Incident Commander / Tier 2 SOC Engineer

Job Locations US-DC-Washington | US-Remote / Telework
Job ID 2022-4140
Type
Regular Full-Time

Position Description

Valiant Solutions is seeking an Incident Commander/Tier 2 to join our rapidly growing team in Washington DC working the day shift hours from 8-5 (M-F) with remote work 4 days and onsite 1 day a week.

 

Candidates will join a fast-paced and creative team of incident response engineers, threat hunters, and forensic analysts focusing on the identification, interrogation, exploitation, and reporting of incidents for the enterprise. Valiant Solutions is a rapidly growing small business that cares about its employees- we've been named one of the Best Places to Work in the DC area EIGHT years in a row

 

This position is based in the Washington DC area, currently with partial remote flexibility, but this candidate must be flexible to client needs and understand that they may required to be onsite full time instead of remote work at any time. Remote work necessitates a high-level trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention to their job duties during working hours, and maintain a schedule during normal business hours that overlaps with those of their coworkers and Valiant's.

 

Position Description: As a Tier 2 Incident Commander, you and your team will be responsible for manning a 24x7x365 coordination center and responding to escalated alerts, notifications, communications, and providing incident response activities such as tracking the incident, and communication with stakeholders, remediation and recovery actions and reporting.  Ensure reports are properly entered into the incident tracking system and will coordinate with the reporting entity to gain a full understanding of the event and details.  Expected to have knowledge of cybersecurity incidents, anomaly analysis, log analysis, digital forensics, common threat vectors and be able to comprehend reports and determine what additional action and response activities may be required to resolve an incident. Follow established SOPs, policies and other procedures for escalation and notification of Federal Leadership and reporting. The ideal candidate must have a strong understanding of Splunk SIEM and supporting forensic tools.

 

Responsibilities:

  • Perform incident response analysis uncovering attack vectors involving a variety, of malware, data exposure, and phishing and social engineering methods  
  • Participate in the remediation of incidents and responses that are generated from live threats against the enterprise
  • Record and report all incidents per Federal policy, department policy, and legislation
  • Create and track network incidents and investigations through completion
  • Serve as a point person for Incident Management; providing coordination and assignment of activity for all entities party to incident response event
  • Monitor security events received through alerts from SIEM or other security tools
  • Revise alerts escalated by end-users
  • Carry out Level 2 triage of incoming Incidents (initial IR assessment of the priority of the event, initial determination of incident nature to determine risk and damage, or appropriate routing of security or privacy data request)
  • Manage assigned ticket queues (ServiceNow & RSA Archer) to ensure that tickets are being actively worked on and assist analysts as needed to close tickets out ASAP
  • Review and recommend technical, process, and physical controls
  • Supports/develops reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations
  • Support forensic investigators and application security analysts in reactive and proactive Threat Hunting engagements, performing endpoint, network, and log analysis
  • Present briefs to the client 
  • Will report to the both Incident Commander/Tier 3 and SOC Manager as needed

 

Qualifications:

