Senior Incident Response Cybersecurity Analyst
MANTECH · Miami, FL · 1 wk ago
On-siteInformation TechnologyFull-time
Responsibilities
- Active monitoring of security alerts from SIEM, EDR, IDS/IPS, firewalls, and cloud environments to identify potential anomalies and malicious activities.
- Rapidly analyzing and triaging incoming security alerts to distinguish true security incidents from false positives.
- Classifying the severity and potential business impact of confirmed security incidents to escalate them appropriately.
- Performing Root Cause Analysis: Investigating logs (host, network, cloud, and application) to reconstruct the timeline of an attack and identify the entry point.
- Executing Containment Protocols to stop the spread of an attack, such as isolating affected hosts, blocking malicious IPs, or disabling compromised user accounts.
- Coordinating with IT infrastructure teams to safely restore services from clean backups and verify system integrity post-incident.
- Writing comprehensive After-Action Reports (AARs) that detail the technical root cause, impact, and actions taken during the mitigation process.
Requirements
- Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field or 4 years of additional experience in lieu of a degree.
- 9+ years of position-specific relevant experience in IT systems assessment, cybersecurity incident response, cybersecurity audit, or a related role.
- Knowledge of various IT domains, including applications, infrastructure, data, and security.
- Demonstrated experience with facility management systems (FMS) or related building automation systems (BAS).
- Strong understanding of enterprise architecture frameworks (e.g., TOGAF, Zachman), experience with IT security standards, compliance (e.g., NIST, ISO 27001), and risk management methodologies.
- Proven ability to analyze complex data and generate actionable recommendations.
Qualifications
- Master’s degree in Information Technology, Cybersecurity, Computer Science, or related field.
- Industry certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Facility Manager (CFM), TOGAF, COBIT, ITIL Foundation certificate, or any relevant building automation system or FMS vendor certifications (e.g., Siemens, Johnson Controls, Schneider Electric).
- Experience at a DoD Combatant Command (e.g., SOUTHCOM, NORTHCOM, CENTCOM, CYBERCOM, INDOPACOM, EUCOM, AFRICOM, STRATCOM, TRANSCOM, SOCOM, SPACECOM) or a component is desired.
Benefits
- Must have an active/current Secret clearance.
- Must be eligible to obtain and maintain a TS/SCI security clearance.
Physical Requirements
- Must be able to be in a stationary position more than 50% of the time.
- Must be able to communicate, converse, and exchange information with peers and senior personnel.
- The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc.