Cyber Threat Analyst / Active TS/SCI

Required

• Bachelor’s degree in a STEM field or Business Administration and minimum of 5 years of related cybersecurity or threat analysis experience; or an associate’s degree and minimum of 7 years specialized experience, or 11 years of relevant experience in lieu of the bachelors degree requirement
  • Must meet TESA Qualification qualification
• DoW 8140 - Cybersecurity (Vulnerability Analyst) - Intermediate
• Certifications — must hold active certifications (one of the following):
  • SANS (any GIAC certification); OR
  • Microsoft Certified: Security Operations Analyst Associate; OR
  • Zero Point Security RTO (Red Team Ops); OR
  • OSDA (Offensive Security Defense Analyst)
• U.S. citizenship required
• Active DoW TS/SCI security clearance

Preferred

• Experience with Zeek (Bro) for network traffic analysis and protocol inspection
• Proficiency with NetFlow analysis tools (e.g., SiLK, nfdump, Elastic) for traffic baselining
• Advanced Wireshark skills for deep packet inspection and protocol anomaly detection
• Working knowledge of MITRE ATT&CK and D3FEND frameworks for threat mapping and defensive gap analysis
• Experience with Elastic Stack or Splunk for large-scale log correlation and threat hunting queries
• Familiarity with memory forensics tools (e.g., Volatility, Rekall) for system dump analysis
• Knowledge of threat intelligence platforms (e.g., MISP, OpenCTI) and indicator management
• Experience producing intelligence-style products for technical and non-technical audiences

Peraton is seeking to hire an experienced Cyber Threat Analyst for its’ Regional Cyber Center-Europe program

Location: On-site, Wiesbaden, Germany

Responsibilities

• Analyze network logs including firewall events, PCAP captures, NetFlow records, and DNS query data to identify malicious activity and threat patterns across USAREUR-AF networks
• Correlate threat indicators and suspicious activity across multiple data sources to build comprehensive threat pictures and support escalation decisions
• Review network architecture diagrams and topology documentation to identify anomalous traffic flows, unauthorized connections, and potential attack paths
• Perform memory and system dump analysis to identify malicious processes, persistence mechanisms, and indicators of advanced persistent threat (APT) activity
• Develop and disseminate cyber threat awareness products, including threat summaries, indicator bulletins, and situational awareness reports for mission partners and leadership
• Support proactive threat hunting operations by developing hypotheses, querying data repositories, and documenting hunt findings in support of CSSP defensive missions