Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Tier 2 Cyber Incident Response Team (CIRT) Shift Lead Jobs

$135k - $216k

Navstar

About Peraton

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees solve the most daunting challenges that our customers face. Visit peraton.com to learn how we're keeping people around the world safe and secure.

Program Overview

Encompasses technical, engineering, data analytics, cyber security, management, operational, logistical, and administrative support for Bureau of Diplomatic Security, Cyber and Technology Security Directorate in three key offices/functional areas: Cyber Monitoring and Operations, Cyber Threat and Investigations, and Technology Innovation and Engineering State.

About The Role

Peraton is seeking an experienced Tier 2 Cyber Incident Response Team (CIRT) Shift Lead to join Peratons' Federal Strategic Cyber Mission program.

Location: Beltsville, MD; On-site

Work Hours: Evening Shift, 14:00- 22:00 EST (2:00 - 10:00 PM, EST), Tuesday - Saturday

In this role, you will:
  • Detect, classify, process, track, and report on cyber security events and incidents.
  • Perform advanced in-depth analysis of coordinated Tier 1 alert triage and requests in a 24x7x365 environment.
  • Analyze logs from multiple sources (e.g., host logs, EDR, firewalls, intrusion detection systems, servers) to identify, contain, and remediate suspicious activity.
  • Characterize and analyze network traffic to identify anomalous activity and potential threats.
  • Protect against and prevent potential cyber security threats and vulnerabilities.
  • Perform forensic analysis of hosts artifacts, network traffic, and email content.
  • Analyze malicious scripts and code to mitigate potential threats.
  • Conduct malware analysis to generate IOCs to identify and mitigate threats.
  • Collaborate with Department of State teams to analyze and respond to events and incidents.
  • Monitor and respond to the CIRT Security Orchestration and Automation Response (SOAR) platform, hotline, email in-boxes.
  • Create tickets and initiate workflows as instructed in technical SOPs.
  • Coordinate and report incident information to the Cybersecurity and Infrastructure Security Agency (CISA).
  • Collaborate with other local, national and international CIRTs as directed.
  • Submit alert tuning requests.
Additionally, as a Tier 2 Shift Lead you will:
  • Review all Tier 2 shift tickets for accuracy and completeness
  • Coordinate with CIRT Watch Officers and government leadership on remediation actions
  • Provide technical and procedural improvement recommendations to CIRT leadership
  • Assist with Tier 2 candidate technical interviews as required
  • Ensure coordinated remediation actions are operating properly
Qualifications

Minimum Qualifications
  • Bachelor's degree and minimum of 11 years of relevant experience; or, Master's degree with minimum of 9 years; or PhD with 6 years.
  • Must possess, or obtain prior to start date, at least one of the following certifications. Continued certification is required as a condition of employment:
    • CASP+ CE, CCISO, CCNA Cyber Ops, CCNA Security, CCNP Security, CEH, CFR, CISA, CISM, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, Cloud+, CySA+, GCED, GCIA, GCIH, GICSP, GSLC, SCYBER.
  • Demonstrated experience across the incident response lifecycle.
  • Experience with SOAR platforms and automated response workflows (e.g., ServiceNow, Splunk SOAR, Microsoft Sentinel).
  • Experience with Security Information and Event Management (SIEM) platforms (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar).
  • Experience with Endpoint Detection and Response (EDR) solutions (e.g., Microsoft Defender for Endpoint, Elastic XDR, Carbon Black, CrowdStrike).
  • Knowledge of cloud security monitoring and incident response.
  • Knowledge of integrating indicators of compromise (IOCs) and tracking advanced persistent threat (APT) actors.
  • Ability to analyze cyber threat intelligence and understand adversary tactics, techniques, and procedures (TTPs).
  • Knowledge of malware analysis techniques.
  • Familiarity with MITRE ATT&CK and D3FEND frameworks.
  • U.S. Citizenship required.
  • Active Secret security clearance required at start.
Preferred Qualifications:
  • Proficiency with Splunk for security monitoring, alert creation, and threat hunting.
  • Experience using Microsoft Azure access and identity management.
  • Proficiency in Microsoft Defender for Endpoint and Identity for security monitoring, response, and alert generations.
  • Experience using digital forensics collection and analysis tools (e.g. Autopsy, Axiom MagnetForensics, Zimmerman-Tools, KAPE, CyLR, Volatility).
  • Experience using ServiceNow SOAR for ticketing and automated response.
  • Experience using Python, PowerShell and BASH scripting languages.
  • Proficiency in cloud security monitoring and incident response.
  • Demonstrated ability to perform static/dynamic malware analysis and reverse engineering.
  • Experience with integrating cyber threat intelligence and IOC-based hunting.
  • Technical certifications such as: Azure SC-900, CCSP, GCIH, CCSK, GSEC, CHFI, GCLD, GCIA.
  • Advanced technical certifications such as: SecurityX/CASP+, PRMP, GREM, GEIR, GNFA, or GCFA.
Details

