Cloud Security Subject Matter Expert (SME)

Peraton is currently seeking an experienced CIRT Cloud Security Subject Matter Expert (SME) to join our Federal Strategic Cyber Program, delivering leading cyber and technology security expertise to enable innovative, effective, and secure business processes.

Location: Beltsville, MD and Rosslyn, VA.

The customer requirement requires every employee to be onsite for the first 90 days. After the 90 day period, a hybrid schedule may be offered.
• Need to be able to support a hybrid and flexible work schedule; in the event of significant cyber incident a continuous on-site presence will be required.

This role directly supports the Cyber Incident Response Team (CIRT) as a key member of the Advanced Response and Tactics Team (ARTT).

In this role, you will:

• Provide Subject Matter Expert (SME) level Cloud Security support in a 24x7x365 environment.
• Share in-depth knowledge and intelligence gained from cyber security events with stakeholders.
• Protect against potential cyber security incidents by pro-actively identifying steps to remediate threats and vulnerabilities.
• Provide SME level response, technical assistance and expertise for significant cyber incidents, investigations, operational events, and related cyber projects.
• Develop and implement training programs for CIRT Tier 1 and Tier 2 analysts.
• Conduct detailed research to increase awareness and readiness levels of the security operations center.
• Conduct advanced analysis and recommend remediation steps.
• Analyze network events to determine impact.
• Conduct all-source research to determine threat capability and intent.
• Develop and maintain analytical procedures to meet changing requirements.
• Coordinate with cross-functional teams during significant cyber incidents.
• Identify emergent cybersecurity technologies and develop methodologies for their employment.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
• Identify and determine tactics, techniques, and procedures for intrusion sets.
• Work with stakeholders to resolve computer security incidents and vulnerability compliance.
• Collect and analyze intrusion artifacts (e.g., source code, malware, and system configurations) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support incident response.
• Publish after-action reports, cyber defense techniques, guidance, and incident reports.
• Review, draft, edit, update and publish cyber incident response plans.

Minimum requirements:

• Bachelor's degree and minimum of 14 years of relevant experience; 12 years with Masters.
• To be considered for this position, applicants must either currently hold one of the professional certifications listed below or obtain one prior to their start date. Continued certification is required as a condition of employment.
  
  • CASP+ CE, CCNP Security, CISA, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, GCED, GCIH
• Demonstrated expertise in the Incident Response Lifecycle and how it applies to cloud, legacy and hybrid environments.
• Demonstrated experience with cloud computing technologies to include Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Identity as a Service (IDaaS)
• Demonstrated expertise in traditional computing technologies architecture, design and security.
• Demonstrated proficiency in using Endpoint Detection and Response (EDR) platforms (e.g. Microsoft Defender for Endpoint, Elastic Defend, CarbonBlack)
• Demonstrated proficiency in using Security Information and Event Management (SIEM) platforms (e.g. Splunk, Elastic, ArcSight)
• Demonstrated proficiency in using Security Orchestration and Automation (SOAR) platforms (e.g. ServiceNow, Sentinel, Splunk SOAR, IBM QRadar)
• Ability to analyze cyber threat intelligence reporting and understand adversary methodologies and techniques.
• Knowledge of malware analysis techniques.
• Knowledge of the MITRE ATT&CK and D3FEND frameworks and their relevancy to cyber incident response.
• Ability to identify and recommend remediation steps for cyber incidents.
• Demonstrated proficiency with common digital forensic tools (e.g. Autopsy, Axiom Forensics, KAPE, CyLR, Volatility)
• Strong organizational skills.
• Proven ability to operate in a time sensitive environment.
• Proven ability to communicate orally and written.
• Proven ability to brief technical and operational information to senior leadership.
• Ability to scope and perform impact analysis on incidents.
• U.S. citizenship required.
• Active Secret security clearance.
  
  • Ability to obtain final Top Secret clearance.

Preferred Qualifications:

• One or more of the following certifications:

o CCSP, SC-200, 300, and 900, GCLD, GCTD, GCAD

• Demonstrated proficiency with Microsoft Azure cloud architecture
• Demonstrated proficiency with the Microsoft Defender suite and Kusto Query Language (KQL) analytics
• Demonstrated proficiency with using Splunk Enterprise Security and writing Splunk Processing Language (SPL) analytics
• Demonstrated experience with Python, PowerShell, and Bash languages
• Demonstrated knowledge of network architecture, design and security.
• Ability to analyze static and dynamic malware analysis reports.
• Ability to analyze and identify anomalous code as malicious or benign.
• Ability to write signatures for host and network intrusion detection systems.
• Ability to identify and recommend relevant telemetry requirements in support of cyber incident response actions
• Knowledge of system administration, network, and operating system hardening techniques.
• Proficiency in performing network packet-level analysis
• Demonstrated knowledge on the intersection of on-prem and cloud-based technologies.
• Demonstrated knowledge of system design and process methodologies.
• Experience in developing and delivering comprehensive training programs.
• Experience collaborating with cross functional teams.
• Experience working in the intra agency environment.
• Ability to communicate technical concepts to executive level leadership.

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.