Engineer Systems III, SEY3/ CND / Incident Response Analyst

Are you looking for an Engineer Systems III, SEY3/ CND / Incident Response Analyst role?

This is what you'll get to do: 

• Architecture, administration, and operation of comprehensive monitoring solutions for enterprise network, hosts and user for the detection, monitoring, and removal of threats as directed by the appropriate authority.  
• Integration and management of SIEM and SOAR platforms, such as Elastic, Splunk, Sentinel, and other open-source or government provided solutions.  
• Creation and maintenance of comprehensive incident response playbooks to streamline response activities, ensuring consistent and efficient responses.  
• Correlation of data from multiple sources, including host, network, user, and intelligence reports, to uncover threats.
• Collection, aggregation, and interpretation of log data from various sources.
• Configuration, management, and optimization of Network Intrusion Detection Systems and Host-based Intrusion Detection Systems, to include fine-tuning security rule sets for tools such as Suricata, Snort, Yara, and Sigma.
• Deep packet inspection and identification of malicious traffic using packet analysis tools, such as Wireshark or Network Miner.
• Hardware configuration and design of deployable network kits that includes switches, routers, taps, hypervisors, and network storage devices to ensure seamless integration and optimal performance.
• Analysis of the current state of organizational cyber security policies, certification and accreditation packages, programs, procedures, and provide expert recommendations for improvement based on industry best practice.
• Implementation and maintenance of firewalls, VPNs, and security controls to secure a networks perimeter.
• Both static and dynamic malware analysis to determine the function of unknown binaries and identify unique characteristics, leading to the development of indicators of compromise.
• Advanced network and host forensic techniques, such as dead disk forensics, memory forensics, and registry forensics, using tools such as Kape, Autopsy, Volatility, FTK, and Encase.
• Threat hunting to identify advanced persistent threats and zero-day vulnerabilities using various threat hunting methodologies.
• Perform Cyber Threat Emulation to assess security tools to, test mitigations, evaluate controls, and evaluate local defender procedures in a controlled environment.
• Training and development of CPT personnel on foundational areas such as network and host analysis, JQR, Mission qualification, and KSA’s related to their assigned work role.
• Applying DCO and Offensive Cyber Operations (OCO) concepts and applications to mission analysis and utilizing them to develop concepts of employment for the CPT and assist in pre-mission planning activities.
• Provide input into DCO mission products such as pre-mission planning briefs, situation reports, post mission documentation, after action reports and lessons learned at the conclusion of events such as operations, exercises, and training.
• Utilization of various threat intelligence sources to improve security posture and provide input into pre-mission product development.

Basic Qualifications: 

• Active/Current Top-Secret/SCI with polygraph
• Minimum of Bachelor's Degree from an accredited college or university 
• Ability to recognize suspicious activity/events, common attacker TTPs, perform logical analysis and research to determine root cause and scope of Incidents 
• In-depth knowledge of each phase of the Incident Response life cycle
• 5 years with BS/BA; 3 years with MS/MA;  0 years with PhD of related experience.

Preferred/Desired Qualifications: 

• IAT level III or CSSP Incident Responder certification with documented additional education, specialization, or certification in one of the technologies or tools listed below. (JELC)
• 5 years of experience in 8 or more of the 13 below:
  • System Architecture
    • Network Engineering
    • Systems Engineering
    • Virtual Environments
  • Scripting
    • Powershell
    • Python
    • RegEx
  • Forensics
    • Dead disk and memory interrogations
    • Malware analysis/reverse engineering
  • Additional Preferred Experience
    • SCADA Systems
    • Cloud Environments
    • Database Administration
    • Hunt Methodologies
    • SEIM Operations (Splunk/Security Onion)

EJ-CSSS3#

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.