External Job Posting TitleSIEM Analyst
Responsibilities
We are seeking a highly skilled and innovative SIEM Analyst to join our team in the greater DMV area, supporting the Army National Guard.
Responsibilities
- Review complex SIEM events, logs, and alerts; correlate telemetry from network, endpoint, identity, and cloud sources to detect anomalous activity.
- Investigate incidents through multi‑source correlation, timeline reconstruction, enrichment with threat intelligence, and IOC validation.
- Build and update intermediate‑level correlation rules, alert logic, and detection filters to address evolving use cases and improve fidelity.
- Document triage results, maintain investigation records with analytic notes, and categorize incidents per escalation criteria.
- Support tuning by identifying systemic false positives, refining rule parameters, and proposing detection enhancements.
- Collaborate with SOC analysts, threat hunters, cybersecurity engineers, and incident responders to provide technical context and preliminary root‑cause assessments.
- Maintain SIEM dashboards and operational reporting: update visualizations, refine queries, and validate metric accuracy.
- Verify ingestion, parsing, and normalization of log sources; perform data‑quality checks and report visibility gaps for remediation.
- Apply detection playbooks and organizational policies to sustain continuous monitoring across all enclaves.
- Contribute to SIEM operations improvement by refining analytic workflows, updating documentation, and adopting new platform capabilities.
#ENOCS
Qualifications
Qualifications
- 2 years with BS/BA; 0 years with MS/MA; 6 years with no degree
Clearance: Active TS/SCI clearance.
Candidate must meet ONE of the following:
- Bachelor’s degree in Cybersecurity; OR
- Relevant professional certification or equivalent experience (examples: CySA+; GCIA; CEH); OR
- Relevant DoD/military training (example: Splunk Core Certified Power User).
Required experience and skills:
- SIEM, SOC, or security analytics experience with hands‑on alert investigation and correlation responsibilities.
- Proficiency writing and tuning correlation logic/queries in one or more SIEM platforms (e.g., Splunk, Elastic, QRadar, Sentinel) and working knowledge of log formats/normalization.
- Experience with endpoint telemetry, network flows, authentication logs, cloud logs, and threat‑intelligence enrichment.
- Strong incident documentation, analytic writing, and case management skills; ability to produce reproducible investigation artifacts.
- Capability to identify and remediate data‑quality and ingestion issues in coordination with data engineering teams.
Desired:
- Prior DoD/ARNG SOC or classified‑environment SIEM experience.
- Familiarity with MITRE ATT&CK mapping for detection use cases, SOAR integrations, and detection performance metrics (precision/recall, MTTD).
- Experience mentoring junior analysts and contributing to a detection engineering backlog.
#ENOCS
Peraton Overview
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.
