Cyber Incident Response Team (CIRT) Lead (SME)

We are seeking a highly skilled and innovative Cyber Incident Response Team (CIRT) Lead (SME) to join our team in the greater DMV area, supporting the Army National Guard.

 

Responsibilities

• Provide enterprise technical authority for cyber incident response: establish doctrine, escalation frameworks, investigative standards, and adjudication processes aligned with DoD, Army, and NIST guidance.
• Advise senior leadership during high‑severity incidents on containment strategy, operational risk, recovery priorities, and risk tradeoffs.
• Oversee development, validation, and lifecycle management of incident response playbooks, forensic methodologies, adversary mapping techniques, and chain‑of‑custody procedures to ensure defensible investigative outcomes.
• Integrate threat intelligence, threat hunting insights, and vulnerability data into enterprise response strategy to improve detection fidelity and inform remediation priorities.
• Guide optimization and architectural alignment of SOC/CIRT tooling (EDR/XDR, SOAR, forensics, packet capture) to ensure operational readiness and scalability.
• Direct cross‑organizational coordination with RCC‑ARNG, NETCOM, ARCYBER, engineering, and mission stakeholders for synchronized response and long‑term remediation.
• Lead after‑action analysis, produce executive incident reports and AARs, and drive corrective action planning to address detection gaps and architectural weaknesses.
• Oversee readiness exercises, purple/red/blue team activities, and continuous improvement programs to mature response capabilities and reduce MTTD/MTTR.
• Mentor CIRT leadership, establish metrics/KPIs for response effectiveness, and maintain evidence and reporting practices for RMF/ATO and legal/audit requirements.

#ENOCS

Qualifications

• Minimum of 12 years with BS/BA; Minimum of 10 years with MS/MA; Minimum of 7 years with Ph.D.

• Clearance: Active TS/SCI clearance.

• Candidate must meet ONE of the following:

  • Master’s degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR
  • Relevant DoD/military training (examples: 4‑11‑C32‑255S (CP), 4C‑255N (CP), 4C‑255A (CP)); OR
  • Relevant professional certification or equivalent experience (examples: CFR, CySA+, GCFA, GCIA, GICSP).

• Required experience and skills:

  • Cybersecurity operations, incident response, or advanced cyber investigations experience with at least 7 years in senior CIRT/SOC leadership or technical authority roles supporting enterprise or DoD environments.
  • Proven expertise in forensic collection/analysis, packet capture and network forensic techniques, EDR/XDR operations, malware analysis, and adversary TTP mapping.
  • Demonstrated ability to coordinate multi‑stakeholder responses with ARCYBER, NETCOM, DISA, RCC‑ARNG, and other mission partners.
  • Experience developing and validating enterprise incident playbooks, SOAR playbooks, escalation matrices, and evidence handling practices that meet RMF/ATO and legal standards.
  • Strong executive briefing skills and experience producing decision‑grade incident reports, AARs, and remediation roadmaps.
  • Track record running large‑scale exercises (tabletop, purple team, red/blue) and driving measurable improvements in detection and response metrics.

• Desired:

  • Prior experience as a CIRT technical authority or senior incident commander in DoD/Army/ARNG environments.
  • Experience integrating threat intelligence programs and hunt teams into incident response operations.
  • Familiarity with legal/forensic admissibility considerations and working with external partners for cross‑boundary investigations.

#ENOCS

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

$112,000 - $179,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.