SOC Incident Manager

Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International Corporation, you'll help protect our national security while working on innovative projects that offer opportunities for advancement.

The core responsibility of the SOC Incident Manager is to oversee the Incident Management program, processes, and procedures within the SOC. This role involves leading and coordinating the response to cybersecurity incidents, ensuring the protection of infrastructure and data for customers. The SOC Incident Manager manages the lifecycle of all cybersecurity incidents, including detection, analysis, containment, eradication, remediation, and recovery. This person will coordinate with internal and external leadership, legal teams, and other relevant stakeholders to resolve incidents. The role also includes coordinating actions across functions including continuous monitoring, threat analysis, and post-incident reviews to improve SOC capabilities. This position may require working outside of core hours on high-priority investigations and includes on-call responsibilities.

Responsibilities include, but are not limited to:

• Incident Response Planning: Develop, maintain, and regularly update incident response plans, playbooks, and procedures. Ensure all SOC staff are trained and familiar with these plans.
• Incident Management: Lead and coordinate the response to cybersecurity incidents, ensuring timely and effective resolution. Manage the entire incident lifecycle, from detection and analysis to containment, eradication, remediation, and recovery.
• Communication: Serve as the primary point of contact during incidents, ensuring clear and effective communication with internal and external stakeholders, including executive leadership, legal teams, and customers.
• Collaboration: Work closely with other Security teams, Networking/NOC, Engineering, Legal, business units and other stakeholders to ensure a coordinated and effective response to incidents. Foster strong relationships with external partners and law enforcement agencies.
• Monitoring and Detection: Assist in overseeing continuous monitoring of security systems, including SIEM and other security tools, to detect and respond to threats.
• Threat Analysis: Lead the conduct of in-depth analyses and investigation of security incidents to identify root causes, attack vectors, and potential impacts. Develop and implement strategies to mitigate risks and prevent future incidents.
• Post-Incident Review: Conduct thorough post-incident reviews to identify lessons learned, document findings, and implement improvements.
• Compliance and Reporting: Ensure compliance with relevant security standards, regulations, and policies. Prepare and present detailed incident reports to executive leadership and other stakeholders.
• Training and Development: Provide ongoing training and guidance to SOC staff on incident response best practices, tools, and procedures. Mentor junior team members on Incident Response/Management and promote a culture of continuous learning and improvement.
• Continuous Improvement: Stay updated with the latest cybersecurity trends, tools, and technologies. Recommend and implement improvements to SOC incident response capabilities, processes, and technologies.
• Automation and Efficiency: Identify opportunities to automate incident response processes and improve operational efficiency. Develop and implement automation scripts and tools to streamline incident management tasks.

Basic Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology or another related field AND 3+ years of experience in Incident Response, Security Operations, Cybersecurity, DFIR, Risk Management, IT Service Management, NOC, OR 5+ years of hands-on experience in Incident Response, Security Operations, Cybersecurity, DFIR, Compliance/IA or related Cybersecurity experience.
• 1+ year(s) of leadership experience in operational environments
• DoD 8570 IAT Level 2 or DoD 8140 compliant certification.
• Expert knowledge of technical and non-technical aspects of incident response, including processes, SOPs, Playbooks, and cyber investigative TTPs.
• 2+ years of experience with technical report writing, strong professional and technical writing skills.
• Ability to effectively communicate facts, findings, and solutions to leadership and external stakeholders at varying levels.

Preferred Qualifications:

• Ability to work independently with guidance in complex situations.
• Proficient in oral and written communication
• Experienced with Microsoft Security products.
• Experience in scripting (e.g., Bash, PowerShell, Python)
• Working knowledge and strong understanding of advanced persistent threats (APT) and associated tactics, attack frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain) and TTPs across the global threat landscape.
• DOD 8570 CSSP Incident Responder similar certification highly desired
• Experience with DevSecOps pipelines and SAFe methodology supporting Security Operations

Security Clearance Requirements:

• Active Top-Secret Clearance with SCI Eligibility.

Physical Requirements:

• Sedentary work that primarily involves sitting/standing/walking/talking.
• Moving about to accomplish tasks or moving from one work site to another.
• Communicating with others to exchange information.
• The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.