Company Overview:
Peraton: Innovating solutions for a safer, more secure world by tackling the impossible. We partner with those facing the toughest challenges, bringing fresh perspectives and top talent to transform how things get done. Join us and make the extraordinary a reality.
Important Security Notice:
Beware of recruitment scams. Our official career site is careers.peraton.com, and our corporate site is peraton.com. We will never request sensitive personal information early in the application process. Learn how to protect yourself: https://careers.peraton.com/recruitment-fraud/
Cyber Security Operations Support – Protecting Army Networks (Various Locations)
About Peraton:
Peraton safeguards national security by tackling critical missions across all domains. We deliver innovative IT and mission capabilities to protect our nation and allies. Join us in making the seemingly impossible a reality.
The Role:
As a Cyber Security Operations Support professional within our Secure Division, you’ll contribute to the critical mission of defending Army networks (NIPRNet and SIPRNet) against unauthorized activity. You’ll be part of a team providing comprehensive Computer Network Defense and Response (CSSP) functions – Identify, Protect, Detect, Respond, and Recover – in accordance with DoD standards. Your responsibilities will include monitoring sensors, analyzing security events, responding to incidents, developing reports, and supporting the creation of security policies and procedures. You’ll play a vital role in maintaining the security posture of the Department of Defense Information Network (DODIN).
Responsibilities:
- Support 24/7 CSSP functions for both unclassified and classified networks.
- Monitor in-line NIPS/NIDS sensors for outages and malicious activity.
- Perform initial triage and analysis of cyber incidents, including reviewing logs and SIEM data.
- Recommend and/or take immediate DCO-IDM response actions.
- Provide incident analysis and recommend mitigation measures for various threats, including APTs.
- Block/deny access to hostile sites and restrict specific ports/protocols.
- Provide recommendations for security actions to supporting organizations.
- Justify defensive measures to Configuration Control Boards and Authorizing Officials.
- Monitor sensors and agents for security events, maintaining a real-time triage database.
- Respond to detected events, perform triage, and manage associated trouble tickets.
- Provide initial cyber incident reports to Law Enforcement and Counterintelligence agencies.
- Maintain an up-to-date POC list for LE/CI agencies.
- Provide data and analysis in response to official LE/CI requests.
- Maintain a Master Station Log for high-visibility incidents and shift communications.
- Develop reports, TTPs, SOPs, EXSUMs, and information papers.
- Contribute to the development of security agreements, policies, and guidance.
Qualifications:
Basic:
- 2 years with BS/BA; 0 years with MS/MA; or 6 years of relevant experience without a degree.
- Certifications: DCWF Code 422 Intermediate: TBD.
- Secret Clearance.
- 2-6 years of relevant experience including:
- Demonstrated experience in information security.
- Demonstrated experience developing data security standards.
- Experience with application-level, database, file system, and full disk