Tier 1 Cyber Incident Response Team (CIRT) Lead

Peraton•Beltsville, MD

6d•$104,000 - $166,000•Onsite

About The Position

Peraton is currently seeking an experienced Tier 1 Cyber Incident Response Team (CIRT) Lead to become part of our Federal Strategic Cyber Group. Location: Beltsville, MD. Schedule: Mon-Friday, 08:00-16:00 (8:00 AM - 4:00PM). In this role, you will: Manage the detection, classification, processing, tracking, and reporting on cyber security events and incidents Coordinate and collaborate with Department teams to analyze and respond to events and incidents Manage triage and response capabilities in a 24x7x365 environment Monitor and triage the CIRT hotline, email inboxes, and fax Manage ticket creation and workflows as instructed in SOPs Mange the reporting of incident information to the Cybersecurity and Infrastructure Security Agency (CISA) Manage collaboration with other local, national and international CIRTs as directed Manage the delivery and oversight of remediation activities Manage IR processes for identifying and triaging email events Manage IR processes for triage and analysis of Splunk Enterprise Security (ES) alerts and Microsoft Defender for Endpoint (MDE) Alerts Manage IR processes for triage of malicious artifacts to remediate further propagation Manage IR processes for triage and initial analysis of Microsoft Defender for Identity alerts, Entra ID alerts, and Microsoft for Cloud Identity alerts Additionally, as a Tier 1 Lead you will: Create schedules and maintain personnel across all shifts Review monthly and technical status reports to ensure compliance and accuracy Review and update SCRUM sprint objectives for the team Prepare weekly metrics reports and Weekly Activity Reports (WAR) for upper management Write and suggest technical and procedural changes to CIRT management Conduct candidate interviews to evaluate potential team members Lead Shift Lead meetings to discuss training, issues, and concerns Identify Tier 1 analyst training requirements and coordinate training support Mentor the professional development of Tier 1 analysts Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

Requirements

Bachelor’s degree and a minimum of 9 years of relevant experience; 7 years with a Master’s degree; 4 years with a PhD. An additional 4 years of relevant experience may be substituted for the degree requirement.
Applicants must currently hold one of the following professional certifications or obtain one prior to their start date. Continued certification is required as a condition of employment: CASP+ CE, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CHFI, CISA, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, CySA+, GCED, GCFA, GCIH, SCYBER
U.S. citizenship required
Active Secret security clearance
Ability to obtain a final Top-Secret clearance
Demonstrated experience across the Incident Response lifecycle
Experience using ticketing and Security Orchestration and Response (SOAR) platforms (e.g., ServiceNow, Splunk SOAR)
Knowledge of MITRE ATT&CK and D3FEND frameworks
Knowledge of the Agile framework and SCRUM planning lifecycle
Experience with log analysis and correlation from multiple sources
Experience with email security and phishing analysis
Experience with cloud security monitoring and cloud-based incident response
Proficiency with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar)
Proficiency with Endpoint Detection and Response (EDR) platforms (e.g., Microsoft XDR, Elastic XDR, Carbon Black, CrowdStrike)
Ability to analyze all-source cyber threat intelligence and understand adversary methodologies and techniques
Experience with PowerShell, Python, or BASH scripting
Knowledge of static and dynamic malicious artifact analysis
Experience collaborating with internal and external stakeholders
Excellent written and verbal communication skills
Strong leadership and mentoring capabilities

Nice To Haves

Advanced technical or project management certifications, such as: CISSP, SecurityX/CASP+, GEIR, GNFA, GCFA, PMP, CISA
Demonstrated expertise with Splunk for security monitoring and alert triage
Demonstrated expertise with Microsoft Defender for Endpoint and Identity
Experience with SCRUM planning under the Agile framework
Experience with digital forensics collection and analysis tools
Experience using Microsoft Azure for access and identity management
Experience using ServiceNow SOAR for ticketing and automated response
Proficiency with Python, PowerShell, and BASH scripting
Proficiency in cloud security monitoring and incident response triage
Experience with static and dynamic malicious artifact analysis

Responsibilities

Manage the detection, classification, processing, tracking, and reporting on cyber security events and incidents
Coordinate and collaborate with Department teams to analyze and respond to events and incidents
Manage triage and response capabilities in a 24x7x365 environment
Monitor and triage the CIRT hotline, email inboxes, and fax
Manage ticket creation and workflows as instructed in SOPs
Mange the reporting of incident information to the Cybersecurity and Infrastructure Security Agency (CISA)
Manage collaboration with other local, national and international CIRTs as directed
Manage the delivery and oversight of remediation activities
Manage IR processes for identifying and triaging email events
Manage IR processes for triage and analysis of Splunk Enterprise Security (ES) alerts and Microsoft Defender for Endpoint (MDE) Alerts
Manage IR processes for triage of malicious artifacts to remediate further propagation
Manage IR processes for triage and initial analysis of Microsoft Defender for Identity alerts, Entra ID alerts, and Microsoft for Cloud Identity alerts
Create schedules and maintain personnel across all shifts
Review monthly and technical status reports to ensure compliance and accuracy
Review and update SCRUM sprint objectives for the team
Prepare weekly metrics reports and Weekly Activity Reports (WAR) for upper management
Write and suggest technical and procedural changes to CIRT management
Conduct candidate interviews to evaluate potential team members
Lead Shift Lead meetings to discuss training, issues, and concerns
Identify Tier 1 analyst training requirements and coordinate training support
Mentor the professional development of Tier 1 analysts