Cyber Threat Analyst Active Top Secret

Peraton is seeking a Cyber Threat Analystto join our team in support of the U.S. Army Europe Regional CyberCenter (RCC-E) in Wiesbaden Germany.

Location: Wiesbaden Germany

In this role you will:

• Conduct research and evaluate audit data with specific emphasis on network operations and cyber warfare tactics techniques and procedures focused on the threat to networked weapons platforms and US DoD information networks.
• Analyze host and network events to determine the impact on current operations conduct research to determine advisory capability and develop analytics based on indicators of compromise to leverage the SIEM.
• Execute hunt missions for various threat actors to determine the risk to the DoD information network and recommend mitigations to reduce the attack surface.
• Prepare assessments and cyber threat reports of current events based on the research and analysis of classified and open-source information.
• Correlate threat data from various sources. Develops and maintains analytical procedures to meet changing requirements and ensure maximum operations.
• Produce high-quality papers presentations recommendations and findings for senior U.S. government intelligence and network operations officials.
• Perform daily cyber threat research and present findings to the organization to maintain knowledge of current adversary tactics techniques and procedures and how to apply them. Brief staff and leadership on these findings.
• Evaluate system security configurations identify intrusion identifyincident method and perform root cause analysis on intrusions.
• Perform analysis of complex software systems to determine both functionality and intent of software systems
• Resolve highly complex malware and intrusion issues.
• Contribute to the design development and implementation of countermeasures system integration and tools specific to Cyber and Information Operations.
• Create analytics with a SIEM to identify patterns anomalies and compromising indicators to alert Cyber Incident responders.
• Prepare and presents technical reports and briefings.
• Perform documentation and vetting of identified vulnerabilities for operational use.
• Assist all sections of the Defensive Cyber Operations team as required in performing analysis.
• Travel to customer sites to perform network security evaluations.
• Write reports of vulnerabilities to increase customer situational awareness and improve the customers cyber security posture.

Requirements:

• Minimum of 5 years experience in Systems Engineering with a Bachelors degree in a STEM field or Business Administration; An additional 4 years of experience in lieu of degree may be considered.
• Must be able to qualify for Technical Expert Status Accreditation (TESA) by having a bachelors degree in a STEM or Business field plus 3 years of specialized experience OR an Associates degree plus 7 years of specialized experience OR a major certification plus 7 years of specialized experience.
• Active DoD Approved 8140 Certification in:
  • DCWF 511 Advanced (M.S. in IT or one of the following: CBROPS CFR CySA GCFA GCIA GISCP)
  • 8140 Residential Certification (One of: a SANS GIAC certification Microsoft Certified Security Operations Analyst Associate Zero Point TRO or Offensive Security OSDA).
• Must have a full complete and in-depth understanding of all aspects of Defensive Cyber Operations.
• Must be fluent in all aspects of government and corporate communications media to include all MS Office products and common task ticketing systems.
• Must have a good breadth of knowledge of common ports and protocols of system and network services.
• Experience in packet captures and analyzing a network packet.
• Experience with intrusion detection systems such as Snort Suricata and Zeek.
• Experience with SIEM systems such as Splunk ArcSight or Elastic.
• Ability to explain the MITRE ATT&CK matrices.
• U.S. citizenship required.
• An Active DoD Top Secret security clearance with SCI eligibility.

Preferred Qualifications:

• Experience in developing complex dashboards report and automated searches in Elastic/Kiban.
• Experience with Microsoft MDE or Sentinel.
• Experience with analyzing packets using Arkime.
• Experience with Microsoft Windows event IDs.
• Experience with Linux audit log analysis.
• Familiarity with Git and VScode.
• Experience with one or more scripting languages such as PowerShell Bash Python.
• Demonstrably strong written and verbal communications skills.
• Self-starter with excellent judgment capable of independent decision making.

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit to learn how were keeping people around the world safe and secure.