Home › Companies › Careers Peraton Icims Com › Tier 2 Shift Lead / Secret
Tier 2 Shift Lead / Secret
Careers Peraton Icims Com · Beltsville, MD, US · On Site · Active · $104,000–$166,000 / day · iCIMS
Job facts
| Field | Value |
|---|---|
| Company | Careers Peraton Icims Com |
| Title | Tier 2 Shift Lead / Secret |
| Normalized title | - |
| Department / team | Information Technology |
| Location | Beltsville, MD, United States |
| Work model | On Site |
| Employment type | Full Time |
| Salary | $104,000–$166,000 / day |
| Status | active |
| ATS provider | iCIMS |
| Posted / first seen | 2026-05-05 / 2026-05-31 |
| Changed / last seen | 2026-06-01 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Careers Peraton Icims Com. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through iCIMS. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| City jobs | Active postings in Beltsville. | Open |
| Department jobs | Active postings in Information Technology. | Open |
| Work model jobs | Active On Site postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Careers Peraton Icims Com |
| Source | 944b3981-c90b-4379-a0d8-7cc8e4e36cf3 |
| ATS provider | iCIMS |
Description
Responsibilities
Peraton is seeking an experienced Tier 2 Cyber Incident Response Team (CIRT) Shift Lead to join Peratons' Federal Strategic Cyber Mission program.
Location: Beltsville, MD; On-site
Work Hours: Day Shift, 06:00– 14:00 EST (6:00 - 2:00 PM, EST), Tuesday - Saturday
In this role, you will:
Detect, classify, process, track, and report on cyber security events and incidents.
Perform advanced in-depth analysis of coordinated Tier 1 alert triage and requests in a 24x7x365 environment.
Analyze logs from multiple sources (e.g., host logs, EDR, firewalls, intrusion detection systems, servers) to identify, contain, and remediate suspicious activity.
Characterize and analyze network traffic to identify anomalous activity and potential threats.
Protect against and prevent potential cyber security threats and vulnerabilities.
Perform forensic analysis of hosts artifacts, network traffic, and email content.
Analyze malicious scripts and code to mitigate potential threats.
Conduct malware analysis to generate IOCs to identify and mitigate threats.
Collaborate with Department of State teams to analyze and respond to events and incidents.
Monitor and respond to the CIRT Security Orchestration and Automation Response (SOAR) platform, hotline, email in-boxes.
Create tickets and initiate workflows as instructed in technical SOPs.
Coordinate and report incident information to the Cybersecurity and Infrastructure Security Agency (CISA).
Collaborate with other local, national and international CIRTs as directed.
Submit alert tuning requests.
Additionally, as a Tier 2 Shift Lead you will:
Review all Tier 2 shift tickets for accuracy and completeness
Coordinate with CIRT Watch Officers and government leadership on remediation actions
Provide technical and procedural improvement recommendations to CIRT leadership
Assist with Tier 2 candidate technical interviews as required
Ensure coordinated remediation actions are operating properly
Qualifications
Minimum Qualifications
Bachelor’s degree and minimum of 9 years of relevant experience; or, Master’s degree with minimum of 7 years; or PhD with 4 years.
Must possess, or obtain prior to start date, at least one of the following certifications. Continued certification is required as a condition of employment:
CASP+ CE; CCNA Cyber Ops; CCNA-Security; CCNP Security; CEH; CFR; CHFI; CISA;CISSP (or Associate); CISSP-ISSAP; CISSP-ISSEP; CySA+; GCED; GCFA; GCIH; SCYBER
Demonstrated experience across the incident response lifecycle.
Experience with SOAR platforms and automated response workflows (e.g., ServiceNow, Splunk SOAR, Microsoft Sentinel).
Experience with Security Information and Event Management (SIEM) platforms (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar).
Experience with Endpoint Detection and Response (EDR) solutions (e.g., Microsoft Defender for Endpoint, Elastic XDR, Carbon Black, CrowdStrike).
Knowledge of cloud security monitoring and incident response.
Knowledge of integrating indicators of compromise (IOCs) and tracking advanced persistent threat (APT) actors.
Ability to analyze cyber threat intelligence and understand adversary tactics, techniques, and procedures (TTPs).
Knowledge of malware analysis techniques.
Familiarity with MITRE ATT&CK and D3FEND frameworks.
U.S. Citizenship required.
Active Secret security clearance required at start.
Preferred Qualifications:
Proficiency with Splunk for security monitoring, alert creation, and threat hunting.
Experience using Microsoft Azure access and identity management.
Proficiency in Microsoft Defender for Endpoint and Identity for security monitoring, response, and alert generations.
Experience using digital forensics collection and analysis tools (e.g. Autopsy, Axiom MagnetForensics, Zimmerman-Tools, KAPE, CyLR, Volatility).
Experience using ServiceNow SOAR for ticketing and automated response.
Experience using Python, PowerShell and BASH scripting languages.
Proficiency in cloud security monitoring and incident response.
Demonstrated ability to perform static/dynamic malware analysis and reverse engineering.
Experience with integrating cyber threat intelligence and IOC-based hunting.
Technical certifications such as: Azure SC-900, CCSP, GCIH, CCSK, GSEC, CHFI, GCLD, GCIA.
Advanced technical certifications such as: SecurityX/CASP+, PRMP, GREM, GEIR, GNFA, or GCFA.
Peraton Overview
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.
Target Salary Range $104,000 - $166,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.
EEO EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.
Full job record
| Job ID | 6337f21d318a54bd7f4fa1d78093e04dfe43ba6f |
| Org ID | b88db125-2f81-4362-9897-a29d0e7de670 |
| Source ID | 944b3981-c90b-4379-a0d8-7cc8e4e36cf3 |
| Board ID | 944b3981-c90b-4379-a0d8-7cc8e4e36cf3 |
| Provider | icims |
| Provider Job Key | 166461 |
| Title | Tier 2 Shift Lead / Secret |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | Beltsville, MD, US |
| Department | Information Technology |
| Team | — |
| Employment Type | full_time |
| Workplace Type | on_site |
| Remote Policy | — |
| Country | United States |
| Region | MD |
| City | Beltsville |
| Salary Raw | Responsibilities Peraton is seeking an experienced Tier 2 Cyber Incident Response Team (CIRT) Shift Lead to join Peratons' Federal Strategic Cyber Mission program. Location: Beltsville, MD; On-site Work Hours: Day Shift, 06:00– 14:00 EST (6:00 - 2:00 PM, EST), Tuesday - Saturday In this role, you will: Detect, classify, process, track, and report on cyber security events and incidents. Perform advanced in-depth analysis of coordinated Tier 1 alert triage and requests in a 24x7x365 environment. Analyze logs from multiple sources (e.g., host logs, EDR, firewalls, intrusion detection systems, servers) to identify, contain, and remediate suspicious activity. Characterize and analyze network traffic to identify anomalous activity and potential threats. Protect against and prevent potential cyber security threats and vulnerabilities. Perform forensic analysis of hosts artifacts, network traffic, and email content. Analyze malicious scripts and code to mitigate potential threats. Conduct malware analysis to generate IOCs to identify and mitigate threats. Collaborate with Department of State teams to analyze and respond to events and incidents. Monitor and respond to the CIRT Security Orchestration and Automation Response (SOAR) platform, hotline, email in-boxes. Create tickets and initiate workflows as instructed in technical SOPs. Coordinate and report incident information to the Cybersecurity and Infrastructure Security Agency (CISA). Collaborate with other local, national and international CIRTs as directed. Submit alert tuning requests. Additionally, as a Tier 2 Shift Lead you will: Review all Tier 2 shift tickets for accuracy and completeness Coordinate with CIRT Watch Officers and government leadership on remediation actions Provide technical and procedural improvement recommendations to CIRT leadership Assist with Tier 2 candidate technical interviews as required Ensure coordinated remediation actions are operating properly Qualifications Minimum Qualifications Bachelor’s degree and minimum of 9 years of relevant experience; or, Master’s degree with minimum of 7 years; or PhD with 4 years. Must possess, or obtain prior to start date, at least one of the following certifications. Continued certification is required as a condition of employment: CASP+ CE; CCNA Cyber Ops; CCNA-Security; CCNP Security; CEH; CFR; CHFI; CISA;CISSP (or Associate); CISSP-ISSAP; CISSP-ISSEP; CySA+; GCED; GCFA; GCIH; SCYBER Demonstrated experience across the incident response lifecycle. Experience with SOAR platforms and automated response workflows (e.g., ServiceNow, Splunk SOAR, Microsoft Sentinel). Experience with Security Information and Event Management (SIEM) platforms (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar). Experience with Endpoint Detection and Response (EDR) solutions (e.g., Microsoft Defender for Endpoint, Elastic XDR, Carbon Black, CrowdStrike). Knowledge of cloud security monitoring and incident response. Knowledge of integrating indicators of compromise (IOCs) and tracking advanced persistent threat (APT) actors. Ability to analyze cyber threat intelligence and understand adversary tactics, techniques, and procedures (TTPs). Knowledge of malware analysis techniques. Familiarity with MITRE ATT&CK and D3FEND frameworks. U.S. Citizenship required. Active Secret security clearance required at start. Preferred Qualifications: Proficiency with Splunk for security monitoring, alert creation, and threat hunting. Experience using Microsoft Azure access and identity management. Proficiency in Microsoft Defender for Endpoint and Identity for security monitoring, response, and alert generations. Experience using digital forensics collection and analysis tools (e.g. Autopsy, Axiom MagnetForensics, Zimmerman-Tools, KAPE, CyLR, Volatility). Experience using ServiceNow SOAR for ticketing and automated response. Experience using Python, PowerShell and BASH scripting languages. Proficiency in cloud security monitoring and incident response. Demonstrated ability to perform static/dynamic malware analysis and reverse engineering. Experience with integrating cyber threat intelligence and IOC-based hunting. Technical certifications such as: Azure SC-900, CCSP, GCIH, CCSK, GSEC, CHFI, GCLD, GCIA. Advanced technical certifications such as: SecurityX/CASP+, PRMP, GREM, GEIR, GNFA, or GCFA. Peraton Overview Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure. Target Salary Range $104,000 - $166,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. EEO EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law. |
| Salary Min | 104,000 |
| Salary Max | 166,000 |
| Salary Currency | USD |
| Salary Period | day |
| Source URL | https://careers-peraton.icims.com/jobs/166461/tier-2-shift-lead---secret/job |
| Apply URL | https://careers-peraton.icims.com/jobs/166461/tier-2-shift-lead---secret/job |
| First Seen At | 2026-05-31 18:45:22Z |
| Last Seen At | 2026-06-06 08:30:31Z |
| Last Checked At | 2026-06-06 08:30:31Z |
| Last Changed At | 2026-06-01 13:53:09Z |
| Inactive At | — |
| Source Posted At | 2026-05-05 04:00:00Z |
| Source Updated At | 2026-05-11 18:55:18Z |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=icims/board=careers-peraton.icims.com/date=2026-06-06/2026-06-06T08-29-11-585Z-62c6aa17ff46c56fb91a34c45fc7003d905a4242cf4e51d0ad09795febd21c98.json |
Event Fields
{
"content_hash": "d0c8a9c170a72f350b731e039c052a6e3abfa897f4f318ee6164a3a2e5d430ad",
"source_hash": "bd8b9b338472f24e2ef49e8ffee35a0f2876fa8ae7b54fe28be7c9cfab26dbf3",
"last_changed_at": "2026-06-01T13:53:09.581Z",
"active_status": "active"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "Beltsville, MD, US",
"city": "Beltsville",
"region": "MD",
"country": "United States",
"is_remote": false,
"confidence": 0.8
},
"salary_max": 166000,
"salary_min": 104000,
"inferred_at": "2026-06-06T08:30:31.439Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en",
"location": {
"raw": "Beltsville, MD, US",
"city": "Beltsville",
"region": "MD",
"country": "United States",
"is_remote": false,
"confidence": 0.8
},
"countries": [
"United States"
]
},
"remote_policy": null,
"salary_period": "day",
"workplace_type": "on_site",
"salary_currency": "USD"
}Extensions
{}Native Structured
{
"json_ld": {
"url": "https://careers-peraton.icims.com/jobs/166461/tier-2-shift-lead---secret/job",
"@type": "JobPosting",
"title": "Tier 2 Shift Lead / Secret",
"@context": "http://schema.org",
"datePosted": "2026-05-05T04:00:00.000Z",
"description": "<h2>Responsibilities</h2>\n<p>Peraton is seeking an experienced <strong>Tier 2 Cyber Incident Response Team (CIRT) Shift Lead</strong> to join Peratons' Federal Strategic Cyber Mission program.</p>\n<p> </p>\n<p><strong>Location: Beltsville, MD; On-site</strong></p>\n<p> </p>\n<p><strong>Work Hours:</strong> Day Shift, 06:00– 14:00 EST (6:00 - 2:00 PM, EST), Tuesday - Saturday</p>\n<p> </p>\n<p><strong>In this role, you will:</strong></p>\n<ul>\n <li>Detect, classify, process, track, and report on cyber security events and incidents.</li>\n <li>Perform advanced in-depth analysis of coordinated Tier 1 alert triage and requests in a 24x7x365 environment.</li>\n <li>Analyze logs from multiple sources (e.g., host logs, EDR, firewalls, intrusion detection systems, servers) to identify, contain, and remediate suspicious activity.</li>\n <li>Characterize and analyze network traffic to identify anomalous activity and potential threats.</li>\n <li>Protect against and prevent potential cyber security threats and vulnerabilities.</li>\n <li>Perform forensic analysis of hosts artifacts, network traffic, and email content.</li>\n <li>Analyze malicious scripts and code to mitigate potential threats.</li>\n <li>Conduct malware analysis to generate IOCs to identify and mitigate threats.</li>\n <li>Collaborate with Department of State teams to analyze and respond to events and incidents.</li>\n <li>Monitor and respond to the CIRT Security Orchestration and Automation Response (SOAR) platform, hotline, email in-boxes.</li>\n <li>Create tickets and initiate workflows as instructed in technical SOPs.</li>\n <li>Coordinate and report incident information to the Cybersecurity and Infrastructure Security Agency (CISA).</li>\n <li>Collaborate with other local, national and international CIRTs as directed.</li>\n <li>Submit alert tuning requests.</li>\n</ul>\n<p><strong>Additionally, as a Tier 2 Shift Lead you will:</strong> </p>\n<ul>\n <li>Review all Tier 2 shift tickets for accuracy and completeness</li>\n <li>Coordinate with CIRT Watch Officers and government leadership on remediation actions</li>\n <li>Provide technical and procedural improvement recommendations to CIRT leadership</li>\n <li>Assist with Tier 2 candidate technical interviews as required</li>\n <li>Ensure coordinated remediation actions are operating properly</li>\n</ul>\n<h2>Qualifications</h2>\n<p><strong>Minimum Qualifications</strong></p>\n<ul>\n <li>Bachelor’s degree and minimum of 9 years of relevant experience; or, Master’s degree with minimum of 7 years; or PhD with 4 years.</li>\n <li>Must possess, or obtain prior to start date, at least one of the following certifications. Continued certification is required as a condition of employment:\n <ul>\n <li><p>CASP+ CE; CCNA Cyber Ops; CCNA-Security; CCNP Security; CEH; CFR; CHFI; CISA;CISSP (or Associate); CISSP-ISSAP; CISSP-ISSEP; CySA+; GCED; GCFA; GCIH; SCYBER</p></li>\n </ul></li>\n <li>Demonstrated experience across the incident response lifecycle.</li>\n <li>Experience with SOAR platforms and automated response workflows (e.g., ServiceNow, Splunk SOAR, Microsoft Sentinel).</li>\n <li>Experience with Security Information and Event Management (SIEM) platforms (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar).</li>\n <li>Experience with Endpoint Detection and Response (EDR) solutions (e.g., Microsoft Defender for Endpoint, Elastic XDR, Carbon Black, CrowdStrike).</li>\n <li>Knowledge of cloud security monitoring and incident response.</li>\n <li>Knowledge of integrating indicators of compromise (IOCs) and tracking advanced persistent threat (APT) actors.</li>\n <li>Ability to analyze cyber threat intelligence and understand adversary tactics, techniques, and procedures (TTPs).</li>\n <li>Knowledge of malware analysis techniques.</li>\n <li>Familiarity with MITRE ATT&CK and D3FEND frameworks.</li>\n <li>U.S. Citizenship required.</li>\n <li>Active Secret security clearance required at start.</li>\n</ul>\n<p><strong>Preferred Qualifications: </strong> </p>\n<ul>\n <li>Proficiency with Splunk for security monitoring, alert creation, and threat hunting.</li>\n <li>Experience using Microsoft Azure access and identity management.</li>\n <li>Proficiency in Microsoft Defender for Endpoint and Identity for security monitoring, response, and alert generations.</li>\n <li>Experience using digital forensics collection and analysis tools (e.g. Autopsy, Axiom MagnetForensics, Zimmerman-Tools, KAPE, CyLR, Volatility).</li>\n <li>Experience using ServiceNow SOAR for ticketing and automated response.</li>\n <li>Experience using Python, PowerShell and BASH scripting languages.</li>\n <li>Proficiency in cloud security monitoring and incident response.</li>\n <li>Demonstrated ability to perform static/dynamic malware analysis and reverse engineering.</li>\n <li>Experience with integrating cyber threat intelligence and IOC-based hunting.</li>\n <li>Technical certifications such as: Azure SC-900, CCSP, GCIH, CCSK, GSEC, CHFI, GCLD, GCIA.</li>\n <li>Advanced technical certifications such as: SecurityX/CASP+, PRMP, GREM, GEIR, GNFA, or GCFA.</li>\n</ul>\n<h2>Peraton Overview</h2>\n<p>Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.</p>\n<h2>Target Salary Range</h2>$104,000 - $166,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.\n<h2>EEO</h2>EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.",
"directApply": true,
"jobLocation": [
{
"@type": "Place",
"address": {
"@type": "PostalAddress",
"postalCode": "UNAVAILABLE",
"addressRegion": "MD",
"streetAddress": "UNAVAILABLE",
"addressCountry": "US",
"addressLocality": "Beltsville",
"postOfficeBoxNumber": "UNAVAILABLE"
}
}
],
"validThrough": "2027-05-05T04:00:00.000Z",
"employmentType": "FULL_TIME",
"hiringOrganization": {
"name": "Peraton",
"@type": "Organization",
"sameAs": "UNAVAILABLE"
},
"occupationalCategory": "Information Technology"
},
"detail_meta": {
"url": "https://careers-peraton.icims.com/jobs/166461/tier-2-shift-lead---secret/job?in_iframe=1",
"http_status": 200,
"content_type": "text/html;charset=UTF-8",
"response_bytes": 43332,
"compact_response_bytes": 7795,
"original_response_bytes": 43332
},
"sitemap_job": {
"id": "166461",
"url": "https://careers-peraton.icims.com/jobs/166461/tier-2-shift-lead---secret/job",
"slug": "tier-2-shift-lead---secret",
"lastmod": "2026-05-11T14:55:18-04:00"
},
"detail_errors": []
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/6337f21d318a54bd7f4fa1d78093e04dfe43ba6f?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/b88db125-2f81-4362-9897-a29d0e7de670JSONGET https://api.bluedoor.sh/job-postings/v1/sources/944b3981-c90b-4379-a0d8-7cc8e4e36cf3JSONGET https://api.bluedoor.sh/job-postings/v1/jobs/6337f21d318a54bd7f4fa1d78093e04dfe43ba6f/eventsJSON