Target Salary Range: $135,000 - $216,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual's experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

Benefits Statement: Peraton offers eligible employees a variety of benefits including medical, dental, vision, life, health savings account, short/long term disability, EAP, parental leave, 401(k), paid time off (PTO) for vacation, and company paid holidays. A full listing of available benefits can be viewed at

Application Statements: The application period for the job is estimated to be 30 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates. By applying to this job, you are expressing interest in the role and the Company. During the review of your application, you may be required to participate in an on-camera interview, as well as participate in a process to verify your identity.

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.
Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the Tier 2 Cyber Incident Response Team (CIRT) Shift Lead Jobs in Beltsville, MD vacancy
  • $140k - $160k

    Tier 2 Shift Lead - Cyber Incident Response Team Location: Beltsville, MD (onsite). Shift Time: Tuesday - Saturday, 2 pm - 10 pm. Employment Status: Contingent...  ...to events and incidents. Monitor and respond to the CIRT SOAR platform, hotline, and email inboxes. Create... 
    Shift work
    Cyber
    Temporary work
    Local area
    Remote work
    All shifts
    Flexible hours

    Skyepointdecisionsinc

    Laurel, MD
    15 hours ago
  • $75k - $85k

     ...Hours: Evening Shift, 1400 - 2200...  ...encompasses cyber security, data...  ...events and incidents. Perform advanced...  ...coordinated Tier 1 alert...  ...Department of State teams to analyze...  ...to the CIRT Security Orchestration...  ...Automation Response (SOAR)...  ...and at least 2 years of experience... 
    Cyber
    Full time
    Interim role
    Local area
    Afternoon shift

    Twenty8tech

    Beltsville, MD
    6 hours ago
  • Skyepointdecisionsinc is hiring a Tier 2 Shift Lead for their Cyber Incident Response Team. The successful candidate will be responsible for managing cybersecurity events, conducting detailed incident analysis, and collaborating with government teams on remediation efforts... 
    Shift work
    Cyber

    Skyepointdecisionsinc

    Laurel, MD
    15 hours ago
  • Tyto Athene is searching for a Tier 2 Incident Response Analyst (IR) to support a law enforcement...  ..., and investigating potential cyber threats. As a SOC team member, you will also serve as the...  ...client site at least 2 days per week. Shift Fri Night - Sat Morning 10pm - 10am... 
    Shift work
    Cyber
    Part time
    Night shift
    Weekend work
    Day shift
    2 days per week

    Tyto Athene, LLC

    Washington DC
    3 days ago
  • A cybersecurity firm is looking for a Tier 2 Incident Response Analyst to support law enforcement in Washington, DC. You will monitor security tools, triage alerts, and investigate cyber threats. Ideal candidates have six years in cybersecurity, preferably three in SOC... 
    Cyber

    Tyto Athene, LLC

    Washington DC
    3 days ago
  • $80k - $128k

    Responsibilities Peraton is seeking an experienced CIRT Tier 1 Analyst to join Peratons' Federal...  ...Strategic Cyber Mission program...  ...security events and incidents. Perform...  ...with Department teams as needed to analyze...  .... Conduct shift change briefs....  ...degree and at least 2 years of... 
    Shift work
    Cyber
    Contract work
    Local area

    Peraton

    Beltsville, MD
    3 days ago
  • Tyto Athene, LLC in Washington is searching for a Tier 3 Digital Forensics and Incident Response Analyst. In this role, you will lead cross-functional teams in analyzing major cybersecurity incidents and serve as the primary contact for escalation issues. The ideal candidate... 
    Cyber

    Tyto Athene, LLC

    Washington DC
    1 day ago
  • Peraton is seeking a Cyber IT Specialist for 2nd shift in Beltsville, MD. The role requires IT operations...  ..., and the ability to coordinate incident response while ensuring data integrity. Candidates...  ...ticketing in ServiceNow, and cross-team collaboration to resolve outages.... 
    Shift work
    Cyber
    Afternoon shift

