About Peraton
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.
Responsibilities
Peraton is currently seeking a Cyber Incident Responder to join our team in support of the U.S. Army Europe Regional Cyber Center (RCC-E).
Location: Wiesbaden, Germany
In this role, you will:
- Work as an expert to perform analysis of cyber relate events to detect and deter malicious actors using SIEM technologies focused on the threat to networked weapons platforms and U.S. DoD information networks.
- Need to be able to support this position having the potential to work multiple shifts in a rotational schedule.
- Analyze host and network events to determine the impact on current operations, conduct research to determine advisory capability, and develop analytics based on indicators of compromise to leverage the SIEM.
- Produce high-quality papers, presentations, recommendations, and findings for senior US government intelligence and network operations officials.
You will have the opportunity to:
- Perform documentation and vetting of identified vulnerabilities for operational use.
- Monitor and action SIEM platforms for alerts, events, and rules providing insight into malicious activities and/or security posture violations.
- Review intrusion detection system alerts for anomalies that may pose a threat to the customer’s network.
- Identify and investigate vulnerabilities, asses exploit potential, and suggest analytics for automation in the SIEM engines.
- Report events through the incident handling process of creating incident tickets for deeper analysis and triage activities.
- Issue triage steps to local touch labor organizations and Army units to mitigate or collect on-site data.
- Develop unique queries and rules in the SIEM platforms to further detection for first line cyber defenders.
- Provide daily updates to Cyber Security Service Provider Division higher staff on intrusion detection operation and trends of events causing incidents.
- Draft reports of remotely exploitable vulnerabilities to increase customer situational awareness and improve the customer’s cyber security posture.
- Assist all sections of the Cyber Security Service Provider Division as required in performing Analysis and other duties as assigned.
Qualifications
Required:
- BA/BS in Engineering, Computer Science, Science, Business Administration or Mathematics and 2 years of specialized experience, or an Associate’s degree and 5 years of specialized experience. An additional 4 years ofexperience may be considered in lieu of education/degree.
- Experience in packet captures and analyzing a network packet.
- Experience with intrusion detection systems such as Snort, Suricata, and Zeek.
- Experience with the Elastic SIEM.
- Ability to work independently as well as part of a team.
- Ability to work on shift rotation to assist the team.
- Must have a full, complete, and in-depth understanding of all aspects of Defensive Cyber Operations.
- Must be fluent in all aspects of government and corporate communications media to include all MS Officeproducts and common task ticketing systems.
- Must have a good breadth of knowledge of common ports and protocols of system and network services.
- Must have the demonstrated ability to communicate with a variety of stakeholders in a variety of formats.
- DoD 8140 DCWF 531 & 511 certified in ONE of the following, OR, have the ability to obtain within 30-days ofhire:
- DCWF 531 - B.S.+ or GCFA, GCIA, CCSP, CEH, CFR, Cloud+, CYSA+, GCED, GICSP, PenTest+
- DCWF 511 - B.S.+ or GCFA, GCIA, CFR, Cloud+, CYSA+, GCED, PenTest
- One of the following within 30-days of hire:
- Cisco CyberOps Professional, GCED, GCFA, GCFE, GCIH, GNFA, DCITA CIRC, Blue Team level 1,FIWE or Offensive Security OSDA.
- U.S. citizenship required.
- An active Top Secret with SCI security clearance.
Preferred:
- Experience with writing Snort or Suricata IDS rules.
- Experience in developing complex dashboards, report, and automated searches in Elastic/Kibana.
- Experience with analyzing packets using Arkime.
- Experience with Microsoft Windows event IDs.
- Experience with Linux audit log analysis.
- Familiarity with Git and VScode.
- Experience with one or more scripting languages such as PowerShell, Bash, Python.
Target Salary Range
$66,000 - $106,000. This represents the typical salary range for this position based on experience and other factors.
SCA / Union / Intern Rate or Range
EEO
An Equal Opportunity Employer including Disability/Veteran.