Tier 2 Cyber Incident Response Team (CIRT) Shift Lead

Peraton is seeking an experienced Tier 2 Cyber Incident Response Team (CIRT) Shift Lead to support a high-impact cybersecurity and technology program focused on securing global infrastructure and enabling innovative, effective, and secure business processes.

 

Location: Beltsville, MD.

 

Work Hours: Days Shift, 6:00 AM – 2:00 PM, Tuesday – Saturday.

 

As a Cyber Incident Response Team Shift Lead, you will:

• Detect, classify, process, track, and report cybersecurity events and incidents.
• Perform advanced analysis of Tier 1 alert triage and requests in a 24x7x365 environment.
• Analyze logs from multiple sources to identify, contain, and remediate suspicious activity.
• Characterize and assess network traffic to detect anomalous behavior and potential threats.
• Conduct forensic analysis of host artifacts, network traffic, and email content.
• Perform malware analysis to generate Indicators of Compromise (IOCs) and mitigate threats.
• Collaborate with Department of State teams to analyze and respond to incidents.
• Monitor and respond to the CIRT SOAR platform, hotline, and email inboxes.
• Create tickets and initiate workflows in accordance with technical SOPs.
• Coordinate and report incident details to the Cybersecurity and Infrastructure Security Agency (CISA).
• Submit alert tuning requests to improve detection accuracy.

As a Tier 2 Shift Lead, you will also:

• Review all Tier 2 shift tickets for accuracy and completeness.
• Coordinate remediation actions with CIRT Watch Officers and government leadership.
• Recommend technical and procedural improvements to CIRT leadership.
• Assist with technical interviews for Tier 2 candidates.
• Ensure proper execution of coordinated remediation actions.

 

Required Minimum Qualifications:  

• Bachelor's degree and a minimum 9 years of relevant experience required; 7 years with a Masters; or a High School diploma and 13 years' of relevant incident response experience.
• Must have a minimum of 6 years of Cyber specific experience, with at least 4 years specifically in Incident Response.   
• Must possess one of the following certifications prior to start date: 
  • CASP+ CE, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CISA, CISSP (or Associate), Cloud+, CySA+, GCED, GCIA, GCIH, GICSP, SCYBER, VCA DCV, PPDA, Agile IC, or SNOW App Dev
• Demonstrated experience in the Incident Response lifecycle. 
• Knowledge of SOAR ticketing and automated response systems (e.g. ServiceNow, Splunk SOAR, Microsoft Sentinel). 
• Demonstrated experience with using Security Information and Event Management (SIEM) platforms (e.g. Splunk, Microsoft Sentinel, Elastic, Q-Radar). 
• Demonstrated experience in using Endpoint Detection and Response systems (e.g. MDE, ElasticXDR, CarbonBlack, Crowdstrike). 
• Knowledge of cloud security monitoring and incident response. 
• Knowledge of integrating IOCs and Advanced Persistent Threat actors. 
• Ability to analyze cyber threat intelligence reporting and understanding adversary methodologies and techniques. 
• Knowledge of malware analysis techniques. 
• Knowledge of the MITRE ATT&CK and D3FEND frameworks. 
• Experience in managing and coordinating small teams. 
• U.S. Citizenship required. 
• Active Secret security clearance.
  • The ability to obtain a final Top Secret/SCI security clearance. 

Preferred Qualifications:  

• Proficiency with Splunk for security monitoring, alert creation, and threat hunting. 
• Experience using Microsoft Azure access and identity management. 
• Proficiency in Microsoft Defender for Endpoint and Identity for security monitoring, response, and alert generations. 
• Experience using digital forensics collection and analysis tools (e.g. Autopsy, Axiom MagnetForensics, Zimmerman-Tools, KAPE, CyLR, Volatility). 
• Experience using ServiceNow SOAR for ticketing and automated response. 
• Experience using Python, PowerShell and BASH scripting languages. 
• Proficiency in cloud security monitoring and incident response. 
• Demonstrated ability to perform static/dynamic malware analysis and reverse engineering. 
• Experience with integrating cyber threat intelligence and IOC-based hunting. 
• Technical certifications such as: Azure SC-900, CCSP, GCIH, CCSK, GSEC, CHFI, GCLD, GCIA. 
• Advanced technical certifications such as: SecurityX/CASP+, PRMP, GREM, GEIR, GNFA, or GCFA. 

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

$86,000 - $138,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.