Cyber Incident Response Developer

Required:• Bachelor’s degree and 5 years of relevant experience; or a Master's degree and 3 years of experience. An additional 4 years of experience will be considered in lieu of degree.• Must possess ONE of the following certifications or the ability to obtain before start date:• CCNA-Security, CEH, CFR, CHFI, Cloud+, CySA+, GCFA, GCIA, GCIH, GICSP, SCYBER• Expertise in planning, implementation and usage of log aggregation and security analysis tools.• Knowledge of Splunk, native event logs, and ability to identify remediation steps for cybersecurity events.• Strong organizational skills.• Proven ability to operate in a time sensitive environment. • Proven ability to communicate orally and written.• Proven ability to brief (technical/informational) senior leadership.• Ability to scope and perform impact analysis on incidents.• U.S. citizenship required.• Secret security clearance to start with the ability to obtain a Top Secret security clearance.Preferred:• Familiarity with monitoring Cross Domain Solutions.• Familiarity with Databricks.• Understanding of Machine Learning and User and Entity Behavior Analytics.• Understanding of Cloud Development with Microsoft Azure/MDE.• Understanding of SQL, Python and JavaScript.• Microsoft Certifications (SC-200, SC-300, SC-400, SC-900)Peraton is currently seeking a Cyber Incident Response Developer to become part of Peraton’s Department of State (DoS) Diplomatic Security Cyber Mission (DSCM) program providing leading cyber and technology security experience to enable innovative, effective and secure business processes. You will be a part of the Cyber Incident Response Team.Location: Beltsville, MD.  Required: on-site work for the first 90 days. After the 90 day period, a hybrid schedule may be offered. This position will support Monday – Friday from 8:00am to 5:00pm.    In this role, you will:• Implement SIEM detection capabilities.• Develop alerting for cloud-related malicious activity.• Coordinate detection efforts between the development and hunt teams.• Develop and enhance threat dashboards and advanced analysis capabilities.• Assist in integrating ticketing solution with detection and response events (SOAR).• Onboard and integrate cyber monitoring tools from the analyst’s perspective.• Write Microsoft Defender for Endpoint (MDE), Zeek (Bro) Suricata and Snort signatures, develop new content for cyber defense tools.• Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) to improve threat detection.• Provide Developer support in a 24x7x365 environment.#DSCM