Tier 2 Cyber Incident Response Team (CIRT) Shift Lead

Peraton is seeking an experienced Tier 2 Cyber Incident Response Team (CIRT) Shift Lead to support a high-impact cybersecurity and technology program focused on securing global infrastructure and enabling innovative, effective, and secure business processes.

Location: Beltsville, MD.

Work Hours: Days Shift, 6:00 AM – 2:00 PM, Tuesday – Saturday.

As a Cyber Incident Response Team Shift Lead, you will:

• Detect, classify, process, track, and report cybersecurity events and incidents.
• Perform advanced analysis of Tier 1 alert triage and requests in a 24x7x365 environment.
• Analyze logs from multiple sources to identify, contain, and remediate suspicious activity.
• Characterize and assess network traffic to detect anomalous behavior and potential threats.
• Conduct forensic analysis of host artifacts, network traffic, and email content.
• Perform malware analysis to generate Indicators of Compromise (IOCs) and mitigate threats.
• Collaborate with Department of State teams to analyze and respond to incidents.
• Monitor and respond to the CIRT SOAR platform, hotline, and email inboxes.
• Create tickets and initiate workflows in accordance with technical SOPs.
• Coordinate and report incident details to the Cybersecurity and Infrastructure Security Agency (CISA).
• Submit alert tuning requests to improve detection accuracy.

As a Tier 2 Shift Lead, you will also:

• Review all Tier 2 shift tickets for accuracy and completeness.
• Coordinate remediation actions with CIRT Watch Officers and government leadership.
• Recommend technical and procedural improvements to CIRT leadership.
• Assist with technical interviews for Tier 2 candidates.
• Ensure proper execution of coordinated remediation actions.

Required Minimum Qualifications:  

• Bachelor's degree and a minimum 9 years of relevant experience required; 7 years with a Masters; or a High School diploma and 13 years' of relevant incident response experience.
• Must have a minimum of 6 years of Cyber specific experience, with at least 4 years specifically in Incident Response.   
• Must possess one of the following certifications prior to start date: 
  • CASP+ CE, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CISA, CISSP (or Associate), Cloud+, CySA+, GCED, GCIA, GCIH, GICSP, SCYBER, VCA DCV, PPDA, Agile IC, or SNOW App Dev
• Demonstrated experience in the Incident Response lifecycle. 
• Knowledge of SOAR ticketing and automated response systems (e.g. ServiceNow, Splunk SOAR, Microsoft Sentinel). 
• Demonstrated experience with using Security Information and Event Management (SIEM) platforms (e.g. Splunk, Microsoft Sentinel, Elastic, Q-Radar). 
• Demonstrated experience in using Endpoint Detection and Response systems (e.g. MDE, ElasticXDR, CarbonBlack, Crowdstrike). 
• Knowledge of cloud security monitoring and incident response. 
• Knowledge of integrating IOCs and Advanced Persistent Threat actors. 
• Ability to analyze cyber threat intelligence reporting and understanding adversary methodologies and techniques. 
• Knowledge of malware analysis techniques. 
• Knowledge of the MITRE ATT&CK and D3FEND frameworks. 
• Experience in managing and coordinating small teams. 
• U.S. Citizenship required. 
• Active Secret security clearance.
  • The ability to obtain a final Top Secret/SCI security clearance. 

Preferred Qualifications:  

• Proficiency with Splunk for security monitoring, alert creation, and threat hunting. 
• Experience using Microsoft Azure access and identity management. 
• Proficiency in Microsoft Defender for Endpoint and Identity for security monitoring, response, and alert generations. 
• Experience using digital forensics collection and analysis tools (e.g. Autopsy, Axiom MagnetForensics, Zimmerman-Tools, KAPE, CyLR, Volatility). 
• Experience using ServiceNow SOAR for ticketing and automated response. 
• Experience using Python, PowerShell and BASH scripting languages. 
• Proficiency in cloud security monitoring and incident response. 
• Demonstrated ability to perform static/dynamic malware analysis and reverse engineering. 
• Experience with integrating cyber threat intelligence and IOC-based hunting. 
• Technical certifications such as: Azure SC-900, CCSP, GCIH, CCSK, GSEC, CHFI, GCLD, GCIA. 
• Advanced technical certifications such as: SecurityX/CASP+, PRMP, GREM, GEIR, GNFA, or GCFA.