Jobs · Information Technology

Forensics / Incident Response SME

Valiant Solutions · United States · 2 wk ago
RemoteRemoteInformation TechnologyFull-time

About the role

Valiant Solutions is seeking a Forensics / Incident Response SME to join our rapidly growing and innovative cybersecurity team. This dual-focused position requires active participation in all Incident Response activities, complemented by deep, specialized expertise in Forensic Analysis.

Responsibilities

  • Participate in a rotating on-call; rotation is based on the number of team members
  • Serve as a hybrid Incident Response (IR) and Digital Forensics (DFIR) function, requiring both real-time incident handling and deep forensic investigative expertise across enterprise and cloud environments
  • Provide Incident Management and Forensic Support as required for incidents/investigations, including off-hours
  • Provide Incident Management support, including guidance and expertise to the Incident Response Team and SOC components
  • Develop policies, instructions, standards, and procedures around security functions
  • Develops, maintains, and optimizes the malware and forensic analysis laboratory environment
  • Maintain digital evidence Chain of Custody for forensic activity in accordance with policy, industry standards, and law
  • Perform forensic analysis on a variety of networks, hosts, digital media, and operating systems/environments as but not limited to: Windows, Mac, iOS, Android, Windows Mobile, Linux/Unix, Mainframe, and cloud computing platforms (SaaS, PaaS, IaaS)
  • Prepare detailed written technical reports covering the methodology applied to forensic investigation, findings, and recommendations for further action
  • Provide SME technical analysis for Incident Response and Forensics for Incident / Breach / and Compromise Activities. Including but not limited to malware detection, lateral movement, data collection, and exfiltration detection
  • Produce and review aggregated performance metrics
  • Work directly with Security and SOC leadership to convert intelligence and results from forensic analysis into useful detection in enterprise security tools
  • Collaborate with the incident response team to rapidly build detection rules as needed
  • Support and develop, and run tabletop exercises
  • Support the enrichment and enhancement of security monitoring tools, including but not limited to evaluation and recommendations on rule tuning and development of new rules/detections
  • Support ad-hoc data and investigation requests
  • Participate in a rotating on-call schedule

Requirements

  • 8+ years of specialized experience in incident response, management of the APT, forensic analysis, and handling of evidentiary data, with the most recent experience in the past 4 years
  • Experience with Mobile Device Forensics
  • Experience performing IR, Forensics, and post-mortem reports in cloud environments (AWS preferred)
  • Ability to identify malware characteristics and conduct reverse engineering in x86 and x64 assembly
  • Strong knowledge of malware code and behavioral analysis
  • Working knowledge in SIFT, REMnux, or other similar frameworks
  • Experience in Presentation and Reporting of Evidence and Analysis
  • Experience in File System Timeline Analysis
  • Experience in Live Incident Response and Volatile Evidence Collection
  • Experience in Advanced Windows Registry Analysis
  • Experience in Forensic Imaging and Filesystem Media Analysis
  • Experience in Advanced Network Event and Protocol analysis and timeline reconstruction
  • Experience and ability to develop, use, and follow Standard Operating Procedures (SOPs)
  • In-depth experience with processing and triage of Security Alerts from multiple sources, but not limited to Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources
  • Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response
  • Expert understanding of security incident response processes

Qualifications

  • Specialized experience in incident response, management of the APT, forensic analysis, and handling of evidentiary data, with the most recent experience in the past 4 years
  • Experience with Mobile Device Forensics
  • Experience performing IR, Forensics, and post-mortem reports in cloud environments (AWS preferred)
  • Ability to identify malware characteristics and conduct reverse engineering in x86 and x64 assembly
  • Strong knowledge of malware code and behavioral analysis
  • Working knowledge in SIFT, REMnux, or other similar frameworks
  • Experience in Presentation and Reporting of Evidence and Analysis
  • Experience in File System Timeline Analysis
  • Experience in Live Incident Response and Volatile Evidence Collection
  • Experience in Advanced Windows Registry Analysis
  • Experience in Forensic Imaging and Filesystem Media Analysis
  • Experience in Advanced Network Event and Protocol analysis and timeline reconstruction
  • Experience and ability to develop, use, and follow Standard Operating Procedures (SOPs)
  • In-depth experience with processing and triage of Security Alerts from multiple sources, but not limited to Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources
  • Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response
  • Expert understanding of security incident response processes

Skills

  • Specialized experience in incident response, management of the APT, forensic analysis, and handling of evidentiary data, with the most recent experience in the past 4 years
  • Experience with Mobile Device Forensics
  • Experience performing IR, Forensics, and post-mortem reports in cloud environments (AWS preferred)
  • Ability to identify malware characteristics and conduct reverse engineering in x86 and x64 assembly
  • Strong knowledge of malware code and behavioral analysis
  • Working knowledge in SIFT, REMnux, or other similar frameworks
  • Experience in Presentation and Reporting of Evidence and Analysis
  • Experience in File System Timeline Analysis
  • Experience in Live Incident Response and Volatile Evidence Collection
  • Experience in Advanced Windows Registry Analysis
  • Experience in Forensic Imaging and Filesystem Media Analysis
  • Experience in Advanced Network Event and Protocol analysis and timeline reconstruction
  • Experience and ability to develop, use, and follow Standard Operating Procedures (SOPs)
  • In-depth experience with processing and triage of Security Alerts from multiple sources, but not limited to Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources
  • Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response
  • Expert understanding of security incident response processes

Benefits

Named one of the Best Places to Work in the Washington DC area for 12 consecutive years, Valiant is proud of our employee-centric culture and commitment to excellence. Benefits include:

  • 99% of the Medical, Dental, and Vision Coverage for Full-time Employees
  • 25% towards Health Coverage for Family and Dependents
  • 100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees
  • 100% Paid Certifications
  • 401K Matching up to 4%
  • Paid Time Off
  • Paid Federal Holidays
  • Wellness & Fitness Program
  • Valiant University – Online Education and Training Portal
  • FSA programs for: Medical Costs, Dependent Care, Transit, and Parking
  • Referral Bonuses

Pay

The salary range for this position is a general guideline and not a guarantee of compensation or salary. It has been benchmarked in relation to the scope of the role, market rate, and internal equity. The salary for this role is expected to be in the 145-155K salary range. Where a candidate falls within the band can be determined based on one or more of the following: skillset, experience level, achievements, education, geographic location, security clearance, involvement in corporate tasks, and other non-discriminatory factors. In addition to the base salary, this role will include benefits as described above.

Schedule

This role allows for 100% remote work. Remote work requires a high level of trust in our employees, and we strictly adhere to the details outlined in our Remote Work Policy below.

Similar jobs