Peraton is seeking to hire experienced Cyber Security Operations role for its' Regional Cyber Center-Europe program.
Location: On-site in Wiesbaden, Germany
Potentially 2nd/3rd Shift work
- Senior Cyber Response Analyst
Responsibilities:
- Lead incident response operations for high-severity and critical cyber events affecting DoDIN-Europe, directing containment, eradication, and recovery actions in coordination with RCC-E CSSP, NETCOM, and ARCYBER stakeholders
- Conduct in-depth malware analysis and digital forensic investigations on compromised systems, leveraging memory forensics, static/dynamic malware analysis, and artifact examination to determine scope, root cause, and adversary TTPs
- Manage SIEM (Elastic Stack/Splunk) alert triage workflows, developing and refining correlation rules and detection logic to improve fidelity of alerts and reduce analyst fatigue across the RCC-E security operations environment
- Produce detailed threat intelligence and incident reports — including executive summaries and technical findings — that clearly articulate adversary behavior, indicators of compromise (IOCs), and recommended mitigations to both technical and non-technical audiences
- Coordinate with NETCOM G2, ARCYBER, and CISA to share threat intelligence, deconflict incident response activities, and ensure RCC-E defensive actions align with Army-wide cyber defense priorities
- Mentor and provide technical guidance to junior cyber analysts, conducting knowledge transfer sessions on incident response methodologies, forensic techniques, and SIEM tool usage to build team capability
- Senior Cyber Threat Analyst
Responsibilities:
- Analyze advanced persistent threat (APT) activity targeting DoDIN-Europe by correlating indicators from multiple intelligence sources, network telemetry, and endpoint data to characterize adversary campaigns and assess risk to Army operations
- Produce finished cyber threat intelligence products — including threat assessments, trend analyses, and adversary TTPs reports — tailored for both technical operators and senior Army leadership at RCC-E and NETCOM
- Perform expert-level analysis of network logs including firewall events, PCAP captures, NetFlow records, Zeek/Bro connection logs, DNS query logs, and web proxy data to reconstruct adversary activity and identify lateral movement or exfiltration
- Conduct RAM and system memory dump analysis to identify malicious processes, injected code, persistence mechanisms, and artifacts of compromise that may not be visible through traditional log-based analysis
- Lead and support proactive threat hunting operations across RCC-E-managed networks, developing hypothesis-driven hunt packages based on current threat intelligence and MITRE ATT&CK TTPs to uncover undetected adversary activity
- Develop cyber threat awareness products and briefings for distribution to supported Army units, providing actionable intelligence on emerging threats, vulnerabilities, and recommended defensive measures relevant to the USAREUR-AF operational environment
- Senior Cyber Incident Handling Analyst
Responsibilities:
- Manage the full cyber incident lifecycle — from initial detection and triage through containment, eradication, recovery, and post-incident review — ensuring all actions are executed in accordance with NIST SP 800-61 and Army incident response procedures
- Coordinate with internal RCC-E teams, supported unit commanders, NETCOM, and ARCYBER during active cyber incidents, serving as the primary point of contact for incident status updates and ensuring timely, accurate communication to all stakeholders
- Produce comprehensive incident reports including initial notifications, situation reports (SITREPs), and final after-action reports that document the timeline, scope, impact, root cause, and remediation actions for each cyber incident
- Maintain accurate and up-to-date incident tracking records in TheHive and ServiceNow, ensuring all case data, evidence artifacts, analyst notes, and closure documentation meet RCC-E quality standards and audit requirements
- Conduct post-incident reviews and lessons-learned sessions following significant cyber events, identifying process gaps, detection failures, and response inefficiencies, and translating findings into actionable improvements for the RCC-E CSSP
- Develop, maintain, and exercise incident response playbooks for common attack scenarios (ransomware, phishing, credential theft, insider threat), ensuring procedures remain current with the evolving threat landscape and Army policy requirements
Responsibilities:
- Monitor IDS/SIEM platforms (Elastic, Splunk, ArcSight) for security events, anomalies, and indicators of compromise across DoD networks in the USAREUR-AF AOR
- Triage, analyze, and escalate security alerts in accordance with CSSP standard operating procedures, ensuring timely notification to senior analysts and mission partners
- Conduct initial malware analysis and static/dynamic examination of suspicious files, URLs, and artifacts to determine threat scope and impact
- Document security incidents from initial detection through containment, recording all actions, findings, and evidence in the incident tracking system
- Support incident response actions including host isolation, evidence collection, and coordination with network operations and mission owners
- Produce accurate and timely shift reports, end-of-day summaries, and incident tickets that capture event timelines, analyst actions, and recommended follow-on steps
Responsibilities:
- Analyze network logs including firewall events, PCAP captures, NetFlow records, and DNS query data to identify malicious activity and threat patterns across USAREUR-AF networks
- Correlate threat indicators and suspicious activity across multiple data sources to build comprehensive threat pictures and support escalation decisions
- Review network architecture diagrams and topology documentation to identify anomalous traffic flows, unauthorized connections, and potential attack paths
- Perform memory and system dump analysis to identify malicious processes, persistence mechanisms, and indicators of advanced persistent threat (APT) activity
- Develop and disseminate cyber threat awareness products, including threat summaries, indicator bulletins, and situational awareness reports for mission partners and leadership
- Support proactive threat hunting operations by developing hypotheses, querying data repositories, and documenting hunt findings in support of CSSP defensive missions
- Cyber Incident Handling Analyst
Responsibilities:
- Monitor security event feeds across IDS/SIEM platforms, reviewing alerts and identifying events requiring escalation or incident declaration in accordance with CSSP procedures
- Triage incoming security alerts, applying analytical judgment to distinguish true positives from false positives and prioritizing response actions based on threat severity and mission impact
- Coordinate incident response actions across internal CSSP teams, network operations, and mission owners, ensuring timely containment and eradication of identified threats
- Document all incidents comprehensively from initial detection through resolution, capturing timelines, evidence, analyst actions, and lessons learned in the incident management system
- Maintain and update incident tracking systems (e.g., TheHive, ServiceNow) to ensure accurate status reporting, SLA compliance, and audit-ready records for all security events
- Support post-incident analysis and after-action reviews, contributing to root cause identification, process improvement recommendations, and updates to CSSP playbooks and SOPs
