About Peraton

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees solve the most daunting challenges that our customers face. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

About The Role

Position: Tier 2/3 Cyber Security Analyst - Microsoft Sentinel and Microsoft Defender
Program: Peraton Federal Strategic Cyber Mission

Peraton is seeking an experienced Tier 2/3 Cyber Security Analyst to join our Federal Strategic Cyber Mission program. This role requires a seasoned cybersecurity professional with extensive hands‑on experience implementing, configuring, and operating Microsoft Sentinel and Microsoft Defender security solutions. The ideal candidate will serve as a senior escalation point for complex security incidents, lead advanced threat‑hunting operations, and drive the maturation of detection capabilities across the Microsoft security ecosystem.

Key Responsibilities:

Incident Detection, Analysis, and Response
• Detect, classify, process, track, and report cybersecurity events and incidents across the enterprise.
• Serve as senior escalation point for Tier 1 and Tier 2 triage, conducting in‑depth analysis of complex and coordinated threats in a 24x7x365 environment.
• Analyze logs from multiple sources (host, EDR, firewalls, IDS, servers) to identify, contain, and remediate suspicious activity.
• Characterize and analyze network traffic to identify anomalies and potential threats.
• Perform forensic analysis of host artifacts, network traffic, and email content.
• Analyze malicious scripts and code to mitigate threats.
• Conduct malware analysis and develop IOCs to support threat identification and mitigation.

Microsoft Sentinel & Defender Engineering and Operations
• Design, implement, configure, and maintain Microsoft Sentinel SIEM, including workspace architecture, data connectors, and log ingestion pipelines.
• Develop and tune analytics rules, scheduled queries, NRT rules, and fusion rules to optimize detection fidelity.
• Create and maintain Sentinel workbooks, hunting queries, and automation playbooks (Logic Apps).
• Implement and manage Microsoft Defender for Endpoint (MDE), including ASR rules, AIR, policy configuration, and KQL-based advanced hunting.
• Configure and operationalize Microsoft Defender for Identity, including sensor deployment, threat‑detection tuning, and lateral movement path analysis.
• Manage Microsoft Defender for Office 365, including Safe Attachments, Safe Links, anti-phishing policies, and investigation capabilities.
• Implement and maintain Microsoft Defender for Cloud for CSPM, workload protection, and cloud-native threat detection across multi-cloud environments.
• Develop custom KQL queries for hunting, detection engineering, and security analytics across M365 Defender and Sentinel.
• Integrate Sentinel with SOAR, developing automated response playbooks and orchestration workflows.
• Monitor data connector health, troubleshoot ingestion issues, and optimize log collection.
• Implement and manage Microsoft Entra ID security capabilities including Conditional Access, Identity Protection, PIM, and access reviews.

Threat Hunting & Intelligence
• Conduct proactive hunts for APTs using Sentinel and MDE hunting capabilities.
• Integrate and operationalize threat intelligence within Sentinel to enhance detection.
• Analyze threat intelligence reporting and apply adversary methodology knowledge to improve detection posture.
• Map detections and hunting hypotheses to MITRE ATT&CK and D3FEND frameworks.

Collaboration & Reporting
• Collaborate with customer teams to investigate and respond to events and incidents.
• Monitor and respond via SOAR, hotline, and designated email inboxes.
• Create tickets and initiate workflows in accordance with SOPs.
• Coordinate and report incident information to CISA as required.
• Engage with local, national, and international CIRTs as directed.
• Submit alert tuning requests and lead ongoing detection engineering efforts.
• Mentor and provide technical guidance to Tier 1 and Tier 2 analysts on Microsoft security tools and incident response processes.

Qualifications

Minimum Requirements

Education & Experience
• Bachelor’s degree and a minimum of 5 years of cybersecurity experience, OR a high school diploma and 9 years of cybersecurity experience.
• Minimum 3 years of hands-on experience implementing and operating Microsoft Sentinel (workspace deployment, analytics rule development, workbook creation, playbook automation).
• Minimum 3 years of experience implementing and managing Microsoft Defender solutions (Defender for Endpoint, Defender for Identity, Defender for Office 365, and/or Defender for Cloud).

Certifications
Must possess (or be able to obtain prior to start date) at least one of the following; continued certification is required as a condition of employment: CCNA-Security; CND; CySA+; GICSP; GSEC; Security+ CE; SSCP

Technical Skills:
• Extensive proficiency in Kusto Query Language (KQL) for advanced detections, hunting queries, and Sentinel/M365 Defender analytical workbooks.
• Experience designing and implementing Microsoft Sentinel analytics rules (scheduled, NRT, fusion).
• Proven experience deploying and managing Microsoft Defender for Endpoint (policy configuration, ASR rules, AIR, live response).
• Experience with Microsoft Defender for Identity (sensor deployment, detection tuning, identity-based investigations).
• Demonstrated experience across the full Incident Response lifecycle (Preparation through Lessons Learned).
• Knowledge of SOAR platforms and automated response systems (ServiceNow, Splunk SOAR, Sentinel Playbooks/Logic Apps).
• Experience with SIEM platforms (Sentinel, Splunk, Elastic, QRadar).
• Experience with EDR solutions (MDE, ElasticXDR, CarbonBlack, CrowdStrike).
• Knowledge of cloud security monitoring and incident response, especially in Azure.
• Ability to integrate IOCs and track APT actor activity.
• Ability to analyze threat intelligence and understand adversary techniques.
• Knowledge of static and dynamic malware analysis techniques.
• Knowledge of MITRE ATT&CK and D3FEND frameworks and ability to map detections.

Clearance & Citizenship
• U.S. Citizenship required.
• Ability to obtain a Top Secret security clearance.

Preferred Qualifications:

• Microsoft SC‑200 (Security Operations Analyst) — highly preferred
• Microsoft SC‑100 (Cybersecurity Architect)
• Microsoft AZ‑500 (Azure Security Engineer)
• Microsoft SC‑300 (Identity and Access Administrator)
• Experience architecting multi‑tenant or multi‑workspace Sentinel environments
• Experience with Sentinel content hub solutions and custom content development
• Proficiency with Microsoft Defender for Cloud workload protection across Azure, AWS, and GCP
• Experience developing Logic Apps and Power Automate flows for security automation
• Proficiency with Splunk for monitoring, alerting, and threat hunting
• Knowledge of Microsoft Azure/Entra ID access and identity management (Conditional Access, PIM, Identity Protection)
• Experience with digital forensics tools (Autopsy, Magnet Forensics, KAPE, CyLR, Volatility, Zimmerman tools)
• Experience with ServiceNow SOAR for automated ticketing and response
• Proficiency in Python, PowerShell, and Bash for automation and tool development
• Ability to perform static/dynamic malware analysis and reverse engineering
• Experience integrating cyber threat intelligence and IOC-based hunting into Sentinel TI module
• Experience leading purple team exercises and translating findings into actionable detections
• Additional preferred certifications:

Microsoft: SC‑200, SC‑100, AZ‑500, SC‑300, SC‑900
Industry: SecurityX/CASP+, CySA+, Cloud+, GCIH, GCIA, GCFA, GNFA, GREM, GEIR, CCSP, CCSK, CHFI, GCLD, PRMP
Practical: TryHackMe SAL1, HackTheBox CDSA, CyberDefenders CCD

Details

Target Salary Range: $80,000 - $128,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

Benefits Statement: Peraton offers eligible employees a variety of benefits including medical, dental, vision, life, health savings account, short/long term disability, EAP, parental leave, 401(k), paid time off (PTO) for vacation, and company paid holidays. A full listing of available benefits can be viewed at <a href="https://www.careers.peraton.com/benefits" target="_blank" rel="noopener">https://www.careers.peraton.com/benefits. 

Application Statements: The application period for the job is estimated to be 30 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates. 

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.