Detection Enigneer (Cloud)
Valiant Solutions · Charleston County, SC · 1 mo ago
EngineeringFull-time
Responsibilities
- Acting as the primary SME for cloud log sources, designing efficient detections across multi-cloud environments (Gov. Cloud, AWS, Azure, GCP, etc.)
- Designing and implementing detection logic (KQL, EQL, and/or SPL) tailored to cloud-native threats and cloud infrastructure (e.g., containers like Kubernetes, Docker, etc.)
- Analyzing threat intelligence to create and refine detection mechanisms tailored to the customer’s environment.
- Validating and testing detection rules to ensure accuracy, minimize false positive and benign positive matches, and enhance threat identification capabilities.
- Collaboration with DCO Watch Analysts to integrate detection mechanisms into monitoring and incident response workflows.
- Maintaining and updating detection tools and signatures in response to evolving threats, ensuring compliance with CJCSM 6510.01B and other applicable directives.
- Compiling and maintaining standard operating procedure (SOP) documentation for detection creation and implementation processes.
- Performing log analysis of Splunk and Elastic to support detection development and validation.
- Coordinating with reporting agencies and subscriber sites to align detection strategies with operational needs and threat intelligence.
- Participation in program reviews, product evaluations, and onsite certification evaluations to assess detection tool efficacy.
- Overtime may be required to support detection implementation or incident response actions (Surge).
- Up to 10% travel may be required.
Requirements
- 5+ years of experience working in a Cloud CSSP, SOC, or similar environment.
- 2+ years of experience with signature development, detection logic creation, and optimization on multiple platforms.
- Technical expertise in major cloud provider security models, services, and logs (Gov. Cloud, AWS, Azure, GCP, etc.).
- Experience working with and developing signatures for Splunk and Elastic.
- Experience with threat intelligence platforms and indicator management.
- Proficient knowledge of detection creation and implementation processes.
- Expertise in IDS/IPS solutions, including signature development and optimization.
- Strong understanding of the indicator lifecycle, including initial discovery, development, operational maturity, and long-term sustainment.
- Effective verbal and written communication skills.
- Ability to solve complex problems independently.
Qualifications
- Bachelor’s Degree in a relevant discipline.
- At least 8 years of experience working in a CSSP, SOC, or similar.
- DoD 8570 IAT Level II and DoD 8140 CSSP-specific certification.
Skills
- DoD 8570 IAT Level II and DoD 8140 CSSP-specific certification.
- Validated Secret clearance.
- Experience with major cloud providers (Gov. Cloud, AWS, Azure, GCP).
- Experience with Splunk and Elastic.
- Experience with threat intelligence platforms and indicator management.
- Knowledge of IDS/IPS solutions, including signature development and optimization.
- Understanding of the indicator lifecycle, including initial discovery, development, operational maturity, and long-term sustainment.
- Effective verbal and written communication skills.
- Ability to solve complex problems independently.
Benefits
- Named one of the Best Places to Work in the Washington DC area for 12 consecutive years.
Pay
TBD
Schedule
100% onsite in Charleston, SC.