Incident Response Analyst

Responsibilities

Secure Division Support. The GCC provides CSSP responsibilities and conducts DODIN Operations and DCO – Internal Defensive Measures (IDM) to protect the DODIN IAW the DoDM 8530.01 and the DoD Cybersecurity Services Evaluator Scoring Metrics (ESM). These responsibilities are broken into five (5) CSSP functions; Identify, Protect, Detect, Respond, and Recover. GCC is responsible to conduct these functions for its assigned portion of the DODIN for both unclassified and classified networks/ systems. The division provides support services for the protection, monitoring, analysis, detection, and response to unauthorized activity within the DoD Information Systems and Networks. DCO-IDM services are required to defend against unauthorized activity on all Army assets residing on the NIPRNet and SIPRNet. The division provides defensive measures to protect and defend information, computers, and networks from disruption, denial, degradation, or destruction. The division provides sensor management and event analysis and response for network and host-based events. For sensor management, the division provides management of in-line Network Intrusion Protection System/Network Intrusion Detection System (NIPS/NIDS) sensors monitoring all CONUS DoDIN-A NIPRNet and SIPRNet Enterprise traffic to detect sensor outages and activities that attempt to compromise the confidentiality, integrity, or availability of the network. In coordination with GCC Operations, DCO initiates defensive security procedures upon detection of these attacks. Event analysis and response includes the processes involved with reducing multiple cyber incidents to actual malicious threat determinations and mitigating those threats IAW guidance received from GCC Government leadership. Support the Government in providing services for CSSP services on both the NIPRNet and SIPRNet IAW Appendix E: Secure Division Workload Assessment in support of the CONUS portion of the DoDIN-A. Develop reports and products, both current and long-term, in support of CSSP and course of action development. Prepare Tactics, Techniques, and Procedures (TTP), SOPs, Executive Summary (EXSUMS), trip reports, and information/point papers. Contribute during the preparation of agreements, policy, and guidance documentation such as Memorandums of Understanding / Agreement (MOU/A), Service Level Agreements (SLA).• SIEM Tool Support. Perform the following SIEM tool support:• Provide administrator support to maintain connectivity between devices identified in that provide security event information to the SIEM.• Install updates to event analysis rules sets and analyze operational impact.• Communicate SIEM storage requirements to maintain approximately 12 months of online security events, with a maximum available storage at approximately four (4) TB. This amount will ensure approximately 12 months of security event records access capability. • Maintain and update SIEM tool software rules for optimal detection of malicious or unauthorized activity.

Qualifications

Basic Qualifications:

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Possess and maintain a Top Secret w/SCI security clearance
• Certifications: DCWF Code 511 Advanced: Cisco Certified CyberOps Associate or CompTIA Cybersecurity Analyst (CySA+) or CyberSec First Responder (CFR) or Federal IT Security Professional-Operator-NG (FITSP-O) or GIAC Certified Forensics Analyst (GCFA) or GIAC Certified Intrusion Analyst (GCIA) or GIAC Defensible Security Architecture (GDSA) or GIAC Global Industrial Cyber Security Professional (GICSP) or GIAC Security Essentials Certification (GSEC)
• Proven experience in maintaining accurate records of customer interactions.
• Strong management and scheduling skills.
• Experience with O365.
• Problem-solving ability and demonstrates flexible with the ability to multi-task.
• Possess attention to detail and follow-through.
• Ability to be flexible, organize priorities in a fast-paced work environment, while maintaining a high level of focus and accuracy.
• High level of professionalism and ability to maintain confidentiality.
• Capable of following detailed training documentation.
• Expertise in fostering teamwork and collaboration.
• Ability to provide timely feedback and responses.
• Willingness to work weekend and support rotating shifts

Peraton Overview

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

Target Salary Range

$80,000 - $128,000. This represents the typical salary range for this position based on experience and other factors.