Cyber Incident Response Team (CIRT) Lead

We are seeking a highly skilled and innovative Cyber Incident Response Team (CIRT) Lead to join our team in the greater DMV area, supporting the Army National Guard.

Responsibilities

Lead enterprise incident response operations: triage, containment, eradication, recovery, and postincident activities for highseverity cybersecurity events across all enclaves.
• Develop, maintain, and exercise incident response playbooks, escalation workflows, investigative procedures, and evidencehandling protocols aligned with DoD, Army, and NIST guidance.
• Oversee advanced investigations: coordinate log analysis, packet capture/inspection, forensic collection, malware analysis, and adversary behavior mapping to identify root causes and operational impacts.
• Integrate threat intelligence, hunt findings, and vulnerability data into response processes to inform realtime decisions and remediation priorities.
• Coordinate enterprise response actions with SOC, RCCARNG, NETCOM, ARCYBER, engineering, and mission stakeholders to enable rapid containment and remediation.
• Manage deployment and optimization of incident response tooling (forensics, EDR, SOAR, packet analysis) and ensure readiness of CIRT capabilities.
• Produce incident reports, afteraction reviews, timelines, and executive briefings documenting actions, impacts, and recommended defensive improvements.
• Identify detection gaps, configuration weaknesses, and architectural vulnerabilities uncovered during incidents and drive corrective action planning and validation.
• Lead readiness activities: tabletop exercises, red/blue/purple team engagements, training, and continuous improvement of response processes and metrics.

#ENOCS

Qualifications

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD

• Clearance: Active TS/SCI clearance.

• Candidate must meet ONE of the following:

  • Master's degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR
  • Relevant DoD/military training (examples: 411C32255S (CP), 4C255N (CP), 4C255A (CP)); OR
  • Relevant professional certification or equivalent experience (examples: CFR, CySA+, GCFA, GCIA, GICSP).

• Required experience and skills:

  • Incident response, digital forensics, or advanced cyber operations experience with at least 3 years leading CIRT or SOC incident response teams in enterprise or DoD environments.
  • Deep expertise in forensic collection/analysis, packet/IP traffic analysis, EDR/XDR tooling, log forensics, and malware/IOC analysis.
  • Proven ability to coordinate multistakeholder responses at scale and produce decisiongrade incident reports and executive briefings.
  • Strong knowledge of RMF/ATO evidence requirements, chainofcustody, legal/privilege considerations, and DoD incident reporting channels.
  • Experience implementing and tuning SOAR playbooks, detection validations, and remediation verification processes.

• Desired:

  • Prior experience coordinating incidents with ARCYBER, NETCOM, DISA, or RCCARNG and familiarity with multidomain (NIPR/SIPR/cloud) response complexities.
  • Track record running crossdomain exercises, purple teams, and continuous improvement programs that measurably improve MTTD/MTTR and detection fidelity.

#ENOCS

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.