About Peraton
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.
Responsibilities
Peraton is currently seeking a Cyber Threat Detection Subject Matter Expert (SME) to become part of Peratons’ Department of State (DoS) Diplomatic Security Cyber Mission (DSCM) program providing leading cyber and technology security experience to enable innovative, effective, and secure business processes. Location: Beltsville, MD. Hybrid after initial 90-days of working on site.
This current opening will support Monday-Friday, 8:00am to 4:00pm.
The DSCM program encompasses technical, engineering, data analytics, cyber security, management, operational, logistical, and administrative support to aid and advise DoS Cyber & Technology Security (CTS) Directorate. This includes protecting a global cyber infrastructure comprising networks, systems, information, and mobile devices all while identifying and responding to cyber risks and threats.
In this role, you will:
- Work in a team environment with analysts and engineers to protect a global IT infrastructure against the most advanced threat actors!
- Develop content for cyber defense tools.
- Manages SIEM rulesets, dashboards, and reports from within Splunk Enterprise Security to defend against state actors and other APTs.
- Develop signatures for Suricata, Zeek/Bro. Snort and potentially leading vendor cloud environments (Microsoft Azure/Google GCP, Amazon AWS)
- Provides new detection capabilities based on emerging threats, threat intelligence, and Red Team input.
- Assist in administering an active threat database, ensuring threat intelligence is ingested and consumed by our SIEM.
- Provide Developer support in a 24x7x365 environment.
- Determine tactics, techniques, and procedures for intrusion sets.
- Provide reporting on detection development metrics.
Qualifications
Required:
- Bachelor’s degree and 14 years of relevant experience; or a Master's degree and 12 years of experience. An additional 4 years of experience will be considered in lieu of degree.
- Must possess ONE of the following certifications or the ability to obtain before start date:
CASP+ CEZ, CCISOZ, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CISA, CISM, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, Cloud+, CySA+, GCED, GCIA, GCIH, GICSP, GSLC, SCYBER
- Expertise in large Splunk environments.
- Experience with Suricata, Zeek(Bro) and Snort rulesets.
- Exposure/experience to leading vendor cloud environments, ie: Microsoft Azure/Google GCP, Amazon AWS, Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
- Expertise in planning, implementation and usage of log aggregation and security analysis tools.
- Demonstrated knowledge of the Incident Response Lifecycle and how it applies to cloud, legacy and hybrid environments.
- Assist in identifying remediation steps for cybersecurity events.
- Strong organizational skills.
- Proven ability to operate in a time sensitive environment.
- Proven ability to communicate orally and written.
- Experience modifying Splunk ES searches, macros, and lookup tables.
- U.S. citizenship and an active Secret security clearance with the ability to obtain a final Top Secret clearance.
Preferred Qualifications:
- Knowledge of Python and search syntax like Regex.
- Knowledge of network architecture, design and security.
- Knowledge of which system files (e.g., log files, registry files, configuration files)contain relevant information and where to find those system files.
- Knowledge of packet-level analysis using appropriate tools.
- Knowledge of intersection of on-prem and cloud-based technologies.
- Experience in developing and delivering comprehensive training programs.
- Familiarity with the MITRE ATT&CK framework.
Target Salary Range
$135,000 - $216,000. This represents the typical salary range for this position based on experience and other factors.
SCA / Union / Intern Rate or Range
EEO
An Equal Opportunity Employer including Disability/Veteran.