Demo

Principal Mission Defense Lead (TS/SCI)

Mantis Security Corporation
Reston, VA Full Time
POSTED ON 4/17/2026
AVAILABLE BEFORE 5/16/2026
Description

Mantis Security is seeking a Principal Mission Defense Lead to help stand up and lead a new SOC / Mission Defense Team (MDT) supporting mission-critical infrastructure in AWS Commercial and AWS GovCloud environments. This role will establish the operational defense function for a global, internet-facing platform that enables dozens of critical mission systems.

This is a senior hands-on position for a defender with proven experience monitoring networks, responding to active threats, assessing impacts, restoring systems to a safe state, and writing clear technical and executive reports. The successful candidate will help define the MDT operating model, identify capability gaps, establish triage and escalation standards, and create incident response and incident handling SOPs from scratch.

The MDT will operate independently from the cloud infrastructure team to preserve separation of duties. The infrastructure team will deploy and maintain the underlying AWS-native security tooling and platform services, while the MDT will operate those capabilities from a defender’s perspective and work closely with infrastructure engineers to tune detections, improve visibility, influence configuration changes, and strengthen the overall security monitoring stack.

This role requires a senior hands-on defender who can build a mission defense function while actively performing the work. The right candidate will know how to defend networks, investigate incidents, improve detections, tune monitoring capabilities, write credible reports, and help leadership determine the people, workflows, and capabilities needed to scale the MDT into a mature operational team.

Key Responsibilities

  • Stand up and lead the Mission Defense Team operating model for a cloud-enabled, internet-facing mission environment supporting global operations.
  • Perform hands-on security monitoring, network defense, alert triage, incident response, containment coordination, threat removal, impact assessment, and post-incident analysis.
  • Lead development of incident response, incident handling, escalation, evidence preservation, reporting, and defensive SOPs and playbooks from the ground up.
  • Assess the security monitoring and analytics stack and recommend improvements to visibility, detection fidelity, alerting, dashboards, correlation, log search, investigative workflow, and response effectiveness.
  • Work closely with the cloud infrastructure team to influence improvements to deployed security tooling, detections, logging, and defensive configurations while maintaining proper separation of duties.
  • Tune and operationalize detections, correlation, dashboards, search workflows, and investigative content so the security stack produces actionable, mission-relevant defensive value for the MDT.
  • Conduct and oversee threat hunting, network analysis, exfiltration analysis, incident investigation, forensic support, and vulnerability and exposure review.
  • Produce timely and defensible incident reports, investigation summaries, after-action reports, executive briefings, and operational security updates.
  • Advise leadership on staffing, skill mix, workflows, and operational capabilities required to mature the MDT into a fully effective mission defense function.
  • Identify blind spots, readiness gaps, and unknown unknowns in monitoring coverage, processes, response capability, and defensive operations.

Requirements

Required Qualifications

  • Active TS/SCI clearance.
  • 10 years of relevant experience, 4 of which are in security operations, cyber defense, incident response, network defense, mission defense, or SOC leadership roles.
  • Proven hands-on experience defending networks, monitoring enterprise or mission environments, responding to incidents, removing active threats, assessing impacts, and restoring systems to a safe operational state.
  • Demonstrated experience creating or maturing incident response and incident handling SOPs, defensive workflows, and operational playbooks.
  • Strong experience with security monitoring, threat detection, alert triage, incident investigation, and containment coordination.
  • Experience leading or materially improving a SOC, CSIRT, incident response function, or cyber defense team.
  • Ability to evaluate security monitoring and defense tooling and recommend practical improvements to detections, dashboards, workflows, search capability, and response processes.
  • Ability to translate ambiguous operational risk into actionable procedures, staffing recommendations, and technical priorities.
  • Strong written communication skills, including experience producing formal incident and investigative reporting for technical and leadership audiences.

Acceptable Technical Background

Candidates do not need deep prior AWS-native security operations experience if they bring strong analogous experience from on-premises, hybrid, enterprise, or DoD network defense environments and can adapt those skills to cloud-based workflows.

Relevant Experience May Include

  • SIEM / log analysis: Splunk, Elastic, QRadar, ArcSight, or Amazon OpenSearch Service
  • Threat detection / finding correlation: traditional SOC detection platforms or AWS-native services such as GuardDuty and Security Hub
  • Network security monitoring / IDS / IPS: Suricata, Snort, Zeek, Trellix, Cisco Secure, Palo Alto, Fortinet, or AWS Network Firewall
  • Web application / edge protection: traditional WAF technologies or AWS WAF
  • Vulnerability and exposure management: Nessus, Tenable, Qualys, Rapid7, or Amazon Inspector
  • Cloud activity monitoring / investigation: enterprise audit and log-analysis platforms or services such as AWS CloudTrail and Amazon Detective
  • Traffic analysis / forensic support: Wireshark, tcpdump, NetFlow analysis, packet capture tools, Volatility, EnCase, FTK, or Velociraptor

Required Certifications

  • At least one DoD 8570 IAT Level II certification, such as Security

Preferred Certifications

  • Preferred advanced certifications include GIAC GCIH, GCIA, or GCFA

Salary.com Estimation for Principal Mission Defense Lead (TS/SCI) in Reston, VA
$166,268 to $194,923
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Principal Mission Defense Lead (TS/SCI)?

Sign up to receive alerts about other jobs on the Principal Mission Defense Lead (TS/SCI) career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$106,272 - $135,338
Income Estimation: 
$148,081 - $218,733
Income Estimation: 
$164,835 - $201,088
Income Estimation: 
$102,189 - $143,024
Income Estimation: 
$135,994 - $168,063
Income Estimation: 
$161,209 - $233,553
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Mantis Security Corporation

  • Mantis Security Corporation Reston, VA
  • Description Cybersecurity Incident Response Team (CSIRT) Analyst We are seeking a highly skilled CSIRT Analyst to join our cybersecurity team in Northern V... more
  • 1 Day Ago

  • Mantis Security Corporation Reston, VA
  • Description Mantis Security is seeking a Lead Platform Integration Engineer to maintain, monitor, and enhance mission system infrastructure supporting crit... more
  • 2 Days Ago

  • Mantis Security Corporation Reston, VA
  • Description Mantis Security is a leading specialty firm of high caliber talent who specialize in Cyber Operations, Cyber Defense, Information Assurance, So... more
  • 4 Days Ago


Not the job you're looking for? Here are some other Principal Mission Defense Lead (TS/SCI) jobs in the Reston, VA area that may be a better fit.

  • Mission Recruiting Oakton, VA
  • Mission Recruiting is partnering with a respected litigation platform seeking a Liability Defense Attorney to step into an active caseload and contribute i... more
  • 8 Days Ago

  • Clear Ridge Defense Fort Belvoir, VA
  • Clear Ridge Defense is seeking a TS/SCI cleared professional with poly eligibility to serve as a Mission Trainer in Ft. Belvoir, VA. Roles and Responsibili... more
  • 11 Days Ago

AI Assistant is available now!

Feel free to start your new journey!