Valiant Solutions is seeking an Incident Response SOC Engineer to join our growing team supporting a large Government client. Valiant Solutions is a rapidly growing Cybersecurity company that cares about its employees- we've been named one of the Best Places to Work in the DC area SIX years in a row! This position can be located in Washington DC, Fort Worth TX, Denver CO or Kansas City MO, and allows for a 60 - 80 telecommute benefit.
Remote work necessitates a high-level trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention to their job duties during working hours, and maintain a schedule during normal business hours that overlaps with those of their coworkers and Valiant's All candidates must have US work authorization with the ability to pass Federal background and credit checks. Responsibilities Candidates will join a fast-paced and creative team of incident response engineers, penetration testers, and forensic analysts focusing on the identification, interrogation, exploitation, and reporting of incidents for the enterprise.
The incident analysis will be end-to-end including the network, underlying servers and infrastructure (physical and virtual) as well as the application. Candidates will be required to perform incident response analysis uncovering attack vectors involving a variety, malware, data exposure, and phishing and social engineering methods. The successful candidate must have a strong understanding of SIEM and supporting forensic tools.
The chosen candidate will participate in the remediation of incidents and responses that are generated from live threats against the enterprise. All incidents will be recorded and reported per Federal policy and legislation. Candidates will be required to demonstrate proficiency in the Incident Response Process as well as the performance of threat hunting and SOC operations.
Interview will also focus on conceptual and procedural methodologies used to evaluate logical, physical and technical systems compromise. Candidates understanding of malware analysis, advanced persistent threat, infection vectors and defense strategies will be heavily focused on during the screening process. Additional emphasis will be placed on the candidatersquos ability to articulate skills gained from experiences participating in incident response, malware analysis, SOC operations and Threat Hunting.
Required Skills 6-8 Years of SOCIR experience Thorough understanding of security incident response processes Demonstrated experience of the underlying logs generated by operating systems (LinuxWindows), Network Security Devices, and other enterprise tools Demonstrated proficiencies with an enterprise SIEM or security analytics solution such as Kibana (ELK), Splunk, or LogRythm. Solid understanding and experience analyzing security events generated from security tools and devices not limited to Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC Experience and solid understanding of Malware analysis Demonstrated experience and understanding of event timeline analysis and APT Demonstrated proficiencies with application security testing including Chrome extensions Preferred Skills Demonstrated proficiencies with one or more toolsets such as Core Impact and MetaSploit Experience and solid understanding of manual and automated penetration methods Demonstrate the suitability and use of COTS and Open Source discovery and analysis toolsets Demonstrate proficiencies with application penetration testing (Java, .Net, and API JSON) Demonstrate experience with a programming or scripting language (Perl, Python, Ruby, or .Net) Required Certifications All candidates are required to have a valid CISSP certification. Candidates with ISC2 CISSP concentrations (ISSAP or ISSEP) will be given priority consideration.
Advanced penetration testing certification required. Desired Certifications Note One or more of the following may be required for consideration or attainment in the first 90 days of employment. GIAC-GCFE - Global Information Assurance Certification Forensic Examiner GIAC-GCFA - Global Information Assurance Certification Forensic Analyst GIAC-GREM - GIAC Reverse Engineering Malware GIAC-GNFA - GIAC Network Forensic Analyst GIAC-GCTI - GIAC Cyber Threat Intelligence GIAC-GPen ndash GIAC Certified Penetration Tester GIAC-GWAPT ndash GIAC Certified Web Application Penetration Tester GIAC-GXPN ndash GIAC Exploit Researcher and Advanced Penetration Tester CEPT - Certified Expert Penetration Tester (CEPT) CASS - Certified Application Security Specialist (CASS) CWAPT - Certified Penetration Tester (CWAPT) CREA - Certified Reverse Engineering Analyst (CREA)
Valiant Solutions LLC