SOC Analyst – Senior

General information

Requisition # R60612 Locations USA-AL-Huntsville Posting Date 05/21/2025 Security Clearance Required TS/SCI Remote Type Onsite Time Type Full time

Description & Requirements

Transform the future of federal services with ManTech! Join a vibrant, energetic team committed to enhancing national security and public services through innovative tech. Since 1968, we’ve partnered with Federal Civilian sectors to deliver impactful solutions. Engage in exciting projects in Digital Transformation, Cybersecurity, IT, Data Analytics and more. Ignite your career and drive change. Your journey starts now—innovate and excel with ManTech!

ManTech seeks a highly skilled and knowledgeable Senior SOC Analyst to support a 24x7x365 Watch Floor team and safeguard the confidentiality, integrity, and availability of an organizations information assets. This position is located on customer site in Huntsville, AL.  There are two (2) shifts available: Morning and Afternoon/Evening with rotation to support to weekends/holidays.

As a Senior SOC Analyst your duties include analyzing relevant cyber security event data and other data sources for attack indicators and potential security breaches; produce reports, assist in coordination during incidents; and coordinate with the engineering team to ensure all security monitoring systems are on-line, up to date, and fully operational. 

Responsibilities for this position include but are not limited to:

• Monitoring intrusion detection and prevention systems and other security event data sources daily.  

• Determining if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures.

• Correlating data from SIEM / Splunk and Endpoint Detection and Response (EDR) systems with data from other sources such as firewall, web server, and Syslogs.

• Tuning and filtering of events and information, creating custom views and content with the assistance of the Engineering and DevOps team.

• Conduct monitoring, analyzing, and responding to threats, contribute to Computer Network Defense, and create solutions to augment Defensive Cyber Operations.

• Lead threat hunts with other team members for potential APTs / TTPs.

• Documenting each incident in the existing ticketing system; documenting procedures for handling each security event detected.

• Coordinating with the DevOps and engineering team to ensure production SOC systems are operational and maintained.

• Reviewing data with the Cyber Threat Intelligence Team, Incident Response Team and other appropriate groups to determine the risk and threat of an event.

• Creating custom queries and develop new use cases to better correlate security event information.

•  Identifying misuse, malware, or unauthorized activity on monitored networks and infrastructure.

• Developing and/or maintaining SOC Standard Operating Procedures (SOPs) and/or Playbooks, which define repeatable processes for activities such as analysis, reporting, and incident response.

• Potential limited travel during transition period: travel may be required to Washington DC / Clarksburg WV.

Minimum Qualifications:

• 8+ years of IT experience with 4+ years as a SOC analyst.

• Demonstrated experience with using Splunk SIEM.

• Experience with incident detection and response, security analysis and support for incident response and post incident analysis.

• Demonstrated experience conduct threat hunts.

• Experience working with Cyber Threat Intelligence and Forensic teams until incident closure.

Preferred Qualifications:

• Bachelor’s Degree in Computer Science or related field.

• 3+ years’ experience monitoring cloud environments

• Experience using Microsoft Sentinel.

Prefer 1 or more of the following certifications:

• GIAC Continuous Monitoring Certification (GMON)

• GIAC Certified Incident Handler (GCIH)

• GIAC Certified Forensic Analyst (GCFA)

• GIAC Certified Intrusion Analyst (GCIA)

• GIAC Network Forensic Analyst (GNFA)

• GIAC Cloud Forensics Responder (GCFR)

• GIAC Cloud Threat Detection (GCTD)

Clearnace Requirements

• Must hold an active Top Secret with the ability to obtain SCI eligibility.

Physical Requirements:

• Must be able to remain in a stationary position 50%

• Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer

• The person in this position frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.

ManTech International Corporation considers all qualified applicants for employment without regard to disability or veteran status or any other status protected under any federal, state, or local law or regulation.
If you need a reasonable accommodation to apply for a position with ManTech, please email us at careers@mantech.com and provide your name and contact information.