Cyber Systems Engineering, Lead Associate

Required:

• 5 years of data science, analytics, or SIEM content development experience with a Bachelor’s degree in a STEM field or Business Administration; 11 years of relevant experience may substitute for degree.
• Must meet TESA Qualifications.
• DoD 8140 - Cybersecurity (Cyber Defense Analyst) - Intermediate
• Certifications — must hold active certifications (one of the following):
  • GDAT (GIAC Defending Advanced Threats); OR
  • GDSA (GIAC Defensible Security Architecture); OR
  • Elastic Certified Analyst or Engineer; OR
  • ArcSight Enterprise Security Manager Advanced Analyst Certified Expert; OR
  • Microsoft Certified: Cybersecurity Architect Expert; OR
  • Azure DevOps Engineer Expert; OR
  • TCM Security PNPT
• U.S. citizenship required
• Active DoD TS/SCI clearance

Preferred:

• Deep expertise with Elastic Stack (Elasticsearch, Logstash, Kibana, Beats) for SIEM content development and data pipeline management
• Proficiency with Splunk SPL for advanced search, correlation rule development, and dashboard creation
• Strong Python skills for data processing, algorithm development, and automation scripting
• Familiarity with machine learning frameworks (e.g., scikit-learn, TensorFlow) for anomaly detection use cases
• Experience with Kibana or Grafana for building operational security dashboards and visualizations
• Knowledge of KQL (Kusto Query Language) for Microsoft Sentinel or Azure Log Analytics environments
• Familiarity with ArcSight ESM for content development and event correlation in enterprise environments
• Experience with threat intelligence platforms (e.g., MISP, OpenCTI) for converting intelligence into detection content

Peraton is hiring a Content Developer (Data Scientist) for its' Regional Cyber Center-Europe program.

Location: On-site, Wiesbaden, Germany

Potentially 2nd/3rd Shift work

Responsibilities:

• Develop, tune, and maintain SIEM detection content including correlation rules, alerts, and watch-listsin Elastic and/or Splunk to improve threat detection fidelity across CSSP monitoring systems
• Design and build automated data analytics pipelines that ingest, normalize, and process large volumes of security telemetry to support real-time and historical threat analysis
• Create custom algorithms and machine learning models for anomaly detection, behavioral base-lining, and advanced threat identification within DoD network environments
• Develop interactive dashboards and data visualizations in Kibana, Splunk, or similar platforms that provide actionable situational awareness for analysts and leadership
• Conduct metrics analysis to measure CSSP operational performance, detection coverage, and response effectiveness, producing regular reports for program management and government stakeholders
• Support threat intelligence content development by translating finished intelligence products into actionable SIEM queries, detection signatures, and automated response playbooks