Job Description

Program Overview

About The Role

**Position is Contingent Upon Award**

Peraton seeks innovative professionals who thrive in mission-critical environments and are passionate about protecting our national critical infrastructure. This is your chance to make an impact on one of the nation’s vital organizations, working alongside leaders in cybersecurity engineering, operations, forensics, threat analysis, data science, and systems integration.

Join Peraton in supporting a large infrastructure operator to defend its corporate and operations networks from nation-state attacks, ensure the confidentiality, integrity, and availability of its systems and operations infrastructure, and comply with various federal and internal cybersecurity mandates. As a cybersecurity engineer in a 24x7x365 Cybersecurity Operations Center (CSOC), the position provides for the efficient  operations and performance of the corporate Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems, Security Orchestration, Automation, and Response (SOAR) systems such as Splunk, CrowdStrike, Nessus Security Center, Axonius, Swimlane, Websense, NetFlow and other tools to identify and investigate anomalies and thwart cyberattacks.

The CSOC cybersecurity engineer duties include management and optimization of the SIEM/EDR/SOAR platforms to effectively collect, analyze, and respond to security threats in real-time, focusing on integrating log sources, creating detection rules, tuning alerts, automating workflows, and supporting incident response.   The Cybersecurity Engineer will work with CSOC analysts, systems administrators, and managers to perform daily cybersecurity functions.

Primary Responsibilities:

The CSOC Security Engineer responsibilities will include:

• Corporate IT side operation, patching, performance and tuning of the CSOC SIEM, EDR, SOAR and related CSOC systems such as Splunk, Axonius, CrowdStike, Swimlane, Websense, NetFlow, their system applications, log aggregators, forwarders and data storage systems’ confidentiality, availability, integrity, and optimization, data input, and updating of data models and threat models
• Optimize and scale the corporate Splunk deployment, including forwarder architecture, index clustering and integration with security tools
• Coordination with the Operations Technology SIEM/EDR/SOAR cybersecurity engineer counterpart for the ongoing operation and health of core Splunk and related systems hardware, common information model and development of web framework, APIs, HTM for web Threat Widget integration
• Collection, analysis, and response of security threats in real-time, focusing on integrating log sources, creating detection rules, tuning alerts, automating workflows, and supporting incident response to improve the company’s overall security posture and regulatory compliance.
• Develop and tune system correlation rules, create/customize dashboards, workbooks, and reports to identify suspicious system activities and network traffic and potential security incidents for analysis by CSOC cybersecurity analysists, tune SIEM/EDRSOAR to reduce false positives (alert fatigue) improve alert fidelity, and optimize data usage
• Responsible for SIEM/EDR system monitoring and verification of log processing, troubleshooting, onboard existing and new log data sources (such as servers, firewalls, cloud services), ensure proper and secure log data ingestion, parsing, and storage of and managing the log lifecycle

Additional Responsibilities:

• Create new log and threat source types, field extractions, processing, etc. integrate CSOC tools with other CSOC and OT systems and threat intelligence platforms and configure systems for automated response actions
• Act as Point of Contact (POC) for SIEM/EDR ingestion of new data based on internal company customer requirements for network and system monitoring; and coordinate with other organizations such as IT and field operations to meet their security monitoring and threat detection system needs
• Responsible for developing and maintaining all SIEM/EDR/SOAR System Security Plans (SSP) and other documentation required, including systems technical descriptions, architectural diagrams and operational procedures
• Act as a Subject Matter Expert (SME) for the SIEM/EDR/SOAR and related CSOC systems assisting security analysts in investigating alerts and providing context for incident response
• Act as POC for defining new Splunk capabilities and services in direct support of CSOC system optimization and industry best practices and requirements
• Represent the CSOC systems in daily/shift operations briefings and document relevant information about notable events and hand-off responsibilities to the next shift cybersecurity engineer
• Maintain knowledge of the latest cyber-attacks, recommended responses, and industry best practices released by and government and private sectors

Qualifications

Required:

• U.S. Citizenship Required
• Must have the ability to obtain / maintain a DOE L Level or DOE Secret clearance
• Degree in computer science, engineering, cybersecurity, information technology, or related field
• Minimum of 8 years experience with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Experience in roles such as systems administration, security monitoring, threat and risk assessment, incident response, CSOC operations
• Hold Splunk training certifications such as Splunk Core Certified User, Splunk Cloud Certified Admin, Splunk Enterprise Certified Architect
• Demonstratable proficiency in working with SIEM/EDR/SOAR systems such as Splunk, Axonius, CrowdStrike, Nessus Security Center, Swimlane, NetFlow, network security devices, firewalls, cloud security
• Excellent verbal and written communications skills
• Ability to communicate technical issues to both infrastructure owners and management
• Must be able to work on a 4-month 24x7x365 shift rotation schedule

Desired:

• Experience with Python/PowerShell, TCP/IP, VPNs, network segmentation, network protocols (DNS, DNCP, SNMP, SCADA)
• Hold a cybersecurity certification such as CompTIA Security+, CISSP, CEH
• Hold advanced Splunk certified training certificates such as Splunk Certified Cybersecurity Defense Engineer, Splunk SOAR Certified Automation Developer, Splunk IT Service Intelligence Certified Admin
• Demonstrated problem-solving skills, knowledge of CSOC operations, or broad understanding of risk management, be able to methodically assess and test hypotheses, work independently, think innovatively and be enthusiastic to conduct research and develop tools that advance the state of the art in cybersecurity

SCA / Union / Intern Rate or Range

Details

Target Salary Range: $104,000 - $166,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

Benefits Statement: Peraton offers eligible employees a variety of benefits including medical, dental, vision, life, health savings account, short/long term disability, EAP, parental leave, 401(k), paid time off (PTO) for vacation, and company paid holidays. A full listing of available benefits can be viewed at

Application Duration Statement: The application period for the job is estimated to be 30 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates. 

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.

Job Tags

Similar Jobs