Cyber Incident Responder

Job Locations DE-Wiesbaden Erbenheim Hesse
Requisition ID
Position Category
Cyber Security
Top Secret/SCI
Cyber Mission


Peraton is seeking Cyber Incident Responder to join our incident response and watch operation team in support of the U.S. Army Europe Regional CyberCenter (RCC-E) in Wiesbaden, Germany. Working as expert to perform analysis of cyber relate events to detect and deter malicious actors using SIEM technologies focused on the threat to networked weapons platforms and US DoD information networks. This position has potential to work multiple shifts in a rotational schedule. Analyzes host and network events to determine the impact on current operations, conduct research to determine advisory capability, and develop analytics based on indicators of compromise to leverage the SIEM.  Produces high-quality papers, presentations, recommendations, and findings for senior US government intelligence and network operations officials. 


Job Duties: 

  • Monitor and action SIEM platforms for alerts, events, and rules providing insight into malicious activities and/or security posture violations 
  • Review intrusion detection system alerts for anomalies that may pose a threat to the customer’s network 
  • Identify and investigate vulnerabilities, asses exploit potential, and suggest analytics for automation in the SIEM engines 
  • Report events through the incident handling process of creating incident tickets for deeper analysis and triage activities. 
  • Issue triage steps to local touch labor organizations and Army units to mitigate or collect on-site data. 
  • Develop unique queries and rules in the SIEM platforms to further detection for first line cyber defenders. 
  • Travel to customer sites to perform network security evaluations when remote capabilities are limited 
  • Respond to the higher headquarters on incidents and daily reports 
  • Provide daily updates to Defensive Cyber Operations staff on intrusion detection operation and trends of events causing incidents 
  • Draft reports of remotely exploitable vulnerabilities to increase customer situational awareness and improve the customer’s cyber security posture 
  • Assist all sections of the Defensive Cyber Operations team as required in performing Analysis and other duties as assigned 
  • May perform documentation and vetting of identified vulnerabilities for operational use 


  • BA/BS in Engineering, Computer Science, Science, Business Administration or Mathematics. Bachelor degree plus 3 years of specialized experience, or an associate degree plus 7 years of specialized experience, or a major certification plus 7 years of specialized experience, or 11 years of specialized experience. 
  • A current TS with SCI Clearance (ICD 706 Eligibility) 
  • US citizenship required 
  • Must possess the following Specialized Certifications: 
  • -- One of DoD 8570 IAT II or higher (SSCP, CCNA-Security, GSEC, Security+ CE) 
  • -- One of DoD 8570 CSSP Incident Responder (CEH, GCIH, GCFA, CySA+, or other as listed on the DoD 8570) 
  • -- A current computing environment certification such as MCSA, RHCSA, CCNA, CEH, ArcSight, etc. 
  • Must have a full, complete, and in-depth understanding of all aspects of Defensive Cyber Operations 
  • Must be fluent in all aspects of government and corporate communications media to include all MS Office products and common task ticketing systems 
  • Must have a good breadth of knowledge of common ports and protocols of system and network services 
  • Experience in packet captures and analyzing a network packet 
  • Experience with intrusion detection systems such as Snort, Suricata, and Zeek 
  • Experience with SIEM systems such as Splunk, ArcSight, or Elastic 
  • Must have the demonstrated ability to communicate with a variety of stakeholders in a variety of formats 
  • Ability to work independently as well as part of a team 
  • Ability to work periodically on shift to assist the team 


Preferred Qualifications: 

  • Experience with writing Snort or Suricata IDS rules 
  • Experience in developing complex dashboards, report, and automated searches in Splunk, ArcSight, or Elastic/Kibana 
  • Experience with analyzing packets using Arkime 
  • Experience with Microsoft Windows event IDs 
  • Experience with Linux audit log analysis 
  • Familiarity with Git and VScode 
  • Experience with one or more scripting languages such as PowerShell, Bash, Python 

Peraton Overview

Peraton drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted and highly differentiated national security solutions and technologies that keep people safe and secure. Peraton serves as a valued partner to essential government agencies across the intelligence, space, cyber, defense, civilian, health, and state and local markets. Every day, our employees do the can’t be done, solving the most daunting challenges facing our customers.

Target Salary Range

$86,000 - $138,000. This represents the typical salary range for this position based on experience and other factors.

EEO Tagline (Text Only)

An Equal Opportunity Employer including Disability/Veteran.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed