CIRT Tier 1 Analyst
About The Position
Peraton is seeking an experienced CIRT Tier 1 Analyst to join Peraton's Federal Strategic Cyber Mission program. In this role, you will detect, classify, process, track, and report on cyber security events and incidents. You will perform triage of incoming alerts and requests in a 24x7x365 environment, monitor and triage the CIRT hotline, email inboxes, and fax. You will create tickets and initiate workflows as instructed in SOPs, triage Splunk Enterprise Security (ES) Alerts and Microsoft Defender for Endpoint (MDE) Alerts. You will identify and triage benign, spam, exercise, and malicious phishing email, and perform binary artifact triage to understand malware behavior. You will coordinate and collaborate with Department teams as needed to analyze and respond to events and incidents, report incident information to the Cybersecurity and Infrastructure Security Agency (CISA), and collaborate with other local, national and international CIRTs as directed. You will also deliver and oversee remediation activities and conduct shift change briefs.
Requirements
- Bachelor's degree and at least 2 years of experience or a High School diploma and 6 years of experience.
- Must possess or be able to obtain at least one of the following certifications before start date: CCNA-Security, CND, CySA+, GCIH, GSEC, Security+, CEH, or SSCP.
- Continued certification required as a condition of employment.
- U.S. Citizenship required.
- Active Secret security clearance required in order to start.
- Knowledge of ticketing systems (i.e. ServiceNow, Remedy)
- Knowledge of computer networking protocols and principles
- Knowledge of cybersecurity principles, practices, threats, and vulnerabilities
- Knowledge of incident response principles and practices
- Skill in critical thinking by evaluating information and making independent decisions
- Demonstrated ability to work autonomously while taking initiative on assigned responsibilities
- Ability to follow established procedures and written guidance with precision and attention to detail
- Skill in taking ownership of problems and seeing them through to completion
Nice To Haves
- Experience with Splunk for security monitoring and alert triage
- Knowledge of Microsoft Defender for Endpoint for security monitoring and response
- Experience with ServiceNow for ticketing and workflow management
- Knowledge of cloud security monitoring fundamentals
- Experience with email security and phishing analysis
- Knowledge of the MITRE ATT&CK framework
- Familiarity with PowerShell and basic scripting concepts
Responsibilities
- Detect, classify, process, track, and report on cyber security events and incidents
- Perform triage of incoming alerts and requests in a 24x7x365 environment
- Monitor and triage the CIRT hotline, email inboxes, and fax
- Create tickets and initiate workflows as instructed in SOPs
- Triage Splunk Enterprise Security (ES) Alerts and Microsoft Defender for Endpoint (MDE) Alerts
- Identify and triage benign, spam, exercise, and malicious phishing email
- Perform binary artifact triage to understand malware behavior
- Coordinate and collaborate with Department teams as needed to analyze and respond to events and incidents
- Report incident information to the Cybersecurity and Infrastructure Security Agency (CISA)
- Collaborate with other local, national and international CIRTs as directed
- Deliver and oversee remediation activities
- Conduct shift change briefs
Benefits
- Overtime
- Shift differential
- Discretionary bonus
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
