SOC Analyst (Tier 2)

Valiant Solutions is seeking a SOC Analyst (Tier 2) to join our rapidly growing and innovative cybersecurity team!

Candidates will join a fast-paced and creative team of SOC Analysts, Incident Response engineers, Threat Hunters, and Forensic Analysts focusing on the identification, interrogation, exploitation, and reporting of incidents for the enterprise.   Valiant Solutions is a company that cares about its employees- we've been named one of the Best Places to Work in the Washington DC area TEN years in a row!  If you are interested in learning more about Valiant and this opportunity, we invite you to apply now! 

As a SOC Analyst (Tier 2) you and the team will be responsible for manning a 24x7x365 coordination center and responding to alerts, notification, communications and providing incident response activities.  The candidate will be responsible for supporting daily SOC operations including but not limited to: Alert analysis / triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, understanding of SOC operations requirements and policies.  The SOC analysis tasks will be end-to-end including the network, underlying servers and infrastructure (physical and virtual) as well as the application.  Candidates will be required to perform SOC triage and response analysis uncovering attack vectors involving a variety, malware, data exposure, and phishing and social engineering methods.  The successful candidate must have a strong understanding of SIEM and endpoint security tools used to source many of the alerts.

This position allows for 100% remote work. Remote work necessitates a high-level trust in our employees and we strictly adhere to the details found below in our Remote Work Policy. 

Candidates will be required to demonstrate proficiency in SOC operations and provide examples of how they process events.  Interview will also focus on conceptual and procedural methodologies used to evaluate logical, physical and technical systems compromise. Candidates' understanding of malware analysis, advanced persistent threat, infection vectors and defense strategies will be heavily focused on during the screening process. Additional emphasis will be placed on the candidate’s ability to articulate skills gained from experiences participating in incident response, malware analysis, SOC operations and Incident Response.

Required Experience / Skills:

• Minimum of eight (8) years technical experience 
• 5+ years of SOC
• 2+ years of rule development and tuning experience
• Desired: 1+ years Incident response
• Experience supporting 24x7x365 SOC operations including but not limited to: Alert and notification activities-  analysis / triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents
• Support alert and notification triage, review/analysis through resolution / close
• Manage multiple tickets / alerts in parallel including end user coordination
• Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response
• Demonstrated proficiencies with one or more toolsets such as Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana
• Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs)
• In-depth experience with processing and triage of Security Alerts; from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources
• Demonstrated experience with triage and resolution of SOC tasks; including but not limited to: vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis
• Demonstrated experience and understanding of event timeline analysis and correlation of events between log sources
• Demonstrated experience of the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools
• Demonstrated proficiencies with an enterprise SIEM or security analytics solution including the Elastic Stack or Splunk.
• Solid understanding and experience analyzing security events generated from security tools and devices not limited to: Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC
• Experience and solid understanding of Malware analysis
• Understanding of security incident response processes

Required Certifications: One of the following certifications is required:

• GIAC-GCIH – Global Certified Incident Handler
• GIAC-GCFE - Global Information Assurance Certification Forensic Examiner
• GIAC-GCFA - Global Information Assurance Certification Forensic Analyst
• GIAC-GREM -  GIAC Reverse Engineering Malware
• GIAC-GNFA - GIAC Network Forensic Analyst
• GIAC-GCTI - GIAC Cyber Threat Intelligence
• GIAC-GPen – GIAC Certified Penetration Tester
• GIAC-GWAPT – GIAC Certified Web Application Penetration Tester
• CEPT - Certified Expert Penetration Tester (CEPT)
• CASS - Certified Application Security Specialist (CASS)
• CWAPT - Certified Penetration Tester (CWAPT)
• CREA - Certified Reverse Engineering Analyst (CREA)
  
  

Responsibilities:

• Working hours: 8:45 AM - 5:15 PM Eastern Time
• Participate in a rotating SOC on-call; rotation is based on number of team members
• Provide first line SOC support with timely triage, routing and analysis of SOC tasks
• Produce and review aggregated performance metrics
• Participate in on-call rotation for after-hours security and/or engineering issues
• Participate in the increase of effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions
• Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods
• Work directly with Security and SOC leadership on cyber threat intelligence reports to convert intelligence into useful detection
• Participate in on-call rotation for after-hours security and/or engineering issues
• Collaborate with incident response team to rapidly build detection rules as needed
• Responsible for supporting 24x7x365 SOC operations including but not limited to: Alert and notification activities-  analysis / triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported Incidents 
• Perform analysis across all security tools uncovering attack vectors involving a variety, malware, data exposure, and phishing and social engineering methods
• Monitoring/triage security events received through alerts from SIEM or other security tools; escalate and support to IR as appropriate
• IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarmsReview and reporting on anomalous patterns (Hunting) across all security tools / SIEM
• Develop in depth understanding of customer and SOC operations requirements and policies
• Ensure reports are properly entered into the tracking system
• Perform customer security assessments
• Supporting incident response or remediation as needed
• Participate and develop and run table top exercises
• Perform lessons learned activities
• Supporting ad-hoc data and investigation requests
• Composing reports, updates, security alert notifications or other artifacts and documents as needed

About Valiant Solutions

Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. We are a HUBZone small business and we encourage all candidates who live in a HUBZone to apply. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you’ll learn to think quickly on your feet and expand your own personal and professional skill set. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect – and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today.

Benefits Snapshot (includes, but not limited to)

Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees

Valiant contributes 25% towards Health Coverage for Family and Dependents

100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees

100% Paid Certifications

401K Matching up to 4%

Wellness & Fitness Program

Paid Time Off

Paid Time On – 40 hours to pursue innovation

Valiant University – Online Education and Training Portal

Reimbursement for Public Transit and Parking

FSA programs for: Medical Costs, Dependent Care, Transit, and Parking

Referral Bonuses

The salary range for this position is a general guideline and not a guarantee of compensation or salary. It has been benchmarked in relation to the scope of the role, market rate, and internal equity. The salary for this role is expected to be in the $91,000 - 139,000 range. Where a candidate falls within the band can be determined based on one or more of the following: skillset, experience level, achievements, education, geographic location, security clearance, involvement in corporate tasks, and other non-discriminatory factors. In addition to the base salary, this role will include benefits as described above.  Valiant reserves the right to adjust the salary range, experience requirements, and position responsibilities at any time without prior notice. 

Remote Work Policy 

Remote work necessitates a high level of trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention and availability to their job duties during working hours, and maintain a schedule during core business hours that align with those of their coworkers and Valiant's clients. In alignment with Valiant's inclusive and engaging environment, cameras are encouraged and can be required to be on during virtual video conferences. Additionally, in alignment with the Office of the Inspector General’s effort to eliminate conflicting employment, all Valiant employees are required to disclose any current or future outside employment engagements. During onboarding and throughout employment, employees must disclose any current activities or intent to engage in outside employment or other professional activities and obtain written approval.  Employees may not solicit or conduct any outside business during core business hours for Valiant Solutions and our clients.

Equal Employment Opportunity

Valiant Solutions is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex (including pregnancy, sex stereotyping, gender identity, gender expression or transgender status), religion, age, marital status, sexual orientation, military/veteran status, physical or mental disability, genetic information/history or any other personal characteristic protected by law.

Physical Demands

Sitting or standing at a desk for prolonged periods of time and consistent operation of a computer. Frequent communication and exchanging of accurate information via electronic communication, phones, and in person. Occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

Authorization to Share Resume and Personal Information

By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as, personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.