Senior Security Analyst

Program Overview

Peraton provides the customer with enterprise infrastructure support to plan, engineer, implement, enhance, maintain and operate the global consular affairs IT environment.

About The Role

Peraton is seeking a Senior Security Analyst ("Analyst") to join our team of qualified and diverse individuals on our Department of State (DOS) Bureau Consular Affairs Enterprise Infrastructure Operations (CAEIO) Program. The CAEIO Program provides IT Operations and Maintenance to modernize the legacy networks, applications, and databases supporting Consular Affairs (CA) services globally.

The Analyst will be a member of CAEIO’s Security Operations team, responsible for performing Information Assurance (IA) and compliance support services to maintain CA production systems and improve cyber hygiene and security across various applications, platforms, and operating systems.

Responsibilities

• Utilize SIEM and EDR tools to monitor activity targeting customer's networks, systems, and applications.
• Lead efforts to triage suspicious and malicious activity targeting the customer. Upon identifying unauthorized activity, collaborate with internal and external teams to respond to threats.
• Support after-action activities to strengthen the customer’s security posture.
• Develop and update processes, procedures, and documentation, including SOPs, to enhance incident handling, identify process improvements, and support team training.
• Interface with multiple levels of management, providing information in technical areas.
• Characterize and analyze network traffic to detect anomalous activity and potential threats to network resources.
• Notify designated managers, cyber incident responders, and cyber security service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.
• Analyze log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system (IDS) logs) to identify possible threats to network security.
• Conduct advanced searching in response to alert and event triage.
• Perform real-time cyber defense incident handling tasks.
• Coordinate with internal and external teams on information gathering and response actions for identified incidents .
• Track incident resolution actions and ensure notifications are provided to the required point of contacts.
• Communicate with customers and teammates clearly and concisely.

Core Work Schedule: First shift: 7:00 AM ET -3:30 PM ET, Wednesday - Sunday.

Work Location: Must be local to Washington, DC area. This position is currently hybrid with remote work and up to two days per week in the office in Sterling, VA.

Qualifications

Basic Qualifications

• U.S. citizenship and an active Secret c learance with the ability to obtain a Top-Secret clearance.
• 5+ years of related systems security analysis experience - primarily in a government environment, dealing with business critical, high availability systems.
• Experience using SIEM and EDR platforms for security monitoring .
• Understanding of system, network, and application security threats and vulnerabilities with the ability to establish monitoring solutions.
• Ability to identifying different tactics and techniques of attacks.
• Strong log analysis skills.
• Understanding of TCP/IP and UDP protocols, network ports/protocols, and traffic flow.
• Strong knowledge of data analysis.
• 5+ years SOC or related cybersecurity analysis experience.
• Experience utilizing Splunk to conduct incident investigations.
• Experience conducting incident analysis and triage to identify true incidents.
• Ability to multitask and prioritize tasks to meet periodically changing deadlines.
• Self-starting and able to drive projects to completion in a fast-paced environment.
• Strong written and verbal communication skills. Able to create, discuss, and explain technical documentation.
• Security+ CE or other 8570 IAT level II certification (required).

Preferred Qualifications

• Ability to examine issues both strategically and analytica lly.
• Knowledge of networking essentials, components, data flows, protocols, and authorization boundaries.
• Knowledge of cybersecurity frameworks and standards:
• Cyber Incident Response Team (CIRT) or Security Operation Center (SOC) team experience
• Knowledge of attack techniques and current threats
• Knowledge of current IT security best practices
• Mixed operating systems experience (Linux, Windows)
• Understanding of web applications.

Education and Experience: High school diploma (or equivalent) and 9 years of experience; Associate degree and 7 years of experience; Bachelor's degree and 5 years of experience.

SCA / Union / Intern Rate or Range

Details

Target Salary Range: $104,000 - $166,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.