Senior Cyber Incident Handling Analyst / Active TS/SCI

Peraton is seeking to hire an experienced Senior Cyber Incident Handling Analyst for its’ Regional Cyber Center-Europe program

 

Location: On-site, Wiesbaden, Germany

 

Responsibilities:

• Manage the full cyber incident lifecycle — from initial detection and triage through containment, eradication, recovery, and post-incident review — ensuring all actions are executed in accordance with NIST SP 800-61 and Army incident response procedures
• Coordinate with internal RCC-E teams, supported unit commanders, NETCOM, and ARCYBER during active cyber incidents, serving as the primary point of contact for incident status updates and ensuring timely, accurate communication to all stakeholders
• Produce comprehensive incident reports including initial notifications, situation reports (SITREPs), and final after-action reports that document the timeline, scope, impact, root cause, and remediation actions for each cyber incident
• Maintain accurate and up-to-date incident tracking records in TheHive and ServiceNow, ensuring all case data, evidence artifacts, analyst notes, and closure documentation meet RCC-E quality standards and audit requirements
• Conduct post-incident reviews and lessons-learned sessions following significant cyber events, identifying process gaps, detection failures, and response inefficiencies, and translating findings into actionable improvements for the RCC-E CSSP
• Develop, maintain, and exercise incident response playbooks for common attack scenarios (ransomware, phishing, credential theft, insider threat), ensuring procedures remain current with the evolving threat landscape and Army policy requirements

 

Required:

• Bachelor’s degree (STEM/Business Admin) and a minimum of 5 years of cyber incident handling and security operations experience, or an associates degree and a minimum of 7 years of relevant experience, or 11 years of relevant experience in lieu of the bachelor’s degree
  • Must meet TESA Qualification
• DoW 8140 - Cybersecurity (Cyber Defense Incident Responder) - Intermediate
• Certifications — must hold active certifications (one of the following):
  • Cisco CyberOps Professional
  • GCED (GIAC Certified Enterprise Defender)
  • GCIH (GIAC Certified Incident Handler)
  • GCFA (GIAC Certified Forensic Analyst)
  • GCFE (GIAC Certified Forensic Examiner)
  • GMON (GIAC Continuous Monitoring Certification)
  • GNFA (GIAC Network Forensic Analyst)
  • Blue Team Level 2
  • Microsoft Certified: Cybersecurity Architect Expert
• Demonstrated experience in IDS/SIEM monitoring, event triage, multi-source data analysis, incident response coordination, TTP and exploit knowledge, and end-to-end incident documentation from detection through resolution
• U.S. citizenship required
• Active DoW TS/SCI security clearance

 

Preferred:

• Hands-on experience with TheHive for structured incident case management, evidence tracking, and analyst workflow coordination
• Familiarity with MISP for threat intelligence sharing, IOC management, and integration with incident response workflows
• Experience with ServiceNow Security Operations (SecOps) module for incident tracking and SLA management
• Proficiency with Elastic Stack or Splunk for SIEM-based alert triage, event correlation, and incident timeline reconstruction
• Working knowledge of NIST SP 800-61 Computer Security Incident Handling Guide and DoD/Army incident response policy frameworks
• Experience developing and exercising incident response playbooks for common cyber-attack scenarios in a DoD environment
• Familiarity with digital forensics tools and techniques for evidence collection, chain of custody, and artifact analysis
• Experience operating in a 24/7 CSSP or SOC environment supporting classified Army or DoW ntworks

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

$104,000 - $166,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.