Cyber Incident Response Team Lead

Join to apply for the Cyber Incident Response Team Lead role at MANTECH

MANTECH seeks a motivated, career and customer-oriented Cyber Incident Response Team Lead to join our team in Ashburn, VA
.

The ultimate purpose of this role is to provide the disciplined leadership and structural organization necessary to rapidly implement critical, high‑impact security solutions that directly protect the Nation's digital borders while ensuring continuous, compliant contract delivery for 24x7x365 network, cyber, and cloud services.

• Serve as the primary operational leader to the SOC for all major computer‑related cybersecurity incidents, driving eradication efforts and developing detailed post‑incident reporting for senior leadership and the government client.
• Ensure that the Incident Response Plan (IRP) lifecycle and the SOC’s incident response capabilities are compliant with DHS 4300A and NIST 800-61 standards.
• Manage the lifecycle of all SOC investigations from creation to closure, using the Case Management System to track all incident response metrics (Mean Time To Detect, Mean Time To Contain, etc.) and drive continuous improvement against contractual Service Level Agreements.
• Assist with advanced analysis of data file system artifacts, memory, network, and log analysis during incidents.
• Support and manage Information/Data Spillage Incident Response efforts.

• Bachelor’s degree in computer science, engineering, information technology, or cybersecurity (or five years of relevant work experience in lieu of a degree).
• Certified Information System Security Professional (CISSP) and at least one of the following: SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Certified Incident Handler (GCIH), SANS GIAC Certified Forensic Analyst (GCFA), SANS GIAC Certified Enterprise Defender (GCED), or other IAT Level III certification.
• Seven (7+) years of progressively responsible experience in cyber security, incident response, security engineering, or network engineering.
• Proficient use of cyber tools including SIEM, endpoint detection, and IDS/IPS.

• Must have an active/current TS/SCI clearance.
• Must be able to obtain and maintain a CBP BI (Background Investigation).

• Must be able to be in a stationary position more than 50% of the time.
• Must be able to communicate, converse, and exchange information with peers and senior personnel.
• Constantly operate a computer and other office productivity machinery, such as a computer.
• The person in this position frequently communicates with co‑workers, management, and customers, which may involve delivering presentations; must be able to exchange accurate information in these situations.
• The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc.

Mid‑Senior level

Full‑time

Information Technology

IT System Data Services

Referrals increase your chances of interviewing at MANTECH by 2x