CSIRT Analyst - REMT - Remote Worker Location

Secure our Nation, Ignite your Future

Become an integral part of a diverse team that leads the world in Mission, Cyber, and Intelligence Solutions. At ManTech International Corporation, you will help protect our national security while working on innovative projects that offer opportunities for advancement.

Currently, ManTech is seeking a motivated, career and customer-oriented CSIRT Analyst to join our team. This is a remote position.

As a CSIRT Analyst your duties include analyzing relevant cyber security event data and other data sources for attack indicators and potential security breaches; produce reports, assist in coordination during incidents; and coordinate with the engineering team to ensure all security monitoring systems are on-line, up to date, and fully operational. 

Responsibilities include but are not limited to:

  • Monitoring intrusion detection and prevention systems and other security event data sources daily.  

  • Determining if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures.

  • Solving problems, asking questions, and discovering why things are happening.

  • Correlating data from Endpoint Detection and Response (EDR) systems with data from other sources such as firewall, web server, and Syslogs.

  • Tuning and filtering of events and information, creating custom views and content with the assistance of the DevOps team.

  • Conducting hunting, monitoring, analyzing, and responding to threats, contribute to Computer Network Defense, and create solutions to augment Defensive Cyber Operations.

  • Providing support for Government CSIRT leadership deliverables and appropriately documenting each incident in the existing ticketing system.

  • Coordinating with the engineering team to ensure production CSIRT systems are operational and maintained.

  • Reviewing data with the Cyber Vulnerability Assessment Team, Firewall Administrators, Network Engineering, System Administrators, and other appropriate groups to determine the risk and threat of an event.

  • Documenting procedures for handling each security event detected.

  • Creating custom queries and develop new use cases to better correlate security event information.

  • Developing and utilizing “Case Management” processes for incident and resolution tracking.

  • Identifying misuse, malware, or unauthorized activity on monitored networks.

  • Reporting activity appropriately as determined by CSIRT Management.

  • Maintaining proficiency and skills through relevant training, on-the-job training, and self-study.

  • Monitoring and responding to the CSIRT e-mail addresses or customer security appliance.

  • Leveraging Zero-Trust methodologies and having a proficient understanding of living off the land techniques and TTPs outlined in MITRE ATT&CK framework.

  • Managing rule behaviors for Endpoint Detection & Response (EDR), Active Directory, Authentication, Data Loss Prevention (DLP), Firewall, Proxy, and Sandbox, and other technologies designed to identify security anomalies and events.

  • Monitoring, document and respond to centrally collected virus and EDR data.

  • Answer the Government CSIRT Hotline and appropriately document each call in an existing ticketing system for his purpose.

  • Developing and maintaining CSIRT Standard Operating Procedures (SOPs) and/or Playbooks, which define repeatable processes for activities such as analysis, reporting, and incident response.

  • Collaborating with US-CERT and other sources to stay abreast of threats, act, and communication threats and mitigations with stakeholders.

Basic Qualifications:

  • A minimum of 1 year of relevant work experience in incident response, cyber security analysis, computer forensics, or related experience.

  • Demonstrated experience working as an Analyst in a Security Operations Center supporting the Federal Government or large commercial enterprise.

  • Demonstrated experience with Incident Handling, IDS, SIEM, and Cybersecurity

  • Demonstrated experience responding to and participating in efforts to remediate incidents.

  • Strong analytical and problem-solving skills.

  • Good interpersonal, organizational, writing, communications and briefing skills.

Preferred Qualifications:

  • 2+ year of experience in a SOC environment working with PCAP,

  • Working knowledge of Splunk ES/SOAR/UBA, CrowdStrike Falcon, JIRA, and ServiceNow, IDS, SEIM, and Incident Handling

  • 2+ years of experience responding to and remediating incidents.

  • 1+ years of hands-on experience with Splunk Enterprise Security

  • 1+ years’ experience monitoring Cloud environments.

Preferred Certification:

  • Splunk Core Certified User

  • SANS GCIA, ISC2 CISSP, or other cybersecurity related certifications

Clearance Requirements:

  • US Citizenship.

  • Ability to obtain and maintain a Public Trust clearance prior to start date

Physical Requirements:

  • Sedentary work that primarily involves sitting/standing/walking/Talking and must be able to remain in a stationary position 50%

  • Moving about to accomplish tasks or moving from one work site to another.

  • The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc.

  • Requires frequently communicates with co-workers, management, and customers.

  • Communicating with others to exchange information.

  • Working with computers

  • Must be able to lift and move hardware weighing up to 50 pounds.

The projected compensation range for this position is $52,000-$85,900. There are differentiating factors that can impact a final salary/hourly rate, including, but not limited to, Contract Wage Determination, relevant work experience, skills and competencies that align to the specified role, geographic location (For Remote Opportunities), education and certifications as well as Federal Government Contract Labor categories. In addition, ManTech invests in it’s employees beyond just compensation. ManTech’s benefits offerings include, dependent upon position, Health Insurance, Life Insurance, Paid Time Off, Holiday Pay, Short Term and Long Term Disability, Retirement and Savings, Learning and Development opportunities, wellness programs as well as other optional benefit elections.

For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.

ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access as a result of your disability. To request an accommodation please click and provide your name and contact information.


Job Profile


Health insurance Holiday Pay Learning and development opportunities Life Insurance Paid Time Off Retirement and Savings Short Term and Long Term Disability Wellness programs


Analytical Cloud Communication Computer Network Defense Cybersecurity Cyber Security DevOps Endpoint Detection and Response (EDR) Firewall Forensics Incident Response Jira ServiceNow Syslogs

  • Analyzing cyber security event data
  • Collaborating with external sources
  • Communication
  • Conducting threat analysis
  • Correlating data from different sources
  • Developing new use cases
  • Developing SOPs and Playbooks
  • Documenting security incidents
  • Escalating security events to incidents
  • Managing rule behaviors for security technologies
  • Monitoring intrusion detection systems
  • Producing reports
  • Responding to virus and EDR data

1 year




Public Trust