Tier 1 Cyber Incident Response Team (CIRT) Lead jobs in United States
cer-icon
Apply on Employer Site
company-logo

Peraton · 16 hours ago

Tier 1 Cyber Incident Response Team (CIRT) Lead

positionBeltsville, MD
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$104K/yr - $166K/yr
date9+ years exp

Peraton is a next-generation national security company that drives missions of consequence. They are seeking an experienced Tier 1 Cyber Incident Response Team (CIRT) Lead to manage and coordinate cyber security events and incidents, ensuring effective triage and response capabilities in a 24x7x365 environment.

Information TechnologyRobotics
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Manage the detection, classification, processing, tracking, and reporting on cyber security events and incidents
Coordinate and collaborate with Department teams to analyze and respond to events and incidents
Manage triage and response capabilities in a 24x7x365 environment
Monitor and triage the CIRT hotline, email inboxes, and fax
Manage ticket creation and workflows as instructed in SOPs
Mange the reporting of incident information to the Cybersecurity and Infrastructure Security Agency (CISA)
Manage collaboration with other local, national and international CIRTs as directed
Manage the delivery and oversight of remediation activities
Manage IR processes for identifying and triaging email events
Manage IR processes for triage and analysis of Splunk Enterprise Security (ES) alerts and Microsoft Defender for Endpoint (MDE) Alerts
Manage IR processes for triage of malicious artifacts to remediate further propagation
Manage IR processes for triage and initial analysis of Microsoft Defender for Identity alerts, Entra ID alerts, and Microsoft for Cloud Identity alerts
Create schedules and maintain personnel across all shifts
Review monthly and technical status reports to ensure compliance and accuracy
Review and update SCRUM sprint objectives for the team
Prepare weekly metrics reports and Weekly Activity Reports (WAR) for upper management
Write and suggest technical and procedural changes to CIRT management
Conduct candidate interviews to evaluate potential team members
Lead Shift Lead meetings to discuss training, issues, and concerns
Identify Tier 1 analyst training requirements and coordinate training support
Mentor the professional development of Tier 1 analysts

Qualification

Incident Response lifecycleSecurity OrchestrationResponseSIEM platformsEndpoint DetectionMITRE ATT&CK frameworkCloud security monitoringPowerShell scriptingPython scriptingAgile frameworkLeadership capabilitiesCommunicationMentoring skills

Required

Bachelor's degree and a minimum of 9 years of relevant experience; 7 years with a Master's degree; 4 years with a PhD. An additional 4 years of relevant experience may be substituted for the degree requirement
Applicants must currently hold one of the following professional certifications or obtain one prior to their start date. Continued certification is required as a condition of employment: CASP+ CE, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CHFI, CISA, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, CySA+, GCED, GCFA, GCIH, SCYBER
U.S. citizenship required
Active Secret security clearance
Ability to obtain a final Top-Secret clearance
Demonstrated experience across the Incident Response lifecycle
Experience using ticketing and Security Orchestration and Response (SOAR) platforms (e.g., ServiceNow, Splunk SOAR)
Knowledge of MITRE ATT&CK and D3FEND frameworks
Knowledge of the Agile framework and SCRUM planning lifecycle
Experience with log analysis and correlation from multiple sources
Experience with email security and phishing analysis
Experience with cloud security monitoring and cloud-based incident response
Proficiency with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar)
Proficiency with Endpoint Detection and Response (EDR) platforms (e.g., Microsoft XDR, Elastic XDR, Carbon Black, CrowdStrike)
Ability to analyze all-source cyber threat intelligence and understand adversary methodologies and techniques
Experience with PowerShell, Python, or BASH scripting
Knowledge of static and dynamic malicious artifact analysis
Experience collaborating with internal and external stakeholders
Excellent written and verbal communication skills
Strong leadership and mentoring capabilities

Preferred

Advanced technical or project management certifications, such as: CISSP, SecurityX/CASP+, GEIR, GNFA, GCFA, PMP, CISA
Demonstrated expertise with Splunk for security monitoring and alert triage
Demonstrated expertise with Microsoft Defender for Endpoint and Identity
Experience with SCRUM planning under the Agile framework
Experience with digital forensics collection and analysis tools
Experience using Microsoft Azure for access and identity management
Experience using ServiceNow SOAR for ticketing and automated response
Proficiency with Python, PowerShell, and BASH scripting
Proficiency in cloud security monitoring and incident response triage
Experience with static and dynamic malicious artifact analysis

Benefits

Medical
Dental
Vision
Life
Health savings account
Short/long term disability
EAP
Parental leave
401(k)
Paid time off (PTO) for vacation
Company paid holidays

Company

Peraton

twittertwitter
Glassdoor3.6
company-logo
Peraton Fearlessly solving the toughest national security challenges.
dateFounded in 1992
location
Woodbridge, New Jersey, USA
people-size10001+ employees
web-link
https://www.peraton.com/

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Thomas Terjesen
Chief Information Officer
linkedin

Recent News

Washington Technology
SSA starts to craft IT services recompete
2026-01-22
MarketScreener
Two bidders vie to be project manager of massive FAA US air traffic overhaul
2025-09-25
Benzinga.com
Snowflake Partners With Peraton, Builds AI Fraud Detection Tools To Protect Taxpayer Dollars
2025-09-17
Company data provided by crunchbase