Peraton · 1 week ago
Cyber Incident Handler
Fort Huachuca, AZ
Full-time
Onsite
Mid, Senior Level
$66K/yr - $106K/yr
2+ years expPeraton is a next-generation national security company that drives missions of consequence spanning the globe. They are seeking a Cyber Incident Handler who will be responsible for protecting DoD Information Systems and Networks from unauthorized activities and conducting thorough analysis of cyber threats and incidents.
Information TechnologyRobotics
Responsibilities
Secure Division Support. The GCC provides CSSP responsibilities and conducts DODIN Operations and DCO - Internal Defensive Measures (IDM) to protect the DODIN IAW the DoDM 8530.01 and the DoD Cybersecurity Services Evaluator Scoring Metrics (ESM). These responsibilities are broken into five (5) CSSP functions; Identify, Protect, Detect, Respond, and Recover. GCC is responsible to conduct these functions for its assigned portion of the DODIN for both unclassified and classified networks/ systems
The division provides support services for the protection, monitoring, analysis, detection, and response to unauthorized activity within the DoD Information Systems and Networks
DCO-IDM services are required to defend against unauthorized activity on all Army assets residing on the NIPRNet and SIPRNet
The division provides defensive measures to protect and defend information, computers, and networks from disruption, denial, degradation, or destruction
The division provides sensor management and event analysis and response for network and host-based events. For sensor management, the division provides management of in-line Network Intrusion Protection System/Network Intrusion Detection System (NIPS/NIDS) sensors monitoring all CONUS DoDIN-A NIPRNet and SIPRNet Enterprise traffic to detect sensor outages and activities that attempt to compromise the confidentiality, integrity, or availability of the network. In coordination with GCC Operations, DCO initiates defensive security procedures upon detection of these attacks. Event analysis and response include the processes involved with reducing multiple cyber incidents to actual malicious threat determinations and mitigating those threats IAW guidance received from GCC Government leadership. Support the Government in providing services for CSSP services on both the NIPRNet and SIPRNet IAW Appendix E: Secure Division Workload Assessment in support of the CONUS portion of the DoDIN-A. Develop reports and products, both current and long-term, in support of CSSP and course of action development. Prepare Tactics, Techniques, and Procedures (TTP), SOPs, Executive Summary (EXSUMS), trip reports, and information/point papers. Contribute during the preparation of agreements, policy, and guidance documentation such as Memorandums of Understanding / Agreement (MOU/A), Service Level Agreements (SLA)
Threat and Data Analysis. Perform the following threat and data analysis functions:
Analyze, correlate, and trend anomalous cyber events and incidents: analyze and correlate anomalous events identified in, SIEM systems, Big Data Analytics, and supporting devices/applications. The GCC SIEM ingests feeds from over 21 different connectors to include items such as NIPS sensors, NIDS sensors, and Primary Internet Exchange (PIX) Firewall, proxy, router, policy Orchestrator (ePO) servers, and server system logs, Active Directory, Domain Name Service (DNS), etc., generating over 800 events per second (eps) or over 50 million events per day
Conduct open-source research to identify commercial exploits or vulnerabilities (i.e. Zero - Day) requiring CSSP actions. The Contractor shall identify current Army detection capabilities (Host Base Security System (HBSS), IDS/IPS, etc.) for new or potential threat activity
Report and facilitate the correction of issues with correlation tools and data feeds
Participate in the ARCYBER signature working groups and upload to the portal allowing for signature development and standardization across all RCC's
Create, recommend, or refine TTP's as appropriate or requested
Conduct cyber threat analysis and hunting utilizing proactive and iterative approaches to search all supported networks to detect and isolate advanced threats that may evade existing security solutions
Examine threat intelligence from DoD and public sources to identify threats that are relevant within the AOR
Provide recommendations and operational impact assessments of identified domains to increase the likelihood of identifying advanced intruders and malicious software in supported networks
Conduct Cyber Analysis missions that include items such as examining information systems, network devices, and endpoints for indicators of compromise and network activity via a plethora of network artifacts including network flow, packet analysis, network device logs, etc
Consolidate the research and results of the Cyber Analysis missions and produce a Threat Analysis report or Operational Impact Assessment. Cyber Analysis results shall also be incorporated into PPT missions and shared with GCC leadership, subscribers, and stakeholders
Perform technical analysis of computer network intrusion events and malicious activity in support of CSSP efforts
Analyze trends and statistics of cyber activity to provide proactive indications and warnings of malicious cyber activity that are affecting or may affect Army networks in the future
Perform filter queries of network flow data and analyze results for anomalies and malicious indicators
Analyze the origins, pathways, and methodologies of malicious cyber activities to attribute, model and predict future intrusions
Analyze computer network intrusion events and malicious activity to support intrusion detection and cyberattack warning
Provide recommendation for defensive measures and mitigation techniques to deny further exploitation by the adversary; synchronize and integrate intelligence activities to detect, analyze and recommend mitigation of cyber threats and vulnerabilities
Provide recommendations for appropriate response and actions to the activity to identify vulnerabilities, correct faults, and defeat or defend against threat activity
Perform threat analysis of emails held for review to determine if content poses a risk to the DoDIN-A. Complete release actions, escalation for Government review, or report as a cyber incident in accordance with the incident response plan (historically 50,000 emails reviewed per year)
Qualification
Required
6 years w/o BS/BA, 2 years w/BS/BA, 0 years w/Masters
A-531-0451, Cyber Defense Incident Responder (Intermediate) Playlist
CEH(P), ECIH, GRID, RCCE Level 1, CBROPS, CCSP, CEH, Cloud+, FITSP-O, GCED, GCIH, GSEC, PenTest+, Security+
Certifications: DCWF Code 511 Intermediate: CompTIA Cloud+ or CompTIA PenTest+ or CompTIA Security+ or GIAC Certified Enterprise Defender (GCED) or GIAC Foundational Cybersecurity Technologies (GFACT) or GIAC Information Security Fundamentals (GISF)
Benefits
Medical
Dental
Vision
Life
Health savings account
Short/long term disability
EAP
Parental leave
401(k)
Paid time off (PTO) for vacation
Company paid holidays
Company
Peraton
Peraton Fearlessly solving the toughest national security challenges.
10001+ employees
H1B Sponsorship
Peraton has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (4)
Funding
Current Stage
Late StageLeadership Team
Thomas Terjesen
Chief Information Officer
Recent News
Washington Technology
2026-01-22
2025-09-25
Company data provided by crunchbase