Tier 2 Cyber Incident Response Team (CIRT) Shift Lead

Peraton is seeking an experienced Tier 2 Cyber Incident Response Team (CIRT) Shift Lead to join our Department of State (DOS) Diplomatic Security Cyber Mission (DSCM) program. This critical role contributes to protecting our nations diplomatic missions worldwide by providing leading cyber and technology security expertise.

Location:Beltsville MD and Roslynn VA.

Work Hours: Mids ShiftEST (10:00 PM - 6:00 AM Sunday - Thursday).

In this role you will:

• Detect classify process track and report on cyber security events and incidents.
• Perform advanced in-depth analysis of coordinated Tier 1 alert triage and requests in a 24x7x365 environment.
• Analyze logs from multiple sources to identify contain and remediate suspicious activity.
• Characterize and analyze network traffic to identify anomalous activity and potential threats.
• Perform forensic analysis of host artifacts network traffic and email content.
• Conduct malware analysis to generate IOCs to identify and mitigate threats.
• Collaborate with Department of State teams to analyze and respond to events and incidents.
• Monitor and respond to the CIRT Security Orchestration and Automation Response (SOAR) platform hotline and email inboxes.
• Create tickets and initiate workflows as instructed in technical SOPs.
• Coordinate and report incident information to the Cybersecurity and Infrastructure Security Agency (CISA).
• Submit alert tuning requests.

Additionally as a Tier 2 Shift Lead you will:

• Review all Tier 2 shift tickets for accuracy and completeness.
• Coordinate with CIRT Watch Officers and government leadership on remediation actions.
• Provide technical and procedural improvement recommendations to CIRT leadership.
• Assist with Tier 2 candidate technical interviews as required.
• Ensure coordinated remediation actions are operating properly.

#DSCM

Required Qualifications:

• Bachelors degree and a minimum 9 years of relevant experiencerequired; 7 years with a Masters; or a High School diploma and 13 years of relevant incident response experience.
  • Minimum of 6 years of cyber specific experience with at least 4 years specifically in incident response.
• Must possess one of the following certifications prior to start date:
  • CASP CE CCNA Cyber Ops CCNA-Security CCNP Security CEH CFR CHFI CISA CISSP (or Associate) CISSP-ISSAP CISSP-ISSEP CySA GCED GCFA GCIH SCYBER.
• Demonstrated experience in the Incident Response lifecycle.
• Knowledge of SOAR ticketing and automated response systems (e.g. ServiceNow Splunk SOAR Microsoft Sentinel).
• Demonstrated experience with using Security Information and Event Management (SIEM) platforms (e.g. Splunk Microsoft Sentinel Elastic Q-Radar).
• Demonstrated experience in using Endpoint Detection and Response systems (e.g. MDE ElasticXDR CarbonBlack Crowdstrike).
• Knowledge of cloud security monitoring and incident response.
• Knowledge of integrating IOCs and Advanced Persistent Threat actors.
• Ability to analyze cyber threat intelligence reporting and understanding adversary methodologies and techniques.
• Knowledge of malware analysis techniques.
• Knowledge of the MITRE ATT&CK and D3FEND frameworks.
• Experience in managing and coordinating small teams.
• U.S. Citizenship required.
• Active Secret clearance.

Preferred Qualifications:

• Proficiency with Splunk for security monitoring alert creation and threat hunting.
• Experience using Microsoft Azure access and identity management.
• Proficiency in Microsoft Defender for Endpoint and Identity for security monitoring response and alert generations.
• Experience using digital forensics collection and analysis tools (e.g. Autopsy Axiom MagnetForensics Zimmerman-Tools KAPE CyLR Volatility).
• Experience using ServiceNow SOAR for ticketing and automated response.
• Experience using Python PowerShell and BASH scripting languages.
• Proficiency in cloud security monitoring and incident response.
• Demonstrated ability to perform static/dynamic malware analysis and reverse engineering.
• Experience with integrating cyber threat intelligence and IOC-based hunting.
• Technical certifications such as: Azure SC-900 CCSP GCIH CCSK GSEC CHFI GCLD GCIA.
• Advanced technical certifications such as: SecurityX/CASP PRMP GREM GEIR GNFA or GCFA.

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit to learn how were keeping people around the world safe and secure.