Cyber Response Analyst / Active TS/SCI

Required

• Bachelor’s degree (STEM/Business Admin) and a minimum of 5 years of cybersecurity experience, or an associates degree and minimum of 7 years of relevant experience, or 11 total years of relevant experience in lieu of the bachelors degree requirement
  • Must meet TESA Qualification
• DoD 8140 - Cybersecurity (Cyber Defense Incident Responder) - Advanced
• Certifications — must hold active certifications (one of the following):
  • Cisco CyberOps Professional; OR
  • SANS (any GIAC certification); OR
  • Blue Team Level 1; OR
  • Microsoft Certified: Security Operations Analyst Associate
• U.S. citizenship required
• Active DoD TS/SCI clearance or higher

Preferred

• Hands‑on experience with Elastic Stack (Elasticsearch, Kibana, Logstash) or Splunk for security event monitoring
• Proficiency with Wireshark or similar packet analysis tools for network traffic inspection
• Familiarity with MITRE ATT&CK framework for mapping adversary TTPs to observed activity
• Experience with malware analysis tools (e.g., Cuckoo Sandbox, Any.Run, VirusTotal)
• Working knowledge of TheHive or similar incident case management platforms
• Experience with network forensics and log analysis across firewall, DNS, and proxy sources
• Familiarity with NIST SP 800-61 incident response lifecycle
• Exposure to scripting (Python or Bash) for alert triage automation

Peraton is seeking to hire an experienced Cyber Response Analyst for its’ Regional Cyber Center-Europe

Location: On-site, Wiesbaden, Germany

Responsibilities

• Monitor IDS/SIEM platforms (Elastic, Splunk, ArcSight) for security events, anomalies, and indicators of compromise across DoD networks in the USAREUR-AF AOR
• Triage, analyze, and elevate security alerts in accordance with CSSP standard operating procedures, ensuring timely notification to senior analysts and mission partners
• Conduct initial malware analysis and static/dynamic examination of suspicious files, URLs, and artifacts to determine threat scope and impact
• Document security incidents from initial detection through containment, recording all actions, findings, and evidence in the incident tracking system
• Support incident response actions including host isolation, evidence collection, and coordination with network operations and mission owners
• Produce accurate and timely shift reports, end‑of‑day summaries, and incident tickets that capture event timelines, analyst actions, and recommended follow‑on steps