Tier 1 Cyber Incident Response Team; CIRT Lead

Responsibilities

Peraton is currently seeking an experienced Tier 1 Cyber Incident Response Team (CIRT) Lead to become part of our Federal Strategic Cyber Group.

Location:
Beltsville, MD.

Schedule:
Mon-Friday, 08:00-16:00 (8:00 AM - 4:00 PM).

In this role, you will:

• Manage the detection, classification, processing, tracking, and reporting on cyber security events and incidents
• Coordinate and collaborate with Department teams to analyze and respond to events and incidents
• Manage triage and response capabilities in a 24x7x365 environment
• Monitor and triage the CIRT hotline, email inboxes, and fax
• Manage ticket creation and workflows as instructed in SOPs
• Manage the reporting of incident information to the Cybersecurity and Infrastructure Security Agency (CISA)
• Manage collaboration with other local, national and international CIRTs as directed
• Manage the delivery and oversight of remediation activities
• Manage IR processes for identifying and triaging email events
• Manage IR processes for triage and analysis of Splunk Enterprise Security (ES) alerts and Microsoft Defender for Endpoint (MDE) alerts
• Manage IR processes for triage of malicious artifacts to remediate further propagation
• Manage IR processes for triage and initial analysis of Microsoft Defender for Identity alerts, Entra s, and Microsoft for Cloud Identity alerts

Additionally, as a Tier 1 Lead you will:

• Create schedules and maintain personnel across all shifts
• Review monthly and technical status reports to ensure compliance and accuracy
• Review and update SCRUM sprint objectives for the team
• Prepare weekly metrics reports and Weekly Activity Reports (WAR) for upper management
• Write and suggest technical and procedural changes to CIRT management
• Conduct candidate interviews to evaluate potential team members
• Lead Shift Lead meetings to discuss training, issues, and concerns
• Identify Tier 1 analyst training requirements and coordinate training support
• Mentor the professional development of Tier 1 analysts

Minimum Requirements:

• Bachelor's degree and a minimum of 9 years of relevant experience; 7 years with a Master's degree; 4 years with a PhD. (An additional 4 years of relevant experience may be substituted for the degree requirement.)
• Applicants must currently hold one of the following professional certifications or obtain one prior to their start date. Continued certification is required as a condition of employment: CASP+ CE, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CHFI, CISA, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, CySA+, GCED, GCFA, GCIH, SCYBER.
• U.S. citizenship required.
• Active Secret security clearance. Ability to obtain a final Top-Secret clearance.

Required Technical & Professional

Experience:

• Demonstrated experience across the Incident Response lifecycle.
• Experience using ticketing and Security Orchestration and Response (SOAR) platforms (e.g., Service Now, Splunk SOAR).
• Knowledge of MITRE ATT&CK and D3
  
  FEND frameworks.
• Knowledge of the Agile framework and SCRUM planning lifecycle.
• Experience with log analysis and correlation from multiple sources.
• Experience with email security and phishing analysis.
• Experience with cloud security monitoring and cloud-based incident response.
• Proficiency with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar).
• Proficiency with Endpoint Detection and Response (EDR) platforms (e.g., Microsoft XDR, Elastic XDR, Carbon Black, Crowd Strike).
• Ability to analyze all-source cyber threat intelligence and understand adversary methodologies and techniques.
• Experience with Power Shell, Python, or BASH scripting.
• Knowledge of static and dynamic malicious artifact analysis.
• Experience collaborating with internal and external stakeholders.
• Excellent written and verbal communication skills.
• Strong leadership and mentoring capabilities.

Preferred Qualifications:

• Advanced technical or project management certifications, such as CISSP, Security
  
  X/CASP+, GEIR, GNFA, GCFA, PMP, CISA.
• Demonstrated expertise with Splunk for security monitoring and alert triage.
• Demonstrated expertise with Microsoft Defender for Endpoint and Identity.
• Experience with SCRUM planning under the Agile framework.
• Experience with digital forensics collection and analysis tools.
• Experience using Microsoft Azure for access and identity management.
• Experience using Service Now SOAR for ticketing and automated response.
• Proficiency with Python, Power Shell, and BASH scripting.
• Proficiency in cloud security monitoring and incident response triage.
• Experience with static and dynamic malicious artifact analysis.

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats…