Cyber Threat Analyst – Assessment / Active TS/SCI

Required

• Bachelors degree and a minimum of 5 years of penetration testing or vulnerability assessment experience
  • Associate’s degree + 7 years specialized experience;
  • 11 years of experience (no degree)
• DoW8140 - Cybersecurity (Vulnerability Analyst) - Intermediate
• Certifications — must hold active certifications (one of the following):
• TCM Security PNPT; OR
• HTB CPTS (Hack The Box Certified Penetration Testing Specialist); OR
• Zero Point Security RTO (Red Team Ops); OR
• OSCP (Offensive Security Certified Professional); OR
• OSCE (Offensive Security Certified Expert); OR
• GPEN (GIAC Penetration Tester); OR
• GWAPT (GIAC Web Application Penetration Tester); OR
• GAWN (GIAC Assessing and Auditing Wireless Networks); OR
• GXPN (GIAC Exploit Researcher and Advanced Penetration Tester); OR
• GWEB (GIAC Certified Web Application Defender)
• U.S. citizenship required
• Active DoWTS/SCI clearance

Preferred

• Hands-on experience with Metasploit Framework for vulnerability exploitation and post-exploitation activities
• Proficiency with Burp Suite Pro for manual and automated web application security testing
• Familiarity with OWASP ZAP for web vulnerability scanning and validation
• Experience with Nmap and Nessus/OpenVAS for network discovery and vulnerability scanning
• Working knowledge of BloodHound for Active Directory enumeration and attack path analysis
• Scripting proficiency in Python, Bash, or PowerShell for custom tool development and test automation
• Familiarity with vulnerability scoring frameworks (CVSS) and risk-based reporting methodologies
• Experience with vulnerability management platforms (e.g., Tenable.sc, Rapid7 InsightVM)

Responsibilities

• Conduct vulnerability assessments and penetration tests against USAREUR-AF network infrastructure, endpoints, and applications in support of CSSP assessment missions (NAVs and PPTs)
• Perform web application security testing using OWASP methodology and tools including Burp Suite and OWASP ZAP, identifying and validating vulnerabilities across mission partner web services
• Execute Active Directory and Linux security assessments to identify privilege escalation paths, credential exposure risks, and lateral movement opportunities within target environments
• Utilize penetration testing frameworks including Metasploit and Burp Suite to safely exploit validated vulnerabilities and demonstrate risk to mission owners in a controlled manner
• Document all assessment findings in structured reports, including vulnerability descriptions, evidence screenshots, CVSS risk ratings, and actionable remediation recommendations
• Support mission owners and network defenders with post-assessment remediation guidance, answering technical questions and providing clarification on findings to facilitate effective risk reduction

Peraton is seeking an experienced Cyber Threat Analyst – Assessment resource for its Regional Cyber Center-Europe program.

Location: On-site, Wiesbaden, Germany