Digital Forensics Incident Response (DFIR) Engineer

Job Locations US-Remote / Telework | US-TX-Fort Worth | US-MO-Kansas City | US-CO-Denver | US-DC-Washington
Job ID 2022-4158
Type
Regular Full-Time

Position Description

Do you have a strong background in Incident Response, Forensics,  Threat Hunt combined with AWS?

Valiant Solutions is seeking a Digital Forensics / Incident Reponse Engineer with strong AWS experience to join our rapidly growing team. Valiant Solutions is a Cybersecurity company delivering cutting-edge security solutions to our Government clients.  This is your chance to work with a wide range of technologies for a company that cares about its employees- Valiant has been named one of the Best Places to Work in the DC area EIGHT years in a row!   If you’ve got that ‘can-do’ attitude and possess the skills below, we’d love to talk to you about this exciting opportunity.

In this role the successful candidate will work closely with a Data Scientist to develop custom visualizations and alerting to support critical government systems. The successful candidate will also plan and execute threat hunt operations leveraging logging data and tooling integrated with these mission-critical systems. This hybrid role involves the analyst working with existing data to identify threats and threat attack vectors, and also working to implement data visualizations and threat detection logic to increase our client’s security posture.

This is an exciting role for someone who is passionate about new technologies, and continuously finding new ways to keep up with the adversary. In this position you will directly work with our client’s, organizing routine briefings, gathering requirements, and finding new ways to improve monitoring and detection. This role is equally about monitoring and hunting for threats AND tuning detection, alerting, and visualization mechanisms in support of said monitoring.

Requires US Citizenship with the ability to pass a federal security background investigation to obtain a security badge.

 

This position allows for 100% remote work.  Remote work necessitates a high-level trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention to their job duties during working hours, and maintain a schedule during normal business hours that overlaps with those of their coworkers and Valiant's

 

Responsibilities

  • Conducts Tier 3 SOC monitoring of Machine Learning Models and data visualizations
  • Researches, develops, and monitors custom visualizations
  • Researches, analyzes, and writes documents such as cybersecurity briefings for all levels of stakeholders from Tier 1-3 SOC, security engineering and executives
  • Tunes and develops SIEM correlation logic for threat detection
  • Ensures documentation is accurate, complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style. 
  • Ensures content is developed in an appropriate style for the intended audience to include presentations, bulletins, white papers, memos, policies, briefings, and other products. 
  • Acquires subject knowledge by collaborating with analysts and engineers.
  • Assists in coordinating projects from the planning stage, provides additional or missing materials, and edits for content format, flow, and integrity.
  • Researches topics and collaborate stakeholders to understand communication product requirements; analyzes business problems and helps prescribe communication solutions.
  • Deep understanding of Cyber Threat TTPs, Threat Hunt and the application of the Mitre Attack framework
  • Perform Cyber Threat Assessment and Remediation Analysis
  • Processing, organizing and analyzing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data
  • Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities including but not limited to: Insider Threat, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts to support testing, monitoring and protecting the enterprise
  • Investigate network and host detection and monitoring systems to advise engagement processes
  • Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions

 

