Cloud Security Subject Matter Expert (SME) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Peraton · 1 month ago

Cloud Security Subject Matter Expert (SME)

positionUS-MD-Beltsville
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
money$135K/yr - $216K/yr
date14+ years exp

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. They are seeking an experienced CIRT Cloud Security Subject Matter Expert (SME) to support the Cyber Incident Response Team (CIRT) by providing expert-level cloud security support and developing training programs for analysts.

Information TechnologyRobotics
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Provide Subject Matter Expert (SME) level Cloud Security support in a 24x7x365 environment
Share in-depth knowledge and intelligence gained from cyber security events with stakeholders
Protect against potential cyber security incidents by pro-actively identifying steps to remediate threats and vulnerabilities
Provide SME level response, technical assistance and expertise for significant cyber incidents, investigations, operational events, and related cyber projects
Develop and implement training programs for CIRT Tier 1 and Tier 2 analysts
Conduct detailed research to increase awareness and readiness levels of the security operations center
Conduct advanced analysis and recommend remediation steps
Analyze network events to determine impact
Conduct all-source research to determine threat capability and intent
Develop and maintain analytical procedures to meet changing requirements
Coordinate with cross-functional teams during significant cyber incidents
Identify emergent cybersecurity technologies and develop methodologies for their employment
Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information
Identify and determine tactics, techniques, and procedures for intrusion sets
Work with stakeholders to resolve computer security incidents and vulnerability compliance
Collect and analyze intrusion artifacts (e.g., source code, malware, and system configurations) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise
Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support incident response
Publish after-action reports, cyber defense techniques, guidance, and incident reports
Review, draft, edit, update and publish cyber incident response plans

Qualification

Cloud Security ExpertiseIncident Response LifecycleCyber Threat IntelligenceDigital Forensics ToolsCloud Computing TechnologiesEndpoint DetectionResponseSecurity InformationEvent ManagementSecurity OrchestrationAutomationMalware Analysis TechniquesMicrosoft Azure ProficiencySplunk ProficiencyTraining Program DevelopmentCommunication SkillsOrganizational SkillsCross-Functional Collaboration

Required

Bachelor's degree and minimum of 14 years of relevant experience; 12 years with Masters
To be considered for this position, applicants must either currently hold one of the professional certifications listed below or obtain one prior to their start date. Continued certification is required as a condition of employment: CASP+ CE, CCNP Security, CISA, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, GCED, GCIH
Demonstrated expertise in the Incident Response Lifecycle and how it applies to cloud, legacy and hybrid environments
Demonstrated experience with cloud computing technologies to include Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Identity as a Service (IDaaS)
Demonstrated expertise in traditional computing technologies architecture, design and security
Demonstrated proficiency in using Endpoint Detection and Response (EDR) platforms (e.g. Microsoft Defender for Endpoint, Elastic Defend, CarbonBlack)
Demonstrated proficiency in using Security Information and Event Management (SIEM) platforms (e.g. Splunk, Elastic, ArcSight)
Demonstrated proficiency in using Security Orchestration and Automation (SOAR) platforms (e.g. ServiceNow, Sentinel, Splunk SOAR, IBM QRadar)
Ability to analyze cyber threat intelligence reporting and understand adversary methodologies and techniques
Knowledge of malware analysis techniques
Knowledge of the MITRE ATT&CK and D3FEND frameworks and their relevancy to cyber incident response
Ability to identify and recommend remediation steps for cyber incidents
Demonstrated proficiency with common digital forensic tools (e.g. Autopsy, Axiom Forensics, KAPE, CyLR, Volatility)
Strong organizational skills
Proven ability to operate in a time sensitive environment
Proven ability to communicate orally and written
Proven ability to brief technical and operational information to senior leadership
Ability to scope and perform impact analysis on incidents
U.S. citizenship required
Active Secret security clearance
Ability to obtain final Top Secret clearance

Preferred

One or more of the following certifications: CCSP, SC-200, 300, and 900, GCLD, GCTD, GCAD
Demonstrated proficiency with Microsoft Azure cloud architecture
Demonstrated proficiency with the Microsoft Defender suite and Kusto Query Language (KQL) analytics
Demonstrated proficiency with using Splunk Enterprise Security and writing Splunk Processing Language (SPL) analytics
Demonstrated experience with Python, PowerShell, and Bash languages
Demonstrated knowledge of network architecture, design and security
Ability to analyze static and dynamic malware analysis reports
Ability to analyze and identify anomalous code as malicious or benign
Ability to write signatures for host and network intrusion detection systems
Ability to identify and recommend relevant telemetry requirements in support of cyber incident response actions
Knowledge of system administration, network, and operating system hardening techniques
Proficiency in performing network packet-level analysis
Demonstrated knowledge on the intersection of on-prem and cloud-based technologies
Demonstrated knowledge of system design and process methodologies
Experience in developing and delivering comprehensive training programs
Experience collaborating with cross functional teams
Experience working in the intra agency environment
Ability to communicate technical concepts to executive level leadership

Benefits

Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

Company

Peraton

twittertwitter
Glassdoor3.6
company-logo
Peraton Fearlessly solving the toughest national security challenges.
dateFounded in 1992
location
Woodbridge, New Jersey, USA
people-size10001+ employees
web-link
https://www.peraton.com/

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Thomas Terjesen
Chief Information Officer
linkedin

Recent News

MarketScreener
Two bidders vie to be project manager of massive FAA US air traffic overhaul
2025-09-25
Benzinga.com
Snowflake Partners With Peraton, Builds AI Fraud Detection Tools To Protect Taxpayer Dollars
2025-09-17
NDTV
Donald Trump's Golden Dome Still Shrouded In Mystery, Even For Its Builders
2025-08-15
Company data provided by crunchbase