    Peraton

    Beltsville, MD
    6 hours ago
  • $155k - $165k

     ...Athene is searching for a Tier 3 Digital Forensics and Incident Response Analyst . You will play...  ...to incidents from cyber threats facing our clients...  .... Responsibilities: Lead cross‑functional teams to perform in-depth analysis...  ...to Tier 1 and Tier 2 SOC Analysts to... 
    Cyber

    Tyto Athene, LLC

    Washington DC
    2 days ago
  •  ...Incident Response Lead ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity...  ...Perks: As recognized members of the Cyber Elite, we work together in partnership...  ...are committed to the belief that our team members do their best work when they are... 
    Cyber
    Contract work

    Navstar

    Washington DC
    3 days ago
  • $100k - $120k

    Sr. Cybersecurity Incident Response Specialist Job Category : IT/...  ...now Posted : July 2, 2026 Full-Time...  ...DC, USA Pay or shift range: $100,000 USD...  ...of the SOC team which provides 24...  ...and responding to cyber incidents across...  ...briefings. Ability to lead investigations,... 
    Shift work
    Cyber
    Full time
    Contract work
    Work at office
    Local area

    Bering Straits Native Corporation

    Washington DC
    1 day ago
  • $110k - $130k

     ...., (Devis) is a leading provider of innovative...  ...sector. Job Overview The SOC / Incident Response Lead serves as...  ...responsible for leading Tier 1 detection and triage and Tier 2/3 forensics,...  ...hunting, and cyber threat...  ...Incident Response Team and ensure proper... 
    Cyber
    Full time
    Work at office
    Monday to Friday

    Development InfoStructure

    Bethesda, MD
    12 days ago
  • $83.5k - $87.5k

    Overview The Cyber Incident Response Analyst role is pivotal in reinforcing...  ...cases to specialized teams (e.g., Threat Hunting,...  .... Participate in shift synchronization...  ...practices. Additional (2) two years of experience...  ...Duties Please note this job description is not designed... 
    Shift work
    Cyber
    Temporary work
    Work at office
    Local area
    Flexible hours

    Cayuse Holdings

    Washington DC
    4 days ago
  •  ...Beltsville, MD, to support the DSCM program spanning cyber security and data analytics. You will detect,...  ...threats. The role requires experience in incident response, SIEM/EDR tools, cloud security, and collaboration with DOS teams and CISA. An Interim Secret clearance is... 
    Cyber
    Full time
    Interim role
    Afternoon shift

    Twenty8tech

    Beltsville, MD
    1 day ago
  •  ...Key Responsibilities War‑Room Facilitation: Structure...  .../facilitate major incident bridges; maintain...  ...Continuity, and SOC/Cyber IR where service...  ...execution across shifts/teams. Mentoring: Coach...  ...Demonstrated ability to lead multiple...  ...promoting for all job classifications is... 
    Shift work
    Cyber
    Contract work
    Work experience placement
    Work at office

    ASM Research, An Accenture Federal Services Company

    Washington DC
    1 day ago
  •  ...The Incident Response Coordinator supports the end-to...  ...communication among technical teams, vendors, and...  ...engage infra/app/cyber/vendor...  ...status pages); manage shift handoffs and continuity...  ...Improvement: Help lead PIRs; identify...  ...promoting for all job classifications is... 
    Shift work
    Cyber
    Contract work
    Work experience placement
    Work at office

    ASM Research, An Accenture Federal Services Company

    Washington DC
    3 days ago
  •  ...seeking an  to serve as Tier 2 - Senior Desk...  ...in a senior or lead role. This position...  ...collaboration across IT teams to ensure reliable...  ...:  76,000-85,000 Responsibilities: ~Serve as the...  ...tools to document incidents, resolutions, and...  ...Cloud Solutions, Cyber Security, and IT... 
    Cyber
    Full time
    Remote work

    ActioNet

    Washington DC
    1 day ago
  • $100k - $120k

    Bering Straits Native Corporation is seeking a Sr. Cybersecurity Incident Response Specialist in Washington, DC. This role involves monitoring cyber threats and ensuring the security of networks and systems. The ideal candidate should have a deep understanding of cybersecurity... 
    Cyber

    Bering Straits Native Corporation

    Washington DC
    1 day ago
  • Incident Response Analyst (Task 4 - Federal Cybersecurity Contract) Location...  ...multiple federal cybersecurity teams. The ideal candidate has...  ...playbooks. Required Qualifications 2-5+ years of experience in...  ...and camera‑enabled participation. #J-18808-Ljbffr Cyber Synergy
    Cyber
    Full time
    Contract work
    Remote work
    Monday to Friday

    Cyber Synergy

    Washington DC
    3 days ago
  • Tyto Athene is seeking a Tier 3 Digital Forensics and Incident Response Analyst in Washington, D.C. You will be pivotal in analyzing high-priority cybersecurity...  ...SOC analysts, and coordinating with various teams for effective incident management. This hybrid role requires... 

