[Remote] Cyber Incident Handling Analyst / Active Top Secret
Note: The job is a remote job and is open to candidates in USA. Peraton is a next-generation national security company that drives missions of consequence spanning the globe. They are currently seeking an experienced Cyber Incident Handling Analyst to join their team in support of the U.S. Army Europe Regional Cyber Center, where the analyst will monitor and respond to cyber incidents, conduct threat analysis, and optimize detection capabilities.
Responsibilities
- Monitor, analyze, and act on SIEM alerts and events to detect malicious activities across information systems and networks as part of a dedicated, rotating 24/7 incident response team to ensure continuous operational coverage
- Work on first, second, or third shift on a rotation to accomplish the duties and responsibilities
- Support dynamic cyber defense operations by coordinating security toolsets and adhering to the Department of Defense framework for measuring and quantifying cyber risk
- Conduct threat and vulnerability analysis by evaluating network and host activity against baseline requirements, researching security standards, reviewing vulnerability findings related to SIEM alerts, and analyzing system logs for indicators of malicious intent
- Manage incident response by documenting and classifying incidents (in accordance with Army and DoD regulations), determining root causes, coordinating remediation efforts, and performing post-intrusion analyses to identify detection gaps
- Communicate effectively by providing timely incident updates and daily reports to higher headquarters and Defensive Cyber Operations staff, and by preparing visual charts, diagrams, and comprehensive reports to support metrics analysis and enhance cybersecurity posture
- Optimize detection capabilities by developing specialized SIEM queries, tuning IDS/IPS rules to reduce false positives, and documenting identified vulnerabilities for operational integration
- Provide team and customer support by assisting various sections of the Defensive Cyber Operations team and conducting in-depth network security evaluations at customer sites
- Utilize SIEM technologies for advanced cyber forensics to detect and deter malicious actors targeting networked weapons platforms and U.S. DoD networks
- Analyze host and network events to assess operational impact and advisory capabilities
- Develop analytics based on indicators of compromise and perform forensic investigations by dissecting host data to determine the root causes, tactics, techniques, and tools used in cyber intrusions
- Prepare high-quality strategic reports, presentations, and recommendations for senior U.S. government intelligence and network operations officials Skills
- BS/BA with 3 years of relevant experience; Additional years of relevant experience may be considered in lieu of degree aligned with the TESA requirements below: Must be able to qualify for Technical Expert Status Accreditation (TESA) by having a bachelor's degree in a STEM or Business field plus 3 years of specialized experience. Associate's degree plus 7 years of specialized experience. Major certification plus 7 years of specialized experience
- Active DoD Approved 8140 Certification in: DCWF 531 Intermediate (MB.S. in IT or one of the following: CEH, ECIH, GRID, RCCE Level 1, CBROPS, CCSP, Cloud+, FITSP-O, GCED, GCIH, GSEC, PenTest+, Security+ or an Advanced certificate). 8140 Residential Certification (One of: Cisco Cyber Ops Pro,a SANS GIAC Cert, Blue Team Level 1, Microsoft Certified Operations Analyst Associate, or Offensive Security OSDA)
- Fluent in all aspects of government and corporate communications media to include all MS Office products and common task ticketing systems
- Must have a solid understanding of networking protocols, their uses, and their potential misuses
- Experience with one or more scripting languages such as PowerShell, Bash, Python or Perl
- Ability to work independently as well as part of a team
- Strong written and verbal communication skills required
- U.S. citizenship required
- Active Top Secret with SCI eligibility
- Experience with the Elastic SIEM
- Experience in Microsoft MDE, XDR, or Sentinel
- Experience in packet captures and analyzing a network packet
- Experience with intrusion detection systems such as Snort, Suricata, and Zeek
- Experience with Microsoft Windows event IDs
- Experience with Linux audit log analysis
- Familiarity with Git and VScode
- Strong understanding of adversary tactics, techniques, and procedures (TTPs) and the MITRE ATT&CK framework
- Experience with one or more scripting languages such as PowerShell, Bash, Python Benefits
- Medical
- Dental
- Vision
- Life
- Health savings account
- Short/long term disability
- EAP
- Parental leave
- 401(k)
- Paid time off (PTO) for vacation
- Company paid holidays Company Overview
- Peraton Fearlessly solving the toughest national security challenges. It was founded in 1992, and is headquartered in Woodbridge, New Jersey, USA, with a workfor
Apply tot his job Apply To this Job