Cyber Threat Analyst / Active Top Secret

Peraton is seeking a Cyber Threat Analyst to join our team in support of the U.S. Army Europe Regional CyberCenter (RCC-E) in Wiesbaden, Germany.

 

Location: Wiesbaden, Germany

 

In this role, you will: 

• Conduct research and evaluate audit data with specific emphasis on network operations and cyber warfare tactics, techniques, and procedures focused on the threat to networked weapons platforms and US DoD information networks.
• Analyze host and network events to determine the impact on current operations, conduct research to determine advisory capability, and develop analytics based on indicators of compromise to leverage the SIEM.
• Execute hunt missions for various threat actors to determine the risk to the DoD information network and recommend mitigations to reduce the attack surface.
• Prepare assessments and cyber threat reports of current events based on the research and analysis of classified and open-source information.
• Correlate threat data from various sources. Develops and maintains analytical procedures to meet changing requirements and ensure maximum operations.
• Produce high-quality papers, presentations, recommendations, and findings for senior U.S. government intelligence and network operations officials. 
• Perform daily cyber threat research and present findings to the organization to maintain knowledge of current adversary tactics, techniques and procedures and how to apply them. Brief staff and leadership on these findings.  
• Evaluate system security configurations, identify intrusion, identify incident method, and perform root cause analysis on intrusions. 
• Perform analysis of complex software systems to determine both functionality and intent of software systems  
• Resolve highly complex malware and intrusion issues.
• Contribute to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations.  
• Create analytics with a SIEM to identify patterns, anomalies, and compromising indicators to alert Cyber Incident responders.
• Prepare and presents technical reports and briefings.
• Perform documentation and vetting of identified vulnerabilities for operational use.
• Assist all sections of the Defensive Cyber Operations team as required in performing analysis. 
• Travel to customer sites to perform network security evaluations.  
• Write reports of vulnerabilities to increase customer situational awareness and improve the customer’s cyber security posture.

Requirements:

• Minimum of 5 years experience in Systems Engineering with a Bachelor’s degree in a STEM field or Business Administration; An additional 4 years of experience in lieu of degree may be considered.
• Must be able to qualify for Technical Expert Status Accreditation (TESA) by having a bachelor's degree in a STEM or Business field plus 3 years of specialized experience, OR an Associate’s degree plus 7 years of specialized experience OR a major certification plus 7 years of specialized experience.
• Active DoD Approved 8140 Certification in:
  • DCWF 511 Advanced (M.S. in IT or one of the following: CBROPS, CFR, CySA+, GCFA, GCIA, GISCP)
  • 8140 Residential Certification (One of: a SANS GIAC certification, Microsoft Certified Security Operations Analyst Associate, Zero Point TRO, or Offensive Security OSDA).
• Must have a full, complete, and in-depth understanding of all aspects of Defensive Cyber Operations.
• Must be fluent in all aspects of government and corporate communications media to include all MS Office products and common task ticketing systems.
• Must have a good breadth of knowledge of common ports and protocols of system and network services.
• Experience in packet captures and analyzing a network packet.
• Experience with intrusion detection systems such as Snort, Suricata, and Zeek.
• Experience with SIEM systems such as Splunk, ArcSight, or Elastic.
• Ability to explain the MITRE ATT&CK matrices.
• U.S. citizenship required.
• An Active DoD Top Secret security clearance with SCI eligibility. 

Preferred Qualifications:  

• Experience in developing complex dashboards, report, and automated searches in Elastic/Kiban.
• Experience with Microsoft MDE or Sentinel.
• Experience with analyzing packets using Arkime.
• Experience with Microsoft Windows event IDs.
• Experience with Linux audit log analysis.
• Familiarity with Git and VScode. 
• Experience with one or more scripting languages such as PowerShell, Bash, Python.
• Demonstrably strong written and verbal communications skills.  
• Self-starter with excellent judgment, capable of independent decision making. 

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

$80,000 - $128,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.