Incident Commander

Valiant Solutions is seeking an Incident Commander to join our rapidly growing and innovative cybersecurity team!

Do you have a background leading SOC and Incident Response teams, along with maturing the tools and processes supporting SOCs? If so, this could be the perfect role for you!! As the Incident Commander, you and the team will be responsible for designing and operating both structured security operations center monitoring and incident response processes for a large 24x7x365 SOC/IR/Hunt/Intel/Forensics team. The candidate will be responsible for supporting and leading a team of SOC analysts, threat hunters, threat intelligence specialists, and forensics SMEs. This is a hands-on leadership role where you will both lead the team and participate as a subject-matter expert. Examples for duties include leading the response to a major incident, improving incident response processes and working with engineers to improve tooling. The successful candidate will have a technical background and prior experience leading large SOC teams successfully. This is a great opportunity to join our growing company in a role that involves leading SOC/IR operations and advancing the capabilities and processes that support them.

Named one of the in the Washington DC area for 11 consecutive years, Valiant is proud of our employee-centric culture and commitment to excellence. If you are interested in learning more about Valiant and this opportunity, we invite you to apply now!

This position allows for 100% remote work. Remote work necessitates a high-level trust in our employees and we strictly adhere to the details found below in our Remote Work Policy.

Required Experience:

• Active Secret or Top Secret Clearance
• 10 years of experience leading 24x7x365 SOCs, including at least five (5) years managing hybrid environments that span both on-premises and cloud infrastructures.
• Ten (10) years of experience in cybersecurity incident response in one or more single environments with 50,000+ endpoints, with duties that include all five portions of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (Identify, Protect, Detect, Respond, and Recover)
• Experience with Splunk
• Experience across all five portions of the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, and Recover).
• Demonstrated ability to influence others to accept practices and approaches, and the ability to communicate with and influence executive leadership.
• Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response
• Experience and ability to use and follow Standard Operating Procedures (SOPs)
• In-depth experience with processing and triage of Security Alerts, from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources
• Demonstrated experience with triage and resolution of SOC tasks, including but not limited to: vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis
• Demonstrated experience and understanding of event timeline analysis and correlation of events between log sources

Preferred Certifications:

• Project Management Professional (PMP)
• Certified Information Systems Security Professional (CISSP) or related certification

Responsibilities:

• Lead teams of SOC analysts, incident responders, forensic, and threat intelligence analysts in a 24/7/365 SOCs.
• Lead and shall assign and deploy staff to achieve SOC objectives identified by the Government.
• Maintain, manage, and revise the SOC personnel shift schedules
• Provide technical guidance to the SOC team
• Produce and review aggregated performance metrics
• Manage and increase the effectiveness and efficiency of the SOC through improvements to each function, as well as coordination and communication between support and business functions.
• Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods.
• Work directly with IT Security and SOC leadership on cyber threat intelligence analysts to convert intelligence into proper detection.
• Create and brief customer reports.
• Participate in on-call rotation for after-hours security and/or engineering issues.
• Perform customer security assessments
• Develop and run tabletop exercises
• Collaborate with the incident response team to rapidly build detection rules as needed.
• Perform lessons learned activities.
• Mentor and provide training to SOC analysts and run brown bag training sessions
• Responsible for supporting 24x7x365 SOC operations, including but not limited to: alert review, analysis, triage, response, and action on IOCs and other operationally impactful information, initial review and triage of reported Incidents
• Perform analysis across all security tools, uncovering attack vectors involving a variety of malware, data exposure, phishing, and social engineering methods.
• Monitoring security events received through alerts from SIEM or other security tools
• Review and reporting on anomalous patterns (Hunting) across all security tools / SIEM.
• Logging security incidents in the IT ticketing system
• Managing security incidents throughout their lifecycle to closure
• Supporting ad-hoc data and investigation requests
• Participating in the remediation of incidents and responses that are generated from live threats against the enterprise
• Quickly develop an understanding of customer and SOC operations requirements and policies
• Ensure reports are properly entered into the incident tracking system
• Triaging events and investigating to identify security incidents
• Supporting incident response and handling (Detection, Analysis, Triage)
• Supporting and developing reports during and after SOC monitoring or Incidents, which include all actions taken to properly mitigate, recover, and return operations to normal operations
• IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms
• General cyber-attack stages, profiling techniques, and techniques for detecting host and network-based intrusions
• Composing security alert notifications