Cybersecurity Incident Commander

Valiant Solutions seeks an experienced Cybersecurity Incident Commander to direct and manage multiple work streams and resources during/after Incident Response & Recovery engagements. You will be tasked with incident response coordination and project management in a matrixed triage environment, forensic imaging and analysis, breach containment, and infrastructure recovery planning and execution after action reporting and analysis.

Requires eligibility to obtain a Top Secret clearance with SCI.  

This role will often interface with multiple groups, including external agency IR functions, third-party contracting companies, external law firms, etc.), internal direct contract and third-party resources, and customer resources (C-Suite, Legal, Compliance, Risk, Security, Cybersecurity, Auditing, Operations, IT, Call Centers, Communications, Public Relations). Additionally, the Incident Commander will collaborate with Security Operations and Security Engineering practice leaders to evaluate the direction of our offerings, establish ongoing relationships with third parties and clients, and work closely with stakeholders to understand business objectives and advise on security risks/mitigation strategies during incident response work.

Valiant Solutions is a company that cares about its employees- we've been named one of the Best Places to Work in the Washington DC area TEN years in a row!  If you are interested in learning more about Valiant and this opportunity, we invite you to apply now! 

This position allows for 100% remote work. Remote work necessitates a high-level trust in our employees and we strictly adhere to the details found below in our Remote Work Policy. 

Responsibilities: 

• Participate in a rotating on-call; rotation is based on the number of team members.
• Serve as the incident response event point person and liaison to enterprise teams, responding to crisis or urgent situations aimed at mitigating, preparing for, responding to, and recovery systems.
• Coordinate resources, activities, and timelines during security incidents to ensure a unified structured response to incidents (I.e., data breaches, ransomware events, etc.)
• Work under the direction of the Security Operations lead aimed at mitigating, preparing for, responding to, and recovering systems from cyber threats/incidents.
• Conduct initial incident triage, assess the effectiveness of various tactics/strategies, and make rapid decisions on appropriate courses of action.
• Supports/develops reports during and after incidents, which include all actions taken to properly mitigate, recover, and return operations to normal operations
• Review and recommend technical, process, and physical controls to counteract damage from breach events.
• Lead forensic investigators and application security analysts in reactive and proactive Threat-hunting engagements, performing endpoint, network, and log analysis.
• Mentor and grow junior resources to develop additional forensic, response, and threat-hunting capabilities

Qualifications: 

• Minimum of 10+ years of experience within the incident response, cybersecurity, and/or IT risk management arena 
• Bachelor's degree in Computer Science, Information Systems, Mathematics, Engineering, or related degree or an additional three (3) years of relevant experience.
• Leadership experience and high level of confidence with incident response management, i.e., technical recovery, legal or compliance notifications, incident response plan development, forensic investigation, and tabletop testing - required
• Advisory experience in compliance or regulatory frameworks (i.e., FISMA, PCI, GDPR, NIST, ISO)
• Experience owning the critical process steps with incident response: detection, validation, containment, remediation, and communication – for computer-based security events and incidents such as malware infections, potential compromise, Distributed Denial of Service (DDoS), etc.
• Experience driving the strategy for Security Incident and Event Management (SIEM) and overseeing the effectiveness of the technology and process. Involves appropriate tuning, correlation of critical logs, connection to our incident response process, and reporting of relevant metrics.
• Experience responding to critical security incidents and leading escalation teams to close with response, containment, and remediation.
• Experience creating, maintaining, and promoting a set of security operation playbooks with Agilent’s IT teams to effectively trigger and execute the security incident response process.
• Experience managing the current state of logging and monitoring while maintaining a vision of the ideal state and driving a prioritized roadmap to reduce the gaps.
• Experience acting as Information Security & Risk consultant to various IT and business-driven projects and operations.
• Solid understanding of the application, database, authentication, and network security principles; able to demonstrate how network services and protocols interact to provide communications, evidence recovery techniques, log data analytics, Incident categories, IR event handling methodologies, intrusion detection systems, network protocol, and packet analysis
• Understanding of system and application security, systems and network administration, and operating system hardening techniques
• General cyber-attack stages, profiling techniques, and techniques for detecting host and network-based intrusions
• Evidence recovery techniques, Preservation of evidence integrity, and collection of forensically sound collection images, logs, and other critical components to discern possible mitigation/remediation of systems
• Ability to perform or direct malware analysis, Threat Hunting, and incident response
• Understanding of Computer Network Defense (CND) policies, procedures, and regulations
• Ability to convey complex technical security concepts to technical and non-technical audiences during crises, i.e., executive or board-level presentations
• Ability to work with senior business leaders to understand business objectives/functions, identify risk factors, and communicate effective mitigation strategies
• Excellent organizational, verbal, presentation/facilitation, and written communication skills
• All candidates must have US work authorization and the ability to pass a federal background check and credit check. 

Preferred, not required: 

• CISSP, CISM, or equivalent cybersecurity certifications 
• PMP
• At least 8 years of directly related experience in Information Security Threat Management.
• Process management experience with incident response and SIEM.
• Experience with and confidence to develop and socialize security operations playbooks across infrastructure and applications teams in IT.
• Prior experience with Law Enforcement, Forensic / Incident Response Firms, Cyber Insurance providers, Breach Coaches and/or Law Firms

About Valiant Solutions

Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. We are a HUBZone small business and we encourage all candidates who live in a HUBZone to apply. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you’ll learn to think quickly on your feet and expand your own personal and professional skill set. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect – and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today.

Benefits Snapshot (includes, but not limited to)

Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees

Valiant contributes 25% towards Health Coverage for Family and Dependents

100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees

100% Paid Certifications

401K Matching up to 4%

Paid Time Off

Paid Federal Holidays 

Paid Time On – 40 hours to pursue innovation

Wellness & Fitness Program

Valiant University – Online Education and Training Portal

Reimbursement for Public Transit and Parking

FSA programs for: Medical Costs, Dependent Care, Transit, and Parking

Referral Bonuses

Remote Work Policy 

Remote work necessitates a high level of trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention and availability to their job duties during working hours, and maintain a schedule during core business hours that align with those of their coworkers and Valiant's clients. In alignment with Valiant's inclusive and engaging environment, cameras are encouraged and can be required to be on during virtual video conferences. Additionally, in alignment with the Office of the Inspector General’s effort to eliminate conflicting employment, all Valiant employees are required to disclose any current or future outside employment engagements. During onboarding and throughout employment, employees must disclose any current activities or intent to engage in outside employment or other professional activities and obtain written approval.  Employees may not solicit or conduct any outside business during core business hours for Valiant Solutions and our clients.

Equal Employment Opportunity

Valiant Solutions is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex (including pregnancy, sex stereotyping, gender identity, gender expression or transgender status), religion, age, marital status, sexual orientation, military/veteran status, physical or mental disability, genetic information/history or any other personal characteristic protected by law.

Physical Demands

Sitting or standing at a desk for prolonged periods of time and consistent operation of a computer. Frequent communication and exchanging of accurate information via electronic communication, phones, and in person. Occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

Authorization to Share Resume and Personal Information

By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as, personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.