Senior Cyber Response Analyst / Active TS/SCI

Required

• Bachelor’s degree in a STEM field or Business Administration and a minimum of 5 years of cyber incident response and security operations experience; or an associates degree and minimum of 7 years of relevant experience, or 11 years of relevant experience that may substitute for the bachelors degree requirement
• Must meet TESA Qualifications
• DoD 8140 - Cybersecurity (Cyber Defense Incident Responder) - Advanced
• Certifications — must hold active certifications (one of the following):
  • Cisco CyberOps Professional
  • GCIA (GIAC Certified Intrusion Analyst)
  • GCIH (GIAC Certified Incident Handler)
  • GCFE (GIAC Certified Forensic Examiner)
  • GNFA (GIAC Network Forensic Analyst)
  • GREM (GIAC Reverse Engineering Malware)
  • Blue Team Level 2
  • Microsoft Certified: Cybersecurity Architect Expert
  • OSDA (Offensive Security Operations and Defensive Analysis)
• Demonstrated experience in IDS/SIEM monitoring, event triage and evaluation, malware and forensic analysis, multi-source data analysis, incident response coordination, TTP and exploit knowledge, and ability to articulate findings to technical and non-technical audiences
• U.S. citizenship required
• Active DoW TS/SCI security clearance

Preferred

• Advanced proficiency with Elastic Stack (Elasticsearch, Kibana, Logstash) or Splunk for SIEM operations, detection engineering, and threat hunting
• Experience with TheHive and MISP for structured incident case management and threat intelligence sharing
• Proficiency with Wireshark and Zeek/Bro for network traffic analysis and protocol-level investigation
• Experience with Volatility or Rekall for memory forensics and RAM dump analysis
• Familiarity with YARA rule development for malware detection and IOC-based hunting
• Working knowledge of MITRE ATT&CK framework for adversary behavior mapping and detection gap analysis
• Experience with network forensics tools and techniques including PCAP analysis and NetFlow correlation
• Familiarity with malware reverse engineering techniques and sandbox analysis platforms (Cuckoo, Any.run)

Overview

Peraton is seeking to hire an experiencedSenior Cyber Response Analyst for its'Regional Cyber Center-Europe program

Location: On-site, Wiesbaden, Germany

Responsibilities

• Lead incident response operations for high-severity and critical cyber events affecting DoDIN-Europe, directing containment, eradication, and recovery actions in coordination with RCC-E CSSP, NETCOM, and ARCYBER stakeholders
• Conduct in-depth malware analysis and digital forensic investigations on compromised systems, leveraging memory forensics, static/dynamic malware analysis, and artifact examination to determine scope, root cause, and adversary TTPs
• Manage SIEM (Elastic Stack/Splunk) alert triage workflows, developing and refining correlation rules and detection logic to improve fidelity of alerts and reduce analyst fatigue across the RCC-E security operations environment
• Produce detailed threat intelligence and incident reports — including executive summaries and technical findings — that clearly articulate adversary behavior, indicators of compromise (IOCs), and recommended mitigations to both technical and non-technical audiences
• Coordinate with NETCOM G2, ARCYBER, and CISA to share threat intelligence, deconflict incident response activities, and ensure RCC-E defensive actions align with Army-wide cyber defense priorities
• Mentor and provide technical guidance to junior cyber analysts, conducting knowledge transfer sessions on incident response methodologies, forensic techniques, and SIEM tool usage to build team capability

#RCC-E