CIRT Tier 1 Analyst / Active Secret

PeratonBeltsville, MD
Hybrid

About The Position

Peraton is seeking an experienced CIRT Tier 1 Analyst to join Peraton's Federal Strategic Cyber Mission program. This role operates in a 24x7x365 environment and involves detecting, classifying, processing, tracking, and reporting on cyber security events and incidents. The analyst will perform triage of incoming alerts and requests, monitor communication channels, create tickets, and initiate workflows according to Standard Operating Procedures (SOPs). Key responsibilities include triaging alerts from Splunk Enterprise Security (ES) and Microsoft Defender for Endpoint (MDE), identifying and triaging various types of emails (benign, spam, exercise, malicious phishing), and performing binary artifact triage to understand malware behavior. The role also requires coordination and collaboration with Department teams, reporting incident information to CISA, and collaborating with other CIRTs. Delivering and overseeing remediation activities and conducting shift change briefs are also part of the duties.

Requirements

  • Bachelor's degree and at least 2 years of experience or a High School diploma and 6 years of experience.
  • Must possess or be able to obtain at least one of the following certifications before start date: CCNA-Security, CND, CySA+, GICSP, GSEC, Security+ CE, SSCP. Continued certification required as a condition of employment.
  • Knowledge of ticketing systems (i.e. ServiceNow, Remedy).
  • Knowledge of computer networking protocols and principles.
  • Knowledge of cybersecurity principles, practices, threats, and vulnerabilities.
  • Knowledge of incident response principles and practices.
  • Skill in critical thinking by evaluating information and making independent decisions.
  • Demonstrated ability to work autonomously while taking initiative on assigned responsibilities.
  • Ability to follow established procedures and written guidance with precision and attention to detail.
  • Skill in taking ownership of problems and seeing them through to completion.
  • U.S. Citizenship required.
  • Active Secret security clearance.

Nice To Haves

  • Experience with Splunk for security monitoring and alert triage.
  • Knowledge of Microsoft Defender for Endpoint for security monitoring and response.
  • Experience with ServiceNow for ticketing and workflow management.
  • Knowledge of cloud security monitoring fundamentals.
  • Experience with email security and phishing analysis.
  • Knowledge of the MITRE ATT&CK framework.
  • Familiarity with PowerShell and basic scripting concepts.

Responsibilities

  • Detect, classify, process, track, and report on cyber security events and incidents.
  • Perform triage of incoming alerts and requests in a 24x7x365 environment.
  • Monitor and triage the CIRT hotline, email inboxes, and fax.
  • Create tickets and initiate workflows as instructed in SOPs.
  • Triage Splunk Enterprise Security (ES) Alerts and Microsoft Defender for Endpoint (MDE) Alerts.
  • Identify and triage benign, spam, exercise, and malicious phishing email.
  • Perform binary artifact triage to understand malware behavior.
  • Coordinate and collaborate with Department teams as needed to analyze and respond to events and incidents.
  • Report incident information to the Cybersecurity and Infrastructure Security Agency (CISA).
  • Collaborate with other local, national and international CIRTs as directed.
  • Deliver and oversee remediation activities.
  • Conduct shift change briefs.

Benefits

  • Overtime
  • Shift differential
  • Discretionary bonus
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service