Incident Response Operations Advisor & Team Lead / Senior Advisor

Peraton is seeking an experienced Incident Response Operations Advisor to become part of Peraton's Department of State (DoS) Diplomatic Security Cyber Mission (DSCM) program providing leading cyber and technology security experience to enable innovative, effective and secure business processes.

Location: Beltsville, MD and Rosslyn, VA. The selected candidate must be able to support a hybrid and flexible schedule, in the event of significant cyber incident a continuous on site presence will be required.

Peraton's DSCM program encompasses technical, engineering, data analytics, cyber security, management, operational, logistical and administrative support to aid and advise DoS Cyber & Technology Security (CTS) Directorate. This includes protecting a global cyber infrastructure comprising networks, systems, information, and mobile devices all while identifying and responding to cyber risks and threats. Those supporting Peraton's DSCM program strive to leverage their expert knowledge and propose creative solutions to real-world cybersecurity challenges.

This role supports the Cyber Incident Response Team (CIRT) as a key member of Incident Response Tiger Team.

In this role, you will:

Lead a team of 5 members, providing guidance on training priorities, continual improvement strategies and cross-team development.
• Provide Subject Matter Expert (SME) level Incident Response support in a 24x7x365 environment.
• Share in-depth knowledge and intelligence gained from cyber security events with stakeholders.
• Protect against and prevent potential cyber security threats and vulnerabilities.
• Provide SME level response, technical assistance and expertise for significant cyber incidents, investigations and related operational events.
• Develop and implement training programs for analysts.
• Conduct detailed research to increase awareness and readiness levels of the security operations center.
• Conduct research using a variety of enterprise sources with specific emphasis on network operations and cyber warfare tactics, techniques, and procedures.
• Collect and analyze network device integrity data for signs of tampering or compromise.
• Prepare assessments and cyber threat profiles of current events based on the sophisticated collection, research, and analysis of information.
• Conduct data analysis in support of directed assessments, anomaly investigations, long term trending and system check out.
• Conduct advanced analysis and recommend remediation steps.
• Analyze network events to determine impact.
• Conduct all-source research to determine threat capability and intent.
• Coordinate full spectrum incident response activities during significant cyber incidents.
• Serve as a liaison to stakeholders and explain incident details.
• Evaluate proposed solutions to enhance cyber security.
• Develop and execute a strategic roadmap for cybersecurity initiatives, ensuring alignment with stakeholder goals.

#DSCM

Required:

• Bachelor's degree and a minimum of 14 years' of relevant experience, or a Master's Degree and a minimum of 12 years' experience is required. An additional 4 years of experience may be considered in lieu of degree.
• Expertise in traditional computing technologies architecture, design and security.
• Demonstrated knowledge of the Incident Response Lifecycle and how it applies to apply to cloud, legacy and hybrid environments.
• Ability to identify remediation steps for cybersecurity events.
• Experience identifying different classes and characterization of attacks and attack stages.
• Demonstrated ability to utilize and leverage forensic tools to assist in determining scope and severity of a cybersecurity incident.
• Strong organizational skills.
• Proven ability to operate in a time sensitive environment.
• Proven ability to communicate orally and written; ability to brief (technical/informational) senior leadership.
• Ability to obtain/maintain prior to start date ONE of the following certifications:
  • CISSP, Sec , Net , A , MCP, MCSEm, CCNA, MCSA
• U.S. citizenship and an active Secret security clearance.
  • The ability to obtain Top Secret security clearance.

Preferred Qualifications

• Experience developing processes and procedures within a help desk or security operations center environment.
• Knowledge of network architecture, design and security.
• Knowledge of malware analysis, monitoring, and cloud tools and techniques.
• Knowledge of system design and process methodologies.
• Knowledge of system administration, networking, and operating system hardening techniques.
• Knowledge of cybersecurity frameworks and standards.
• Knowledge of cloud security.
• Knowledge of current IT security best practices.
• Ability to track incidents using MITRE ATT&CK and Cyber Kill Chain methodology.
• Experience with scripting and coding.
• Experience with reconstructing a malicious attack or activity.
• Experience in developing and delivering comprehensive training programs.
• Experience collaborating with cross functional teams.
• Experience working in the inter-agency environment.
• Ability to communicate technical concepts to executive level leadership.
• Certification in one of the following: PMP, Agile, Scrum, Splunk, Change Management.
• Certification in one of the following: GCFA, GCIA, GSLC, CISSP, ISSAP, CCSP, SecurityX (CASP )

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.