Cyber Software Engineer

About Peraton

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees solve the most daunting challenges that our customers face. Visit peraton.com to learn how we're keeping people around the world safe and secure.

About The Role

Peraton seeks a Cyber Software Engineer to support Army Cyber Command Defensive Cyberspace Operations (DCO). Location: Fort Gordon, GA

This is a hands-on, code-forward technical role. The selected candidate will author custom detection analytics and hunt tooling, execute proactive threat hunting operations across the DoDIN-A, and translate threat intelligence into operationalized detection logic - all in direct support of Defensive Cyberspace Operations.

The primary focus of this position is building and executing: writing Python-based analytics, developing Sigma rules, crafting complex SQL queries, and running those signatures against live telemetry to identify adversarial activity that evades traditional security boundaries. The candidate will also query and synthesize reporting from Cyber Threat Intelligence (CTI) repositories - including government, OSINT, and commercial-leased CTI platforms - to source and vector threat hunting analytics. Findings must be documented and communicated at a level suitable for senior leadership and general officer briefings.

Tasks Include:

• Threat Hunting & Detection Engineering
  • Design, build, and implement advanced detection analytics using Python; integrate SQL queries into Python-based logic to correlate real-time telemetry with original threat research and adversarial TTPs as described by MITRE ATT&CK®.
  • Execute proactive cyber threat hunting operations across the DoDIN-A using custom-developed analytics; actively search for and identify adversarial artifacts, anomalies, Indicators of Attack (IOAs), and Indicators of Compromise (IOCs) that evade traditional security boundaries.
  • Translate threat reporting into high-fidelity detection logic; develop and maintain Sigma rules and translate those rules into complex SQL queries tailored to specific data repositories.
  • Develop SIEM-based analytics to identify adversaries' behaviors, goals, and methods; pinpoint gaps within the DoDIN-A security boundary that adversaries may be exploiting.
  • Review and analyze data feeds to ensure relevance and synchronization with DCO priorities.
• CTI Synthesis & Reporting
  • Query and synthesize technical cybersecurity reporting from government, OSINT, IC, and commercial-leased CTI repositories to identify specific technical indicators and behaviors that correlate with assigned ATT&CK Techniques, sourcing and vectoring analytic development.
  • Draft comprehensive operational notes and hunt findings; articulate complex technical data and cybersecurity risks at a level appropriate for senior leadership and general officer briefings.
  • Use advanced data visualization techniques to distill complex technical datasets into clear, actionable presentations for audiences with varied levels of understanding of complex technical topics.
  • Communicate complex cybersecurity insights through briefings, reports, and visualization tools.
  • Create and maintain continuity documents necessary for team members to produce contractual deliverables.

Qualifications

Required:

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD. Will consider 10 years with Associates degree or 12 years with HS.
• Advanced coding fluency in Python, with demonstrated ability to build data-driven security analytics and custom hunt tooling.
• High proficiency in data querying and logic development using SQL, and Sigma rule creation.
• Intimate, practical knowledge of MITRE ATT&CK Enterprise framework and its application in mapping adversarial TTPs to defensive analytics.
• Demonstrated ability to query, navigate, and extract actionable intelligence from CTI repositories - including commercial-leased platforms - to source and inform threat hunting operations.
• Deep understanding of cyber attack vectors, vulnerability exploitation, and network defense principles to support continuous DCO priorities.
• Exceptional professional writing capabilities; must be able to synthesize highly technical hunt findings into clear, concise, and academically rigorous reports for executive-level (Army Cyber Command) consumption.
• Effective communication and collaboration skills to ensure team responsiveness and data feed relevance to DCO priorities.
• Requires at least one of the following: CCNA-Security, CySA+, GICSP, GSEC, Security+, CND, or SSCP.
• Requires at least one of the following: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, or PenTest+.
• U.S. Citizenship required.
• Active TS SCI with the ability to obtain/maintain CI Polygraph and MEAD.
• Flexibility to support surge operations and adapt to rapidly shifting mission requirements as dictated by Army Cyber Command.

Preferred:

• Highly desired: Ability to author solutions within the Microsoft Power Platform - including Power BI dashboards and reports, Power Automate workflows, Power Apps applications, and Power Query (M-code) data transformations - to support operational reporting, data visualization, and workflow automation for leadership consumption.
• Knowledge of data science methodologies - including statistical analysis, anomaly detection, and machine learning - to process large cybersecurity datasets and identify deviations indicative of advanced threats.
• Experience authoring formal, in-depth research papers (college-level or IC analytic publication level) focusing on cybersecurity trends or threat actor profiling.
• Familiarity with Artificial Intelligence (AI) and Large Language Models (LLMs); ability to leverage command-provided AI capabilities to enhance workflows.
• A Master's or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering OR one of the following certifications: CBROPS, CFR, CySA+, GCFA, GCIA, or GICSP.

Details

Target Salary Range: $104,000 - $166,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual's experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

Benefits Statement: Peraton offers eligible employees a variety of benefits including medical, dental, vision, life, health savings account, short/long term disability, EAP, parental leave, 401(k), paid time off (PTO) for vacation, and company paid holidays. A full listing of available benefits can be viewed at https://www.careers.peraton.com/benefits.

Application Statements: The application period for the job is estimated to be 30 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.

EEO:Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.