Incident Handler Cyber Security

Job Category: Technology and IT
Job Type: Full Time
Job Location: USA
Salary: $80K/yr - $128K/yr
Company Name: Peraton

Company Overview

At Peraton, we lead from the front—delivering the next big innovation every single day. As a trusted partner tackling some of the world’s toughest challenges, we create bold, forward-thinking solutions to help keep people around the globe safer and more secure.

How do we make it happen? By thinking differently. We challenge the status quo, approaching every problem with fresh perspective and fearless innovation. We unite exceptional talent, cutting-edge technology, and big ideas to completely reimagine how work gets done. If you’re driven by curiosity, inspired by innovation, and ready to make an impact, join us—and help accomplish what others say can’t be done.

About the Role

Cyber Defense Operations | Secure Division Support

As a key member of our Cybersecurity Service Provider (CSSP) team within the Global Cyber Center (GCC), you will play a crucial role in safeguarding Department of Defense Information Networks (DODIN). The GCC executes operations in alignment with DoDM 8530.01 and the DoD Cybersecurity Services Evaluator Scoring Metrics (ESM), delivering mission-critical support across five primary functions: Identify, Protect, Detect, Respond, and Recover. These functions span both classified and unclassified networks and systems.

You’ll be responsible for monitoring, detecting, analyzing, and responding to unauthorized activity and cyber threats across the NIPRNet and SIPRNet. This includes deploying defensive measures to prevent disruption, degradation, or destruction of systems, managing intrusion detection/prevention systems (NIDS/NIPS), and analyzing network and host-based events. In collaboration with GCC Operations, you’ll initiate defensive responses, reduce incidents to confirmed threats, and contribute to mitigation strategies based on direction from government leadership.

Your responsibilities will also include preparing a range of deliverables such as Tactics, Techniques, and Procedures (TTPs), Standard Operating Procedures (SOPs), executive summaries (EXSUMs), trip reports, and information/point papers. You’ll support the development of policy documents and agreements including Memorandums of Understanding (MOUs) and Service Level Agreements (SLAs), in accordance with Secure Division Workload Assessments.

Cyber Defense Operations (CDO) Support

You’ll work directly with GCC Operations staff to perform real-time triage and analysis of cyber incidents. This includes reviewing logs, correlated events, and SIEM data to recommend or implement immediate DCO-IDM actions, submit incident reports, and notify relevant command structures in accordance with established reporting protocols.

Outside regular hours, an on-call capability is required to ensure rapid response to emerging threats and policy-driven incident handling.

Incident Analysis and Mitigation

You will provide in-depth incident analysis and support mitigation efforts for threats including malware, advanced persistent threats (APTs), and exploitation attempts. Your work will include:

  • Blocking or restricting access from hostile sites, ports, or protocols.

  • Recommending actions to operations teams where direct control of the sensor grid is not available.

  • Justifying internal defensive measures (IDMs) and their operational impact to Configuration Control Boards or Authorizing Officials.

  • Coordinating Network Damage Assessments (NDAs), Assistance Visits (NAVs), or related support missions as needed.

  • Maintaining real-time updates in the triage database and responding within 72 hours of incidents.

  • Reporting cyber incidents to Law Enforcement and Counterintelligence (LE/CI), maintaining points of contact, and providing required data, summaries, or analysis as per official requests.

  • Documenting high-visibility incidents in a Master Station Log (MSL), tracking critical events and shift transitions, and maintaining records for government inspection.

Basic Qualifications

  • Education & Experience:

    • Bachelor’s degree + 5 years of experience

    • Master’s degree + 3 years of experience

    • PhD (no experience required)

  • Certifications (required):

    • GIAC Certified Incident Handler (GCIH)

    • AND one of the following:

      • CISSP, CySA+, CFR, GCFA, GCIA, GDSA, GICSP, GSEC, RCCE Level 1

  • Experience Requirements:

    • Demonstrated experience in threat analysis and cyber event evaluation.

    • Proven ability to support 24/7 persistent monitoring of networks and systems.

    • Skilled in incident response and first-level triage.

    • Experience coordinating with external agencies and handling reporting requirements.

    • Background in vulnerability and threat advisory distribution.

  • Other Requirements:

    • U.S. Citizenship is required.

    • Must hold an active Top Secret security clearance.

Compensation & Additional Details

  • Salary Range: $80,000 – $128,000, based on experience, qualifications, and other factors.

  • Employment Classification: SCA / Union / Intern details will be specified upon offer.

APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx