Forensics / Incident Response SME

Position Description

Valiant Solutions is seeking a Forensics / Incident Response SME to join our rapidly growing and innovative cybersecurity team!

Do you have experience in IT security and a strong background in Incident Response and Forensics? If so, you may be interested in this dual-focused position that requires active participation in all Incident Response activities, complemented by deep, specialized expertise in Forensic Analysis.

This is your opportunity to join a busy Security Engineering team delivering cutting-edge solutions to a fantastic Government client. Specialized experience in incident response, managing APTs, forensic analysis, and handling evidentiary data is key for this challenging and rewarding role. This role will be responsible for all incident response and management activities, forensic analysis, and other emerging enterprise-wide IT challenges.

We are seeking a motivated individual to join this team, which is constantly evolving and currently developing cloud security solutions in AWS. You'll be passionate about what you do and will be able to work autonomously to engineer your way out of problems. The IR/Forensics SME shall be responsible for all incident response and management activities, forensic analysis, and other emerging enterprise-wide IT challenges.

Named one of the Best Places to Work in the Washington DC area for 12 consecutive years , Valiant is proud of our employee-centric culture and commitment to excellence. If you are interested in learning more about Valiant and this opportunity, we invite you to apply now!

This position allows for 100% remote work. Remote work requires a high level of trust in our employees, and we strictly adhere to the details outlined in our Remote Work Policy below.

Required Experience

• 8+ years of specialized experience in incident response, management of the APT, forensic analysis, and handling of evidentiary data, with the most recent experience in the past 4 years.
• Experience with Mobile Device Forensics
• Experience performing IR, Forensics, and post-mortem reports in cloud environments (AWS preferred).
• Ability to identify malware characteristics and conduct reverse engineering in x86 and x64 assembly
• Ability to demonstrate and conduct Windows memory forensics techniques to analyze malware threats.
• Strong knowledge of malware code and behavioral analysis.
• Working knowledge in SIFT, REMnux, or other similar frameworks.
• Experience in Presentation and Reporting of Evidence and Analysis
• Experience in File System Timeline Analysis
• Experience in Live Incident Response and Volatile Evidence Collection
• Experience in Advanced Windows Registry Analysis
• Experience in Forensic Imaging and Filesystem Media Analysis
• Experience performing Advanced Network Event and Protocol analysis and timeline reconstruction
• Experience and ability to develop, use, and follow Standard Operating Procedures (SOPs)
• In-depth experience with processing and triage of Security Alerts from multiple sources, but not limited to Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources
• Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response
• Expert understanding of security incident response processes
• Support and participate in Threat Hunt and Threat Intel operations

Responsibilities

• Participate in a rotating on-call; rotation is based on the number of team members
• Serve as a hybrid Incident Response (IR) and Digital Forensics (DFIR) function, requiring both real-time incident handling and deep forensic investigative expertise across enterprise and cloud environments.
• Provide Incident Management and Forensic Support as required for incidents/investigations, including off-hours
• Provide Incident Management support, including guidance and expertise to the Incident Response Team and SOC components
• Development of policies, instructions, standards, and procedures around security functions
• Develops, maintains, and optimizes the malware and forensic analysis laboratory environment
• Maintains digital evidence Chain of Custody for forensic activity in accordance with policy, industry standards, and law
• Perform forensic analysis on a variety of networks, hosts, digital media, and operating systems/environments as but not limited to: Windows, Mac, iOS, Android, Windows Mobile, Linux/Unix, Mainframe, and cloud computing platforms (SaaS, PaaS, IaaS)
• Prepare detailed written technical reports covering the methodology applied to forensic investigation, findings, and recommendations for further action
• Provide SME technical analysis for Incident Response and Forensics for Incident / Breach / and Compromise Activities. Including but not limited to malware detection, lateral movement, data collection, and exfiltration detection
• Provide a complete response to all DFIR tasks
• Produce and review aggregated performance metrics
• Work directly with Security and SOC leadership to convert intelligence and results from forensic analysis into useful detection in enterprise security tools
• Collaborate with the incident response team to rapidly build detection rules as needed
• Perform customer security assessments
• Supporting incident response or remediation as needed
• Participate and develop, and run tabletop exercises
• Perform lessons learned activities
• Supporting ad-hoc data and investigation requests
• Support the enrichment and enhancement of security monitoring tools, including but not limited to evaluation and recommendations on rule tuning and development of new rules/detections

Strongly Preferred Certifications:

• GIAC Certified Forensics Examiner (GCFE)
• Certified Forensic Analyst (GCFA)
• Certified Computer Examiner (CCE)
• AccessData Certified Examiner (ACE) EnCase Certified Examiner (EnCE)
• Magent Certified Forensic Examiner (MCFE)
• Magent Certified GRAYKEY Examiner (MCGE)
• AWS Solution Architect (AWS)
• SANS GIAC Certified Incident Handler (GCIH)
• SANS GIAC Certified Intrusion Analyst (GCIA)
• SANS GIAC Network Forensics Analyst (GNFA)
• SANS GIAC Certified Enterprise Defender (GCED)
• SANS GIAC Reverse Engineering Malware (GREM)
• Carnegie Mellon Certified Computer Incident Handler (CSIH)
• IACIS Certified Forensic Computer Examiner (CFCE)
• ISFCE Certified Computer Examiner (CCE)

About Valiant Solutions

Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology's Fast 50, and Washington Business Journal's Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you'll learn to think quickly on your feet and expand your own personal and professional skill set. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect - and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today.

Benefits Snapshot (includes, but not limited to)
Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees
Valiant contributes 25% towards Health Coverage for Family and Dependents
100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees
100% Paid Certifications
401K Matching up to 4%
Paid Time Off
Paid Federal Holidays
Wellness & Fitness Program
Valiant University - Online Education and Training Portal
FSA programs for: Medical Costs, Dependent Care, Transit, and Parking
Referral Bonuses

The salary range for this position is a general guideline and not a guarantee of compensation or salary. It has been benchmarked in relation to the scope of the role, market rate, and internal equity. The salary for this role is expected to be in the 145-155K salary range. Where a candidate falls within the band can be determined based on one or more of the following: skillset, experience level, achievements, education, geographic location, security clearance, involvement in corporate tasks, and other non-discriminatory factors. In addition to the base salary, this role will include benefits as described above. Valiant reserves the right to adjust the salary range, experience requirements, and position responsibilities at any time without prior notice.


Remote Work Policy


Remote work necessitates a high level of trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention and availability to their job duties during working hours, and maintain a schedule during core business hours that align with those of their coworkers and Valiant's clients. In alignment with Valiant's inclusive and engaging environment, cameras are encouraged and can be required to be on during virtual video conferences. Additionally, in alignment with the Office of the Inspector General's effort to eliminate conflicting employment, all Valiant employees are required to disclose any current or future outside employment engagements. During onboarding and throughout employment, employees must disclose any current activities or intent to engage in outside employment or other professional activities and obtain written approval. Employees may not solicit or conduct any outside business during core business hours for Valiant Solutions and our clients.

Equal Employment Opportunity

Valiant Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetic information, marital status, or veteran status, in accordance with applicable law.

Physical Demands

Sitting or standing at a desk for prolonged periods of time and consistent operation of a computer. Frequent communication and exchanging of accurate information via electronic communication, phones, and in person. Occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

Authorization to Share Resume and Personal Information

By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as, personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.

#LI-LH1