Cyber Threat Analyst – Assessment

Peraton is seeking to hire an experienced Cyber Threat Analyst – Assessment for its' Regional Cyber Center-Europe program. 

Location: On-site, Wiesbaden, Germany 

Possibility of 2nd and 3rd Shift work

Responsibilities:

• Conduct vulnerability assessments and penetration tests against USAREUR-AF network infrastructure, endpoints, and applications in support of CSSP assessment missions (NAVs and PPTs)
• Perform web application security testing using OWASP methodology and tools including Burp Suite and OWASP ZAP, identifying and validating vulnerabilities across mission partner web services
• Execute Active Directory and Linux security assessments to identify privilege escalation paths, credential exposure risks, and lateral movement opportunities within target environments
• Utilize penetration testing frameworks including Metasploit and Burp Suite to safely exploit validated vulnerabilities and demonstrate risk to mission owners in a controlled manner
• Document all assessment findings in structured reports, including vulnerability descriptions, evidence screen-shots, CVSS risk ratings, and actionable remediation recommendations
• Support mission owners and network defenders with post-assessment remediation guidance, answering technical questions and providing clarification on findings to facilitate effective risk reduction

#RCC-E

Required:

• 5 years of penetration testing or vulnerability assessment experience with a Bachelor’s degree in a STEM field or Business Administration; 11 years of relevant experience may substitute for degree
• Must meet TESA Qualifications.
• DoD 8140 - Cybersecurity (Vulnerability Analyst) - Intermediate
• Certifications — must hold active certifications (one of the following):
  • TCM Security PNPT; OR
  • HTB CPTS (Hack The Box Certified Penetration Testing Specialist); OR
  • Zero Point Security RTO (Red Team Ops); OR
  • OSCP (Offensive Security Certified Professional); OR
  • OSCE (Offensive Security Certified Expert); OR
  • GPEN (GIAC Penetration Tester); OR
  • GWAPT (GIAC Web Application Penetration Tester); OR
  • GAWN (GIAC Assessing and Auditing Wireless Networks); OR
  • GXPN (GIAC Exploit Researcher and Advanced Penetration Tester); OR
  • GWEB (GIAC Certified Web Application Defender)
• U.S. citizenship required
• Active DoD TS/SCI clearance or higher

Preferred:

• Hands-on experience with Metasploit Framework for vulnerability exploitation and post-exploitation activities
• Proficiency with Burp Suite Pro for manual and automated web application security testing
• Familiarity with OWASP ZAP for web vulnerability scanning and validation
• Experience with Nmap and Nessus/OpenVAS for network discovery and vulnerability scanning
• Working knowledge of BloodHound for Active Directory enumeration and attack path analysis
• Scripting proficiency in Python, Bash, or PowerShell for custom tool development and test automation
• Familiarity with vulnerability scoring frameworks (CVSS) and risk-based reporting methodologies
• Experience with vulnerability management platforms (e.g., Tenable.sc, Rapid7 InsightVM)