Qualifications / Required Skills

  • 5+ years of specialized experience in incident response, management of the APT, forensic analysis, and handling of evidentiary data
  • Bachelor’s Degree or additional 3 years of related experience
  • 'Hands-on keyboard' AWS implementation experience across a broad range of AWS services.
  • Must have in-depth AWS services (Containerization - Docker, Amazon EKS, Lambda, EC2, S3, databases, PostgreSQL)
  • Strong knowledge of DevOps and CI/CD pipeline (GitHub, Jenkins, Artifactory)
  • Experience with core AWS platform architecture, including areas such as:  Organizations, Account Design, VPC, Subnet, and segmentation strategies. 
  • CloudFormation and third-party automation approach/strategy
  • Public cloud automation tooling and scripting experience – CFn, Terraform, Ansible, Puppet, Jenkins.
  • Familiar with Encryption, Logging, and Privacy/Security Protocols (e.g. TLS 1.2, ELK stack)
  • Good knowledge of REST/SOAP/JSON web service API implementation
  • Ability to identify malware characteristics and conduct reverse engineering in x86 and x64 assembly
  • Ability to demonstrate and conduct Windows memory forensics techniques to analyze malware threats.
  • Strong knowledge in malware code and behavioral analysis.
  • Working knowledge in SIFT, REMnux, or other similar frameworks.
  • Experience in Presentation and Reporting of Evidence and Analysis
  • Experience in File System Timeline Analysis
  • Experience in Live Incident Response and Volatile Evidence Collection
  • Experience in Advanced Windows Registry Analysis
  • Experience in Forensic Imaging and Filesystem Media Analysis
  • Experience performing IR, Forensics, and Post mortem reports in cloud environments (AWS especially).
  • Experience performing Advanced Network Event and Protocol analysis and timeline reconstruction
  • Valiant Solutions is a federal contractor and this position is subject to the COVID-19 Vaccine Mandate as a condition of employment.  All applicants must be fully vaccinated for COVID-19 with a Food and Drug Administration (FDA) authorized or FDA-approved COVID-19 vaccine OR must have an approved reasonable accommodation granting an exemption from vaccine requirements. See below for more details.

 

Preferred Certifications:

o AWS Solution Architect 

o SANS GIAC Certified Incident Handler (GCIH)

o SANS GIAC Certified Intrusion Analyst (GCIA)

o SANS GIAC Network Forensics Analyst (GNFA)

o SANS GIAC Certified Enterprise Defender (GCED)

o SANS GIAC Reverse Engineering Malware (GREM)

o Carnegie Melon Certified Computer Incident Handler (CSIH)

o IACIS Certified Forensic Computer Examiner (CFCE)

o ISFCE Certified Computer Examiner (CCE)

 

About Valiant Solutions:

Valiant Solutions is a security-focused IT solutions provider with both public and private sector clients nationwide. We are a HUBZone small business and we encourage all candidates who live in a HUBZone to apply. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you’ll learn to think quickly on your feet and expand your own personal and professional skillset. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect – and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today.

 

Benefits Snapshot (includes, but not limited to):

Valiant pays 99% of the Medical, Dental, and Vision Coverage for FTE

Valiant contributes 25% towards Health Coverage for Family and Dependents

100% Paid Short Term Disability and Life Insurance Policy for FTE

100% Paid Certifications

Wellness & Fitness Program

401K Matching up to 4%

Paid Time Off

Paid Time On – 40 hours to pursue innovation

Valiant University – Online Education and Training Portal

Reimbursement for Public Transit and Parking

FSA programs for: Medical Costs, Dependent Care, Transit, and Parking

Referral Bonuses

 

Vaccination Mandate:

In accordance with Executive Order 14043, Federal employees and contractors are required to be fully vaccinated against COVID-19 regardless of the employee's duty location or work arrangement (e.g., telework, remote work, etc.), subject to exceptions that may be required by law. If selected, you will be required to submit proof of vaccination by November 22, 2021 or before your entrance on duty if you are selected after the compliance date. Human Resources will provide information for providing proof of vaccination and instructions for how to submit a request for a legally required exception, if needed, to comply with vaccination requirements.

 

Equal Employment Opportunity:

Valiant Solutions is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex (including pregnancy, sex stereotyping, gender identity, gender expression or transgender status), religion, age, marital status, sexual orientation, military/veteran status, physical or mental disability, genetic information/history or any other personal characteristic protected by law.

 

Physical Demands

Must be able to remain in a stationary position 50% of the time and also be able to occasionally move about inside the office to access file cabinets, office machinery, etc.

Must be able to constantly operate a computer and other office productivity machinery, such as a copy machine, and computer printer.

Must be able to communicate, detect, converse with, discern, convey, express one self, and exchange information visually and verbally.

Must be able to occasionally bend and lift files and papers up to 10 pounds throughout the office space for events and meetings.

 

Work Environment:

Individual's primary workstation is located in an office area

The noise level in this environment is low to moderate

 

Authorization to Share Resume and Personal Information:

By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.

 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed