Cyber Incident Response Team (CIRT) Lead (SME)

Program Overview

About The Role

We are seeking a highly skilled and innovative Cyber Incident Response Team (CIRT) Lead (SME) to join our team in the greater DMV area, supporting the Army National Guard.

Responsibilities

• Provide enterprise technical authority for cyber incident response: establish doctrine, escalation frameworks, investigative standards, and adjudication processes aligned with DoD, Army, and NIST guidance.
• Advise senior leadership during high‑severity incidents on containment strategy, operational risk, recovery priorities, and risk tradeoffs.
• Oversee development, validation, and lifecycle management of incident response playbooks, forensic methodologies, adversary mapping techniques, and chain‑of‑custody procedures to ensure defensible investigative outcomes.
• Integrate threat intelligence, threat hunting insights, and vulnerability data into enterprise response strategy to improve detection fidelity and inform remediation priorities.
• Guide optimization and architectural alignment of SOC/CIRT tooling (EDR/XDR, SOAR, forensics, packet capture) to ensure operational readiness and scalability.
• Direct cross‑organizational coordination with RCC‑ARNG, NETCOM, ARCYBER, engineering, and mission stakeholders for synchronized response and long‑term remediation.
• Lead after‑action analysis, produce executive incident reports and AARs, and drive corrective action planning to address detection gaps and architectural weaknesses.
• Oversee readiness exercises, purple/red/blue team activities, and continuous improvement programs to mature response capabilities and reduce MTTD/MTTR.
• Mentor CIRT leadership, establish metrics/KPIs for response effectiveness, and maintain evidence and reporting practices for RMF/ATO and legal/audit requirements.

#ENOCS

Qualifications

Qualifications

• Minimum of 12 years with BS/BA; Minimum of 10 years with MS/MA; Minimum of 7 years with Ph.D.

• Clearance: Active TS/SCI clearance.

• Candidate must meet ONE of the following:

  • Master’s degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR
  • Relevant DoD/military training (examples: 4‑11‑C32‑255S (CP), 4C‑255N (CP), 4C‑255A (CP)); OR
  • Relevant professional certification or equivalent experience (examples: CFR, CySA+, GCFA, GCIA, GICSP).

• Required experience and skills:

  • Cybersecurity operations, incident response, or advanced cyber investigations experience with at least 7 years in senior CIRT/SOC leadership or technical authority roles supporting enterprise or DoD environments.
  • Proven expertise in forensic collection/analysis, packet capture and network forensic techniques, EDR/XDR operations, malware analysis, and adversary TTP mapping.
  • Demonstrated ability to coordinate multi‑stakeholder responses with ARCYBER, NETCOM, DISA, RCC‑ARNG, and other mission partners.
  • Experience developing and validating enterprise incident playbooks, SOAR playbooks, escalation matrices, and evidence handling practices that meet RMF/ATO and legal standards.
  • Strong executive briefing skills and experience producing decision‑grade incident reports, AARs, and remediation roadmaps.
  • Track record running large‑scale exercises (tabletop, purple team, red/blue) and driving measurable improvements in detection and response metrics.

• Desired:

  • Prior experience as a CIRT technical authority or senior incident commander in DoD/Army/ARNG environments.
  • Experience integrating threat intelligence programs and hunt teams into incident response operations.
  • Familiarity with legal/forensic admissibility considerations and working with external partners for cross‑boundary investigations.

#ENOCS

SCA / Union / Intern Rate or Range

Details

Target Salary Range: $112,000 - $179,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

Benefits Statement: Peraton offers eligible employees a variety of benefits including medical, dental, vision, life, health savings account, short/long term disability, EAP, parental leave, 401(k), paid time off (PTO) for vacation, and company paid holidays. A full listing of available benefits can be viewed at

Application Duration Statement: The application period for the job is estimated to be 30 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.