This site uses cookies. To find out more, see our Cookies Policy

Advance Cyber Threat Analyst II in Washington, DC at ManTech

Date Posted: 2/13/2018

Job Snapshot

  • Employee Type:
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:

Job Description


Clearance Level Needed:



Are you ready to join ManTech and help our Department of Veterans Affairs customer maintain a strong Cyber Security posture?

As an Insider Threat Case Support Analyst II you can join the front-line and assist one of our Nation's most essential agencies fulfill its mission to protect and serve our Veteran population.

The selected candidate will be a member of the Security Analysis Team, and will work during the core hours Monday - Friday on this newly awarded contract. The candidate will perform cyber threat and intelligence analysis, and develop briefings and reports to aid in information sharing and protection efforts. This individual will develop and maintain subject matter expertise of Advanced Persistent Threats and assists with Incident Response efforts. The Insider Threat Case Support Analyst will possess knowledge of, and experience in, the following:

• Perform information analysis and data analysis to look for threats and updates to current cases

• Create dashboards for use-case implementation

• Assists in drafting, maintaining, and monitoring Department-wide information security policies, procedures, control techniques, training, and inspection requirements. This includes continuing ongoing development of the Insider Threat roadmap, along with Insider Threat documentation, policies and guidance

• Respond to identified cases and communicate with other HUB partners

• Report and track cases sent OSP

• Attend meetings and briefings, as required

• Reports anomalous insider activities to Government staff immediately following identification.

• Generates Weekly and Monthly Trend Analysis Reports for insider Threat cases and activities

• Monitor user activity on VA IT automated systems, infrastructure, and networks. At a minimum, this monitoring includes:

o Logons/logoffs

o File and object access

o User and group management

o Security and audit policy changes

o System starts/shutdowns

o File and object manipulation, such as additions, deletions, and modifications, including change of permissions and/or ownerships

o Print activity

o Use of privileged/special rights

o Writes/downloads to local devices, such as Universal Serial Bus (USB) drives, Digital Video Discs (DVD), and Compact Disc-Read Only Memory (CD-ROMs)

o Uploads from local devices

o File(s) printed to include descriptive information, enabling identification of printed item

o Root-level access

o Query strings

o Query results

Bachelor's degree in Information Technology or Business OR Associates degree & 2 years relevant experience with professional certification, such as CISSP or GREM or GCIH

Minimum of six (6) years Information Technology experience; minimum four (4) years advanced Cyber Threat Information experience

4 years relevant experience with professional certification, such as CISSP or GREM or GCIH can be substituted for education

Must possess at least one of the following certifications; minimum 2 each of ITPM and ITVA

o Insider Threat Program Manager (ITPM) Certificate

o Insider Threat Vulnerability Assessor (ITVA) Certificate

o Certified Information Systems Security Professional (CISSP)

The Insider Threat Case Support Analyst will possess knowledge of, and experience in, the following:

• Cyber Security Policy and advanced cyber security threat mitigation at the Expert Level

• Advanced Cyber security tools, network topologies, intrusion detection, PKI, and secured networks

• Implementation of cyber security regulations

• Tracking all activity, insuring timely resolution of problems

• Coordinating the development of advanced security signature or access control mechanisms that can be implemented on security systems such as intrusion prevention - detection systems, firewalls, routers or endpoint in response to new or observed threats within the enterprise

• Leading the identification of advanced security systems and controls to ensure the monitoring and configuring of security appliances

• Ensuring that Analysts receive and analyze alerts from various enterprise level sensors and determine possible causes of such alerts

• Performing advanced analysis of adversary tradecraft, malicious code, and capabilities

• Creating and leading processes that support the analysis of log files from a variety of enterprise level systems and sensors to include individual host logs, network traffic logs, firewall logs, and intrusion detection/prevention system logs

• Identifying anomalous activity and potential threats to enterprise resources

• Monitoring external and internal data sources in order to maintain enterprise threat conditions

• Leading the processes which support event correlation by using information gathered from a variety of system and sensor sources within the enterprise;

• Managing the collection and advanced analysis of intrusion artifacts and using discovered data to enable mitigation potential of incidents within the enterprise.

Providing advanced network event analysis and intrusion analysis.

Job Requirements

Requires Bachelor's degree or equivalent and six to ten years of related experience. Minimum of four years experience in technology/tools specific to the target platforms.