  • 5+ years of relevant work experience or a Bachelor’s Degree with 2+ years of relevant experience
  • US Citizenship and must be able to pass a background investigation (up to Top Secret)
  • MUST HAVE one of the following ACTIVE certifications: CISSP, GCIH, or CASP+
  • Excellent organizational, verbal, presentation/facilitation, and written communication skills. Comfortable presenting briefings to the client.
  • Demonstrate proficiency in the Incident Response Process as well as the performance of threat hunting and SOC operations
  • IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms
  • Good understanding of system log information and what it means, where to collect specific data/attributes as necessitated per Incident Event (host, network, cloud, etc)
  • Strong understanding of enterprise networking (host-based firewalls, anti-malware, HIDS, IDS/IPS, proxy, WAF), Windows and Unix/Linux systems’ operations, TCP / IP protocols,
  • Experience providing analysis and trending of security log data
  • Experience creating and tracking investigations to resolution
  • Experience with vulnerability scanning tools such as Tenable Nessus, Tenable.IO, Tenable.SC, QualysGuard, etc
  • Experience with Endpoint security solutions, including but not limited to: FireEye Solutions, Antivirus Solutions, and EDR Tools
  • Understanding of compliance or regulatory frameworks (I.e. FISMA, NIST, ISO)
  • Solid understanding of the application, database, authentication, and network security principles; able to demonstrate: how network services and protocols interact to provide communications, evidence recovery techniques, log data analytics, Incident categories, IR event handling methodologies, intrusion detection systems, network protocol, and packet analysis
  • Understanding of system and application security, systems and network administration, and operating system hardening techniques
  • General cyber-attack stages, profiling techniques, and techniques for detecting host and network-based intrusions
  • Knowledge of evidence recovery techniques, preservation of evidence integrity, and collection of forensically sound collection of images, logs, and other critical components in order to discern possible mitigation/remediation of systems
  • Ability to perform or direct malware analysis, Threat Hunting, and incident response
  • Understanding of Computer Network Defense (CND) policies, procedures, and regulations
  • Ability to convey complex technical security concepts to technical and non-technical audiences during crisis situations, I.e. executive or board-level presentations
  • Ability to work with or support senior business leaders to understand business objectives/functions, identify risk factors, and communicate effective mitigation strategies
  • Experience composing security alert notifications
  • Ability concisely communicate events of a technical nature to incident responders to assist in the investigation and resolve computer security incidents
  • Need to be able to solve a problem with minimal supervision
  • Valiant Solutions is a federal contractor and this position is subject to the COVID-19 Vaccine Mandate as a condition of employment.  All applicants must be fully vaccinated for COVID-19 with a Food and Drug Administration (FDA) authorized or FDA-approved COVID-19 vaccine OR must have an approved reasonable accommodation granting an exemption from vaccine requirements. See below for more details.

 

About Valiant Solutions:

Valiant Solutions is a security-focused IT solutions provider with both public and private sector clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you’ll learn to think quickly on your feet and expand your own personal and professional skillset. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect – and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today.

 

Benefits Snapshot (includes, but not limited to):

Valiant pays 99% of the Medical, Dental, and Vision Coverage for FTE

Valiant contributes 25% towards Health Coverage for Family and Dependents

100% Paid Short Term Disability and Life Insurance Policy for FTE

100% Paid Certifications

Wellness & Fitness Program

401K Matching up to 4%

Paid Time Off

Paid Time On – 40 hours to pursue innovation

Valiant University – Online Education and Training Portal

Reimbursement for Public Transit and Parking

FSA programs for: Medical Costs, Dependent Care, Transit, and Parking

Referral Bonuses

 

Vaccination Mandate:

In accordance with Executive Order 14043, Federal employees and contractors are required to be fully vaccinated against COVID-19 regardless of the employee's duty location or work arrangement (e.g., telework, remote work, etc.), subject to exceptions that may be required by law. If selected, you will be required to submit proof of vaccination by November 22, 2021 or before your entrance on duty if you are selected after the compliance date. Human Resources will provide information for providing proof of vaccination and instructions for how to submit a request for a legally required exception, if needed, to comply with vaccination requirements.

 

Equal Opportunity Employer:

Valiant Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex/gender, pregnancy, religion, age, marital status, sexual orientation, military/veteran status, disability, genetic information/history or any other personal characteristic protected by law.

 

Physical Demands

Must be able to remain in a stationary position 50% of the time and also be able to occasionally move about inside the office to access file cabinets, office machinery, etc.

Must be able to constantly operate a computer and other office productivity machinery, such as a copy machine, and computer printer.

Must be able to communicate, detect, converse with, discern, convey, express one self, and exchange information visually and verbally.

Must be able to occasionally bend and lift files and papers up to 10 pounds throughout the office space for events and meetings.

 

Work Environment:

Individual's primary workstation is located in an office area

The noise level in this environment is low to moderate

 

Authorization to Share Resume and Personal Information:

By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.

 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed