AWS Security Engineer (Incident Response)

Peraton is seeking an Incident Response Engineer to join our dynamic Security Team within the Department of Homeland Security (DHS) Datacenter Consolidation and Cloud Optimization (DCCO) program. This role supports our Security Team’s efforts by leading incident response and cybersecurity operational compliance. The Incident Response Engineer will ensure our systems remain secure, compliant, and resilient, actively contributing to our Governance, Risk, and Compliance (GRC) initiatives. This role is entirely telework based with core hours between 9 am- 3 pm (EST) Monday – Friday; applicant must reside and perform all work within the United States. 

Day to Day Responsibilities: 

• Incident Response and Management: 

• Lead and coordinate the response to cybersecurity alerts and incidents, ensuring rapid Detection and Analysis; Containment, Eradication, and Recovery; and Post- Incident Activity Recommendations. 

• Develop, implement, and maintain Incident Response Plans in line with organizational policies and NIST guidelines. 

• Conduct forensic analysis and post-incident investigations to identify root causes and recommend improvements. 

• Proactive Security Operations: 

• Analyze system vulnerabilities, propose compensating controls, and work with engineering teams to remediate issues. 

• Oversee the security posture of cloud environments (AWS) and recommend improvements. 

• Maintain and update security documentation such as System Security Plans, Incident Response Plans, and Standard Operating Procedures. 

• Develop and conduct security training for incident response and contingency planning. 

• Collaboration and Communication: 

• Work closely with the Cybersecurity Manager, ISSOs, and other security personnel to ensure the effective implementation of operational security measures. 

• Collaborate with engineering and IT teams to address security incidents and develop proactive strategies. 

• Communicate risks and remediation activities effectively to clients and senior management. 

• Tool and Process Development: 

• Create and maintain security tools, checklists, and templates to aid A&A and incident response processes. I.E. Splunk, Cloud Trail, Guard duty, Swim Lane, etc. 

• Leverage tools such as Cyber Security Assessment and Management (CSAM) to manage risk and monitor compliance. 

Basic Qualifications: 

• High school diploma and 6 years of experience
• U.S. citizenship and the ability to obtain/maintain a DHS EOD clearance (required prior to start). 
• 5 years of relevant experience in Information Technology 
• Demonstrated experience with incident response, forensics, and root cause analysis. 
• Knowledge of security countermeasures, NIST guidelines, and RMF. 
• Experience with cloud security, including FedRAMP and AWS 
• Strong communication skills with a history of engaging stakeholders to deliver security solutions. 
• Ability to influence security practices across multiple teams and organizations. 

Some Desired Certifications:

• One or more of the following: GCIH, CISSP, CISM, AWS Security Professional, CCSP, GISCP, or GSEC.