Incident Response Analyst SME

Join Peraton's mission-critical team supporting secure, real-time data delivery across complex operational environments in direct support of our nation's warfighters. If you are driven by national security and energized by cutting-edge C2ISR capabilities, sensor integration, and resilient data transport solutions, we invite you to join our team. 

We are seeking highly cleared professionals who excel at the intersection of advanced communications infrastructure, distributed systems, and mission assurance where reliability, security, and performance are paramount. 

Specifically, we are looking for a TS/SCI cleared Incident Response Analyst - SME to support this mission at MacDill AFB, Florida. 

Responsibilities:  

As an Incident Response Analyst - SME you will provide technical and management leadership for all equipment and information support functions across the Task Order. Your responsibilities include: 

• Provides technical and management leadership for all cybersecurity incident response functions within the C2ISR Transport Infrastructure, establishing overarching goals and strategic plans for comprehensive protection and operational assurance. 
• Directs and controls the strategic design, development, and implementation of advanced incident response methodologies, threat intelligence integration, and digital forensics capabilities across diverse technological domains. 
• Possesses expert domain and technical knowledge in advanced persistent threats (APTs), incident lifecycle management, and C2ISR systems, applying this to define and drive the technical roadmap for developing and executing robust cybersecurity services. 
• Has overall responsibility for establishing and implementing innovative approaches that ensure rapid and effective response to all cybersecurity incidents, addressing critical security controls (access management, network boundaries, supply chain risk mitigation). 
• Engages in high-level client negotiations and interfaces with senior management regarding the strategic vision, capabilities, and resource allocation for advanced incident response solutions. 
• Utilizes expert domain knowledge and decision-making that has a critical impact on the overall project implementation, ensuring incident response strategies maintain continuous compliance with DoD IA policies and comprehensive threat prevention strategies. 
• Directs and controls the methods and staffing for incident response teams, ensuring delivery of high-impact, scalable, and resilient security solutions that optimize C2ISR operational effectiveness. 
• Provides authoritative guidance on all aspects of incident prevention, detection, analysis, containment, eradication, and recovery, including post-incident review and lessons learned integration. 
• Establishes and governs the architectural principles, tools, and platforms for all incident response efforts, critically impacting the reliability, resilience, and security effectiveness of C2ISR systems. 
• Shapes the future direction of cybersecurity for the task order by pioneering new incident response technologies, threat hunting techniques, advanced security orchestration and automation, directly impacting national security and warfighter support. 
• Utilize the following Role Specific Tools: Security Information and Event Management (SIEM) platforms (e.g., Splunk, Microsoft Sentinel); intrusion detection and prevention systems (Snort, Suricata, Zeek); endpoint detection and response (EDR) tools (e.g., Microsoft Defender for Endpoint, Trellix, SentinelOne) threat intelligence platforms (MISP, ThreatConnect); vulnerability management dashboards (Nessus, Qualys, OpenVAS); incident ticketing and workflow systems (ServiceNow, Jira Service Desk integrated with IR playbooks); log aggregation and correlation engines; encryption and secure communications utilities (PKI, TACLANE); evidence collection and chain of custody documentation templates; automated response orchestration tools (SOAR platforms like Palo Alto Cortex XSOAR, Splunk Phantom); compliance and reporting templates for incident handling under DoD RMF, NIST SP 800 61, and ISO/IEC 27035. 

Required qualifications: 

• Previous experience as an Incident Response Analyst or similar role supporting a DoD customer at the CCMD level 
• Minimum of 12 years’ experience with a BS/BA or 10 years’ experience with an MS/MA or 7 years’ experience with a PhD. or 16 years' w/o a degree or 14 years with AS/AA 
• A current, active DoD security clearance at the TS/SCI level 
• US citizenship is required 
• DoD 8140 role for WRC: 531; Element: CS; Work Role: Cyber Defense Incident Responder; Proficiency Level: Advanced / Ability to obtain 

Desired Qualifications: 

• DoD-approved IA baseline certification for ADP-III/IT-III based on the IAT level and CE/Operating System (OS) certificate within six months of the assignment. 

Work Environment:  

• Location: MacDill AFB, FL. 
• On-site expectations: Full-time on-site presence required for equipment management and asset tracking 
• Travel: May require occasional travel to CONUS and OCONUS sites for logistics coordination and facility assessments  

Why Join Us?   

• Be part of a mission-critical team supporting our nation’s elite and its mission partners in delivering cutting-edge C2ISR capabilities 
• Work in a dynamic and collaborative environment supporting critical national security operations 
• Manage cutting-edge communications and sensor systems that directly impact operational readiness 
• Access to professional development opportunities and career growth within the intelligence and cybersecurity community 
• Opportunity to work with advanced tactical communications technologies and AISR systems  

#C2ISR