Mid-level Cybersecurity Threat Hunter

Herndon, VA, United States

Secure our Nation, Ignite your Future

Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.

Currently, ManTech is seeking a motivated, career and customer-oriented Mid-level Cybersecurity Threat Hunter to join our team in the Washington DC area.

Responsibilities include, but are not limited to:

Collaborate with incident response teams to investigate, analyze, and remediate identified threats.

Identify and assess the capabilities and activities of cyber criminals or foreign intelligence entities; design and administer procedures in the organization that sustains the security of the organization’s data and access to its technology and communications systems.

Identify, deter, monitor, and investigate computer and network intrusions.

Provide computer forensic support to high technology investigations in the form of evidence seizure, computer forensic analysis, and data recovery.

Monitor and assess complex security devices for patterns and anomalies from raw events (DNS, DHCP, AD, SE logs), tag events for Tier 1 & 2 monitoring.

Conduct malware analysis in out-of-band environment (static and dynamic), including complex malware.

Proactively search for and identify cyber threats, including advanced persistent threats (APTs), that could compromise DHS networks and systems.

Analyze network traffic, system logs, and other data sources to detect anomalies and indicators of compromise (IOCs).

Develop and implement threat hunting methodologies, techniques, and tools to improve detection capabilities.

Create and refine threat detection use cases and correlation rules within SIEM and other security tools.

Conduct detailed analysis of malicious code, attack vectors, and threat actor tactics, techniques, and procedures (TTPs).

Prepare detailed threat reports and briefings for technical and non-technical stakeholders.

Stay current with the latest cyber threat intelligence, trends, and technologies.

Provide expert guidance and training to junior analysts and other DHS staff on threat hunting techniques and best practices.

Basic Qualifications:

An 8570 compliant certification, such as Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensics Analyst (GCFA), GIAC Certified Intrusion Analyst (GCIA), or relevant certifications

A Bachelor’s degree in computer science, information technology, cybersecurity, or a related field of study.

A minimum of (3) three years of experience in cybersecurity with a focus on threat hunting, threat analysis, or incident response.

Proficiency with threat hunting tools and platforms (e.g., Splunk, ELK Stack, CrowdStrike, Carbon Black).

Strong understanding of network protocols, system logs, and security event correlation.

Experience in analyzing malware, attack vectors, and threat actor TTPs.

Preferred Qualifications:

A master's degree

Experience working in a government or defense environment.

Familiarity with DHS policies and procedures.

Knowledge of broader cybersecurity frameworks (e.g., NIST, ISO 27001).

Security Clearance Requirements:

Must be a U.S. citizen

A current Secret security clearance

Must be able to obtain and maintain a Top-Secret security clearance

Physical Requirements:

Must be able to be in a stationary position more than 50% of the time

Must be able to communicate, converse, and exchange information with peers and senior personnel

Constantly operates a computer and other office productivity machinery, such as a computer

The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations

The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc.

For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.

ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access http://www.mantech.com/careers/Pages/careers.aspx as a result of your disability. To request an accommodation please click [email protected] and provide your name and contact information.