalous or suspicious activity.
Identify misuse, malware, or unauthorized activity on monitored networks. Report the activity appropriately as determined by the customer.
Develop and produce reports on all activities and incidents to help maintain day to day status, develop and report on trends, and provide focus and situational awareness on all issues.
Review and approve that quality reports and metrics are maintained.
Responsible for tuning and filtering of events and information, creating custom views and content using all available tools following an approved methodology and with approval and concurrence from management.
Maintain system baselines and configuration management items, including security event monitoring “policies” in a manner determined and agreed to by management. Ensure changes are made using an approval process agreed to in advance.
Review and evaluate network modifications and recommend security monitoring policy updates.
Be able to create and add user defined signatures, or custom signatures, to compensate for the lack of monitoring in threat areas as warranted by threat changes or as directed by the customer. This includes creating content in Arcsight as needed.
Develop and implement a methodology using Arcsight Use Case UML processes that identify procedures for correlating security events. Analysis should all be able to create custom content and develop new use cases to better correlate security event information.
Provide analytical support as needed for the overall projects and systems by working with engineers, O&M, and other personnel to ensure effective operations of all capabilities, piloting of new systems, and periodic updates to systems.
Qualifications Requires Bachelors degree or equivalent and five to seven years of related experience with a minimum of six months experience in one or more of the following: computer network penetration testing and techniques; computer evidence seizure, computer forensic analysis, and data recovery; computer intrusion analysis and incident response, intrusion detection; computer network surveillance/monitoring; network protocols, network devices, multiple operating systems, and secure architectures. Ability to obtain a security clearance.