Tier 3 DCO (Defensive Cyber Operations) Watch Analyst
Valiant Solutions · Charleston County, SC · 1 mo ago
ManagementFull-time
About the role
The Tier 3 DCO Watch Analyst is responsible for leading complex incident response, conducting proactive threat hunting, and enhancing detection capabilities within a Cybersecurity Service Provider (CSSP) environment. This position requires advanced expertise, operational leadership, and strict compliance with CJCSM 6510.01B standards.
Responsibilities
- Lead incident response efforts, including analysis, mitigation, and reporting of significant incidents per CJCSM 6510.01B.
- Manage incident response campaigns by developing strategies, coordinating multi-team efforts, and ensuring comprehensive resolution and reporting.
- Conduct proactive threat hunting to identify advanced threats and network vulnerabilities.
- Lead purple team exercises in collaboration with red and blue teams to evaluate and enhance detection and response capabilities.
- Evaluate and refine detection mechanisms, including IDS/IPS signatures and log correlation rules, to improve accuracy and reduce false positives.
- Perform advanced network and host-based digital forensics on Windows and other operating systems to support investigations.
- Coordinate with reporting agencies and subscriber sites for comprehensive incident analysis and reporting.
- Develop and maintain internal SOP documentation, ensuring alignment with CJCSM 6510.01B and applicable directives.
- Work with a team to provide 24/7 support for incident response, including non-core hours, and mentor junior analysts.
- Participate in program reviews, product evaluations, and onsite certification assessments.
- Work four 10-hour shifts (Sunday-Wednesday or Wednesday Saturday); shift placement at management’s discretion.
- Surge support may be required to support incident response actions.
- Up to 10% travel may be required, to include OCONUS locations.
Requirements
- Advanced expertise, operational leadership, and strict compliance with CJCSM 6510.01B standards.
- Comprehensive knowledge of CJCSM 6510.01B and incident response procedures.
- In depth expertise with IDS/IPS solutions, including signature development and optimization.
- Extensive experience performing digital forensics across multiple operating systems.