Cyber Threat Detection Subject Matter Expert

Beltsville, MD, United States

Peraton

Peraton drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted and highly...

View all jobs at Peraton

Apply now Apply later

Responsibilities

Peraton is currently seeking a Cyber Threat Detection Subject Matter Expert (SME) to become part of Peratons’ Department of State (DoS) Diplomatic Security Cyber Mission (DSCM) program providing leading cyber and technology security experience to enable innovative, effective, and secure business processes. Location: Beltsville, MD. Hybrid after initial 90-days of working on site.  

 

This current opening will support Monday-Friday, 8:00am to 4:00pm.

 

The DSCM program encompasses technical, engineering, data analytics, cyber security, management, operational, logistical, and administrative support to aid and advise DoS Cyber & Technology Security (CTS) Directorate. This includes protecting a global cyber infrastructure comprising networks, systems, information, and mobile devices all while identifying and responding to cyber risks and threats. 

 

In this role, you will:

  • Work in a team environment with analysts and engineers to protect a global IT infrastructure against the most advanced threat actors!
  • Develop content for cyber defense tools. 
  • Manages SIEM rulesets, dashboards, and reports from within Splunk Enterprise Security to defend against state actors and other APTs.
  • Develop signatures for Suricata, Zeek/Bro. Snort and potentially leading vendor cloud environments (Microsoft Azure/Google GCP, Amazon AWS)
  • Provides new detection capabilities based on emerging threats, threat intelligence, and Red Team input.
  • Assist in administering an active threat database, ensuring threat intelligence is ingested and consumed by our SIEM. 
  • Provide Developer support in a 24x7x365 environment.
  • Determine tactics, techniques, and procedures for intrusion sets.
  • Provide reporting on detection development metrics.

Qualifications

Required:

  • Bachelor’s degree and 14 years of relevant experience; or a Master's degree and 12 years of experience. An additional 4 years of experience will be considered in lieu of degree.
  • Must possess ONE of the following certifications or the ability to obtain before start date:
    • CASP+ CEZ, CCISOZ, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CISA, CISM, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, Cloud+, CySA+, GCED, GCIA, GCIH, GICSP, GSLC, SCYBER

  • Expertise in large Splunk environments.
  • Experience with Suricata, Zeek(Bro) and Snort rulesets.
  • Exposure/experience to leading vendor cloud environments, ie: Microsoft Azure/Google GCP, Amazon AWS, Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
  • Expertise in planning, implementation and usage of log aggregation and security analysis tools.
  • Demonstrated knowledge of the Incident Response Lifecycle and how it applies to cloud, legacy and hybrid environments.
  • Assist in identifying remediation steps for cybersecurity events.
  • Strong organizational skills.
  • Proven ability to operate in a time sensitive environment. 
  • Proven ability to communicate orally and written.
  • Experience modifying Splunk ES searches, macros, and lookup tables.
  • U.S. citizenship and an active Secret security clearance with the ability to obtain a final Top Secret clearance.

Preferred Qualifications:

  • Knowledge of Python and search syntax like Regex.
  • Knowledge of network architecture, design and security.
  • Knowledge of which system files (e.g., log files, registry files, configuration files)contain relevant information and where to find those system files.
  • Knowledge of packet-level analysis using appropriate tools.
  • Knowledge of intersection of on-prem and cloud-based technologies.
  • Experience in developing and delivering comprehensive training programs. 
  • Familiarity with the MITRE ATT&CK framework.

Peraton Overview

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

Target Salary Range

$135,000 - $216,000. This represents the typical salary range for this position based on experience and other factors.
Apply now Apply later
Job stats:  0  0  0
Category: Threat Intel Jobs

Tags: Analytics AWS Azure CASP+ CCNP CEH CISA CISM CISSP Clearance Cloud Cyber defense Data Analytics GCED GCIA GCIH GCP GICSP GSLC IaaS Incident response IT infrastructure Log files MITRE ATT&CK PaaS Python Red team SaaS Security analysis Security Clearance SIEM Snort Splunk Threat detection Threat intelligence Top Secret Top Secret Clearance

Perks/benefits: Team events

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.