CIRT Tier 2 Analyst / Active Secret

Peraton

$66K — $106K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree and 5 years of related experience, or equivalent qualifications with additional experience.
  • At least one relevant cybersecurity certification is required before starting, with continued certification necessary for employment.
  • Proven experience with the Incident Response lifecycle.
  • Familiarity with SOAR systems like ServiceNow and Splunk SOAR.
  • Experience working with SIEM platforms such as Splunk or Q-Radar.
  • Knowledge of Endpoint Detection and Response systems.
  • Familiarity with cloud security monitoring and incident response.

Responsibilities

  • Detect and report on cybersecurity events and incidents.
  • Conduct advanced analysis for Tier 1 alert triage in a continuous operations environment.
  • Analyze logs from various sources to identify and respond to threats.
  • Characterize network traffic to identify anomalies and potential cyber threats.
  • Perform forensic analysis on host artifacts and network events.
  • Analyze malware and create Indicators of Compromise (IOCs) to mitigate threats.
  • Collaborate with inter-agency teams and adjust response strategies accordingly.

Benefits

  • On-site work in Beltsville, MD.
  • Tuesday to Saturday mid-shift hours (10 PM to 6 AM).
  • Opportunity to engage with multiple cybersecurity teams, including local and international agencies.
  • Support for career advancement through ongoing certification requirements.
Full Job Description
Responsibilities

Peraton is seeking an experienced CIRT Tier 2 Analyst to join Peratons' Federal Strategic Cyber Mission program.

 

Location: Beltsville, MD; On-site

 

Work Hours: Mid Shift, 22:00– 6:00 EST, TUES-SAT.

 

In this role, you will:

  • Detect, classify, process, track, and report on cyber security events and incidents.
  • Perform advanced in-depth analysis of coordinated Tier 1 alert triage and requests in a 24x7x365 environment.
  • Analyze logs from multiple sources (e.g., host logs, EDR, firewalls, intrusion detection systems, servers) to identify, contain, and remediate suspicious activity.
  • Characterize and analyze network traffic to identify anomalous activity and potential threats.
  • Protect against and prevent potential cyber security threats and vulnerabilities.
  • Perform forensic analysis of hosts artifacts, network traffic, and email content.
  • Analyze malicious scripts and code to mitigate potential threats.
  • Conduct malware analysis to generate IOCs to identify and mitigate threats.
  • Collaborate with Department of State teams to analyze and respond to events and incidents.
  • Monitor and respond to the CIRT Security Orchestration and Automation Response (SOAR) platform, hotline, email in-boxes.
  • Create tickets and initiate workflows as instructed in technical SOPs.
  • Coordinate and report incident information to the Cybersecurity and Infrastructure Security Agency (CISA).
  • Collaborate with other local, national and international CIRTs as directed.
  • Submit alert tuning requests.

 

Qualifications

Required:

  • Bachelor's degree and 5 years of experience.
    • An additional 4 years of experience may be substituted in lieu of the degree bachelors degree requirement.
  • Must possess or be able to obtain at least one of the following certifications before start date:
    • CCNA-Security
    • CND
    • CySA+
    • GICSP
    • GSEC
    • Security+ CE
    • SSCP
    • Continued certification is required as a condition of employment.
  • Demonstrated experience in the Incident Response lifecycle.
  • Knowledge of SOAR ticketing and automated response systems (e.g. ServiceNow, Splunk SOAR, Microsoft Sentinel).
  • Demonstrated experience with using Security Information and Event Management (SIEM) platforms (e.g. Splunk, Microsoft Sentinel, Elastic, Q-Radar).
  • Demonstrated experience in using Endpoint Detection and Response systems (e.g. MDE, ElasticXDR, CarbonBlack, Crowdstrike).
  • Knowledge of cloud security monitoring and incident response.
  • Knowledge of integrating IOCs and Advanced Persistent Threat actors.
  • Ability to analyze cyber threat intelligence reporting and understanding adversary methodologies and techniques.
  • Knowledge of malware analysis techniques.
  • Knowledge of the MITRE ATT&CK and D3FEND frameworks.
  • U.S. Citizenship required.
  • Active Secret security clearance required in order to start.

Preferred:

  • Proficiency with Splunk for security monitoring, alert creation, and threat hunting.
  • Knowledge of Microsoft Azure access and identity management.
  • Proficiency with Microsoft Defender for Endpoint and Identity for security monitoring, response, and alert generations.
  • Experience in using digital forensics collection and analysis tools (e.g. Autopsy, MagnetForensics, Zimmerman Tools, KAPE, CyLR, Volatility).
  • Experience with using ServiceNow SOAR for ticketing and automated response.
  • Knowledge of Python, PowerShell and BASH scripting languages.
  • Experience with cloud security monitoring and incident response.
  • Demonstrated ability to perform static/dynamic malware analysis and reverse engineering.
  • Experience with integrating cyber threat intelligence and IOC-based hunting.
  • Technical certifications such as:
    • Security+, CySA+, Cloud+, Try Hack Me SAL1, Hack the Box CDSA, CyberDefenders, CCD, Azure SC-900, CCSP, GCIH, CCSK, GSEC, CHFI, GCLD, GCIA
  • Advanced technical certifications such as:
    • SecurityX/CASP+, PRMP, GREM, GEIR, GNFA, or GCFA
Target Salary Range$66,000 - $106,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

Similar Jobs

More Jobs at Peraton

More Information Technology Jobs

Find similar CIRT Tier 2 Analyst / Active Secret jobs: