Incident Handling-SME

Arlington, VA, United States

Full Time Clearance required USD 135K - 216K

Peraton

Peraton drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted and highly...

View all jobs at Peraton

Apply now Apply later

Responsibilities

We are seeking a Cyber Incident Handling SME to become part of Peraton’s Department of State (DoS) Diplomatic Security Cyber Mission (DSCM) program providing leading cyber and technology security experience to enable innovative, effective and secure business processes.  

  

Location: Beltsville, MD and Roslyn, VA

  

The customer requirement requires every employee to be onsite for the first 90 days. After the 90 day period, a hybrid schedule may be offered.  The selected candidate must be able to support a hybrid and flexible schedule, in the event of significant cyber incident a continuous on site presence will be required.  

 

Peraton’s DSCM program encompasses technical, engineering, data analytics, cyber security, management, operational, logistical and administrative support to aid and advise DoS Cyber & Technology Security (CTS) Directorate.  This includes protecting a global cyber infrastructure comprising networks, systems, information, and mobile devices all while identifying and responding to cyber risks and threats.  Those supporting Peraton’s DSCM program strive to leverage their expert knowledge and propose creative solutions to real-world cybersecurity challenges. 

 

What you’ll do: 

  • Support the Cyber Incident Response Team (CIRT) as a key member of Incident Response Tiger Team. 
  • Provide Subject Matter Expert (SME) level incident management support in a 24x7x365 environment.
  • Share in-depth knowledge and intelligence gained from cyber security events with stakeholders.
  • Collaborate with Cyber Threat Intelligence (CTI) teams to analyze threat actor tactics, techniques, and procedures (TTPs) and integrate actionable intelligence into incident response workflows.
  • Protect against and prevent potential cyber security threats and vulnerabilities.
  • Provide SME level response, technical assistance and expertise for significant cyber incidents, investigations and related operational events.
  • Conduct advanced analysis and recommend remediation steps.
  • Plan and conduct incident response tabletop exercises (TTX), team simulations, and cyber drills to validate response plans and improve overall readiness.
  • Develop and implement training programs for incident handling analysts.
  • Conduct detailed research to increase awareness and readiness levels of the security operations center.
  • Review, draft, edit, update and publish cyber incident response plans.
  • Develop key performance indicators (KPIs) and key risk indicators (KRIs) to measure and improve incident response effectiveness.
  • Ensure incident response procedures align with industry best practices and compliance frameworks such as NIST 800-61, ISO 27035, CMMC.
  • Mentor junior analysts, conduct knowledge transfer sessions, and develop playbooks to enhance the skill set of the security operations team.

#DSCM

Qualifications

Minimum Requirements: 

 

  • Bachelor’s degree and minimum of 14 years’ experience, or a Master's degree and a minimum of 12 years' experience. An additional 4 years of experience may be used in lieu of degree.
  • Must have one of the following certifications:
    • CASP+ CE, CCNP Security, CISA, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, GCED, GCIH.
  • Ability to manage and resolve highly complex cyber incidents.
  • Ability to recommend sound counter measures to malicious cyber activity.
  • Experience in the development of policies and procedures to investigate cyber incidents for the enterprise network.
  • Experience handling national state level cyber incidents.
  • Experience with evidence collection, custody and control procedures.
  • Experience in incident triage.
  • Perform cyber defense trend analysis and reporting.
  • Experience with the ServiceNow platform. 
  • Demonstrated knowledge of the Incident Response Lifecycle.
  • Demonstrated ability to utilize and leverage forensic tools to assist in determining scope and severity of a cybersecurity incident.
  • Ability to identify remediation steps for cybersecurity events.
  • Demonstrated strong organizational skills.
  • Proven ability to operate in a time sensitive environment. 
  • Proven ability to communicate orally and written.
  • Proven ability to brief (technical/informational) senior leadership.
  • U.S. citizenship required.
  • An active Secret security clearance with the ability to obtain a final Top Secret clearance.

Preferred Qualifications:

  • Experience developing processes and procedures within a help desk or security operations center environment.
  • Experience using security tools such as SIEM (Splunk or ELK), EDR/XDR (CrowdStrike, SentinelOne, Microsoft Defender), and network analysis tools (Wireshark, Zeek, Suricata).
  • Experience with cloud security incident response, including AWS, Azure, or Google Cloud, with knowledge of cloud-native security controls.
  • Knowledge of network architecture, design and security.
  • Knowledge of malware analysis, monitoring, and cloud tools and techniques.
  • Knowledge of system design and process methodologies.
  • Experience in developing and delivering comprehensive training programs.
  • Experience collaborating with cross functional teams.
  • Experience working in the inter-agency environment. 
  • Experience coordinating incident response efforts across multiple teams and agencies, including legal, compliance, and law enforcement.
  • Ability to communicate technical concepts to executive level leadership.

Peraton Overview

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

Target Salary Range

$135,000 - $216,000. This represents the typical salary range for this position based on experience and other factors.

EEO

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.
Apply now Apply later
Job stats:  2  0  0

Tags: Analytics AWS Azure CASP+ CCNP CISA CISSP Clearance Cloud CMMC Compliance CrowdStrike Cyber defense Data Analytics EDR ELK GCED GCIH GCP Incident response KPIs Malware Monitoring NIST Security Clearance SIEM SOC Splunk Threat intelligence Top Secret Top Secret Clearance TTPs Vulnerabilities XDR

Perks/benefits: Career development Flex hours Team events

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.