Tier 1 Cyber Incident Response Team (CIRT) Lead

Peraton is currently seeking an experienced Tier 1 Cyber Incident Response Team (CIRT) Lead to become part of our Federal Strategic Cyber Group.

Location: Beltsville, MD.

Schedule: Mon-Friday, 08:00-16:00 (8:00 AM - 4:00PM).

In this role, you will:  

• Manage the detection, classification, processing, tracking, and reporting on cyber security events and incidents 
• Coordinate and collaborate with Department teams to analyze and respond to events and incidents 
• Manage triage and response capabilities in a 24x7x365 environment 
• Monitor and triage the CIRT hotline, email inboxes, and fax 
• Manage ticket creation and workflows as instructed in SOPs
• Mange the reporting of incident information to the Cybersecurity and Infrastructure Security Agency (CISA) 
• Manage collaboration with other local, national and international CIRTs as directed 
• Manage the delivery and oversight of remediation activities
• Manage IR processes for identifying and triaging email events
• Manage IR processes for triage and analysis of Splunk Enterprise Security (ES) alerts and Microsoft Defender for Endpoint (MDE) Alerts
• Manage IR processes for triage of malicious artifacts to remediate further propagation
• Manage IR processes for triage and initial analysis of Microsoft Defender for Identity alerts, Entra ID alerts, and Microsoft for Cloud Identity alerts

Additionally, as a Tier 1 Lead you will:

• Create schedules and maintain personnel across all shifts
• Review monthly and technical status reports to ensure compliance and accuracy
• Review and update SCRUM sprint objectives for the team
• Prepare weekly metrics reports and Weekly Activity Reports (WAR) for upper management
• Write and suggest technical and procedural changes to CIRT management
• Conduct candidate interviews to evaluate potential team members
• Lead Shift Lead meetings to discuss training, issues, and concerns
• Identify Tier 1 analyst training requirements and coordinate training support
• Mentor the professional development of Tier 1 analysts

Minimum Requirements: 

• Bachelor’s degree and a minimum of 9 years of relevant experience; 7 years with a Master’s degree; 4 years with a PhD.
  • An additional 4 years of relevant experience may be substituted for the degree requirement.
• Applicants must currently hold one of the following professional certifications or obtain one prior to their start date. Continued certification is required as a condition of employment:
  CASP+ CE, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CHFI, CISA, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, CySA+, GCED, GCFA, GCIH, SCYBER
• U.S. citizenship required
• Active Secret security clearance
  • Ability to obtain a final Top-Secret clearance

Required Technical & Professional Experience:

• Demonstrated experience across the Incident Response lifecycle
• Experience using ticketing and Security Orchestration and Response (SOAR) platforms (e.g., ServiceNow, Splunk SOAR)
• Knowledge of MITRE ATT&CK and D3FEND frameworks
• Knowledge of the Agile framework and SCRUM planning lifecycle
• Experience with log analysis and correlation from multiple sources
• Experience with email security and phishing analysis
• Experience with cloud security monitoring and cloud-based incident response
• Proficiency with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar)
• Proficiency with Endpoint Detection and Response (EDR) platforms (e.g., Microsoft XDR, Elastic XDR, Carbon Black, CrowdStrike)
• Ability to analyze all-source cyber threat intelligence and understand adversary methodologies and techniques
• Experience with PowerShell, Python, or BASH scripting
• Knowledge of static and dynamic malicious artifact analysis
• Experience collaborating with internal and external stakeholders
• Excellent written and verbal communication skills
• Strong leadership and mentoring capabilities

Preferred Qualifications

• Advanced technical or project management certifications, such as:
  CISSP, SecurityX/CASP+, GEIR, GNFA, GCFA, PMP, CISA
• Demonstrated expertise with Splunk for security monitoring and alert triage
• Demonstrated expertise with Microsoft Defender for Endpoint and Identity
• Experience with SCRUM planning under the Agile framework
• Experience with digital forensics collection and analysis tools
• Experience using Microsoft Azure for access and identity management
• Experience using ServiceNow SOAR for ticketing and automated response
• Proficiency with Python, PowerShell, and BASH scripting
• Proficiency in cloud security monitoring and incident response triage
• Experience with static and dynamic malicious artifact analysis