    Tyto Athene

    Washington DC
    1 day ago
  • $140k - $170k

     ...Principal/Cybersecurity & Incident Response Boston, MA, United...  ...States CRA is a leading global consulting...  ...cross-trained teams of forensic...  ...in the forensic & cyber investigations space...  ...following - NIST CSF 2.0, HIPAA, ISO 270...  ...apply for available jobs. Career Growth and... 
    Cyber
    Work at office
    Local area
    Remote work
    Work from home
    3 days per week

    Charles River Associates

    Washington DC
    1 day ago
  • $55.7k - $82.1k

     ...The Cybersecurity Incident Response Engineer, Jr. monitors enterprise...  ...violations. Perform Tier 1 alert triage by...  ..., operations, and risk teams to align monitoring and...  ...environment, including shift work and effective handoff...  ...and promoting for all job classifications is done... 
    Shift work
    Contract work
    Work at office

    ASM Research, An Accenture Federal Services Company

    Washington DC
    6 days ago
  • Wilson Elser is seeking a Cyber Incident Response Associate Attorney in Washington, D.C. to handle incident response for cybersecurity and data...  ...research and writing abilities. A fast-paced environment and team-centric approach are essential, with hybrid working arrangements... 
    Cyber

    Wilson Elser Moskowitz Edelman & Dicker LLP

    Washington DC
    1 day ago
  •  ...seeking an experienced security professional in Washington, DC to lead incident response, triage threats, and coordinate containment and recovery....  ...technical reports and collaborate with cross-functional teams while supporting compliance with federal cybersecurity standards... 
    Cyber

    Omniscius Consulting

    Washington DC
    4 days ago
  • $83.5k - $87.5k

    Cayuse Holdings is seeking a Cyber Incident Response Analyst in Washington, DC to enhance the cybersecurity framework. This role involves case management...  ...and CompTIA Security+ certification, with between 0-2 years of experience. The Analyst will work in a professional... 
    Cyber

    Cayuse Holdings

    Washington DC
    4 days ago
  •  ...cybersecurity consulting firm is seeking an Incident Response Analyst to support incident management...  ...coordination with federal cybersecurity teams. Ideal candidates will have experience...  ...occasional on-site duties in the Washington, D.C. area. #J-18808-Ljbffr Cyber Synergy
    Cyber
    Remote job

    Cyber Synergy

    Washington DC
    3 days ago
  •  ...Washington, DC to monitor and manage security incidents. The ideal candidate will have 4 years...  ...and Splunk. This role involves leading incident responses, conducting vulnerability analysis,...  ...1k matching, and paid leave. Join our team to make a difference in the tech world... 
    Cyber

    Nava

    Washington DC
    2 days ago
  • Vosper Thornycroft Group (VTG) is seeking an Associate Cyber Security Analyst to provide incident response and compliance support to NAVSEA CPRC at the...  ...Bachelor's in Computer Science or Cyber Security and 0-2 years of related experience, with knowledge of DoD/DoN... 
    Cyber

    Vosper Thornycroft Group

    Washington DC
    5 hours ago
  • $60k - $100k

     ...cybersecurity operations and a bachelor's degree in a related field. The role involves leading incident response efforts, documenting actions, and collaborating with technical teams to enhance security across multiple environments. Competitive salary range from $60,000... 
    Cyber

    Maximus

    Washington DC
    4 days ago
  • Cayuse is hiring a Cyber Incident Response Analyst in Washington, DC. This role is critical for reinforcing the client’s cybersecurity framework...  ...categorize incidents, and collaborate closely with various teams while maintaining high-quality customer service. Candidates... 
    Cyber

    UNAVAILABLE

    Washington DC
    10 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Tier 2 Cyber Incident Response Team (CIRT) Shift Lead Jobs. Be the first to apply!