Detection Enigneer (Cloud)

Detection Engineer (Cloud)

Valiant Solutions is seeking a Secret-cleared Detection Engineer (Cloud) to join our rapidly growing and innovative cybersecurity team!

The Detection Engineer will be responsible for the design, development, and implementation of advanced detection capabilities within a Cybersecurity Service Provider (CSSP) environment. The candidate will focus on creating and managing IDS/IPS signatures, log correlation rules, and other detection tools based on indicator lifecycle analysis. The Detection Engineer collaborates with Defensive Cyber Operations (DCO) Watch Analysts and other teams to ensure timely and effective threat detection, adhering to CJCSM 6510.01B reporting requirements and supporting the CSSP's mission to protect data across a wide spectrum of sources and locations.

Named one of the Best Places to Work in the Washington DC area for 12 consecutive years, Valiant is proud of our employee-centric culture and commitment to excellence. If you are interested in learning more about Valiant and this opportunity, we invite you to apply now!

Location: This position is 100% onsite in Charleston, SC.

Clearance Required: Active Secret

Education Requirement: Bachelor's Degree Area(s) of Study of relevant discipline and 5 years of experience. OR, at least 8 years of experience working in a CSSP, SOC, or similar.

Certification Required: DoD 8570 IAT Level II and DoD 8140 CSSP-specific certification.

Required Experience:

• 5+ years of experience working in a Cloud CSSP, SOC, or similar environment.
• 2+ years of experience with signature development, detection logic creation, and optimization on multiple platforms.
• Technical expertise in major cloud provider security models, services, and logs (Gov. Cloud, AWS, Azure, GCP, etc.).
• Experience working with and developing signatures for Splunk and Elastic.
• Experience with threat intelligence platforms and indicator management.
• Proficient knowledge of detection creation and implementation processes.
• Expertise in IDS/IPS solutions, including signature development and optimization.
• Strong understanding of the indicator lifecycle, including initial discovery, development, operational maturity, and long-term sustainment.
• Effective verbal and written communication skills.
• Ability to solve complex problems independently.
• Preferred certifications: AWS Certified Security, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer, or equivalent SANS GIAC certifications.

Responsibilities:

• Acting as the primary SME for cloud log sources, designing efficient detections across multi-cloud environments (Gov. Cloud, AWS, Azure, GCP, etc).
• Designing and implementing detection logic (KQL, EQL, and/or SPL) tailored to cloud-native threats and cloud infrastructure (e.g., containers like Kubernetes, Docker, etc.).
• Analyzing threat intelligence to create and refine detection mechanisms tailored to the customer's environment.
• Validating and testing detection rules to ensure accuracy, minimize false positive and benign positive matches, and enhance threat identification capabilities.
• Collaboration with DCO Watch Analysts to integrate detection mechanisms into monitoring and incident response workflows.
• Maintaining and updating detection tools and signatures in response to evolving threats, ensuring compliance with CJCSM 6510.01B and other applicable directives.
• Compiling and maintaining standard operating procedure (SOP) documentation for detection creation and implementation processes.
• Performing log analysis of Splunk and Elastic to support detection development and validation.
• Coordinating with reporting agencies and subscriber sites to align detection strategies with operational needs and threat intelligence.
• Participation in program reviews, product evaluations, and onsite certification evaluations to assess detection tool efficacy.
• Overtime may be required to support detection implementation or incident response actions (Surge).
• Up to 10% travel may be required

Equal Employment Opportunity

Valiant Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetic information, marital status, or veteran status, in accordance with applicable law.

Physical Demands

Sitting or standing at a desk for prolonged periods of time and consistent operation of a computer. Frequent communication and exchanging of accurate information via electronic communication, phones, and in person. Occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

Authorization to Share Resume and Personal Information

By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as, personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.