Cyber Intrusion Analyst

MANTECH seeks a motivated, career and customer-oriented Cyber Intrusion Analyst to join our team in Stuttgart, Germany . The Cyber Intrusion Analyst will support multiple components and subscribers of the Defense Information Systems Agency (DISA) Computer Network Defense Service Provider (CND-SP). Daily interaction with members of intrusion analysis, incident response, vulnerability assessment, external assessment, and cyber threat analysis teams supports the organization’s capabilities and delivers services to its subscribers.

This is a funded position on a multiyear contract through March 2031. Relocation will be provided, and the position includes access to all base privileges, including the military commissary and BX/PX, along with HOLA/COLA allowances and DoDDS schooling or international schooling for dependents.

Responsibilities

• Perform computer network incident detection, and response activities to detect, correlate, identify and characterize anomalous activity that may be indicative of threats.
• Monitor security tools and applications for possible malicious activities, investigate alerts or indicators, and develop recommendations for action, including mitigation strategies.
• Analyze low‑level events to identify unauthorized activity, using exploratory problem‑solving or self‑learning techniques.
• Conduct near real‑time event triage and analysis which can result in network traffic validations or a Mission Partner’s incident report.
• Apply formal monitoring policies and use DoD‑approved network monitoring and traffic analysis tools to identify suspicious or malicious traffic 24/7/365.
• Review and analyze logs to detect intruders and notify Mission Partners via formal reporting.
• Apply, develop, tune, and distribute new or existing countermeasures to mitigate potential cyber event impacts.
• Perform network traffic analysis using raw packet data, net flow, IDS, IPS, and custom sensor outputs relevant to communications network security.
• Understand attack signatures, tactics, techniques, and procedures associated with advanced threats.

Minimum Qualifications

• 11 years’ experience, at least 2 years with an accredited Computer Network Defense Service Provider or equivalent to meet German Technical Expert Status Accreditation (TESA) requirements. Alternatively, a Bachelor’s degree in computer science or a related technical discipline plus 3 years’ experience, or an Associate’s degree plus 7 years’ experience.
• Holding DoD‑8570 IAT Level 2 or higher baseline certification (Security+ CE or equivalent); within 5 months of start date, obtain Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or CySA+.
• Knowledge of security concepts, protocols (TCP/IP, HTTP, etc.), well‑known ports (DNS, SMTP, FTP, LDAP, etc.), processes, architecture, and tools (authentication and access control technologies, intrusion detection, network traffic analysis, SIM technology, incident handling, media/malware analysis, etc.).
• Experience analyzing network traffic for suspicious or malicious activity with tools such as Wireshark or equivalent packet capture analysis and the Carnegie‑Mellon SiLK suite for flow data analysis.
• Willingness to perform shift work to support 24/7/365 operations; assignments based on preference and contract requirements.

Preferred Qualifications

• Command‑line scripting skills (PERL, Python, shell scripting) to automate analysis tasks.
• Knowledge of hacker tactics, techniques, and procedures (TTP).
• Familiarity with security frameworks such as MITRE ATT&CK and Cyber Kill Chain.
• Monitoring of intrusion detection and defense appliances (Splunk, Elastic), applications, and analysis of associated alerts.
• Knowledge of advanced threat actor tactics, techniques, and procedures (TTP).
• Understanding of software exploits.

Clearance Requirements

• An active DoD Secret clearance with the ability to obtain Top Secret/SCI is required.

Physical Requirements

• Maintain a stationary position 50% of time.
• Occasionally move within the office to access file cabinets, office machinery, etc.
• Communicate frequently with co‑workers, management, and customers, potentially delivering presentations.