Tier 3 DCO (Defensive Cyber Operations) Watch Analyst

Valiant Solutions, LLC•Charleston, SC

14h•Onsite

About The Position

Valiant Solutions is seeking a Secret-cleared Tier 3 DCO Watch Analyst to join their cybersecurity team. This role is responsible for leading complex incident response, conducting proactive threat hunting, and enhancing detection capabilities within a Cybersecurity Service Provider (CSSP) environment. The analyst will oversee incident analysis, coordinate with stakeholders, lead purple team exercises, and drive improvements to detection and response capabilities. This position requires advanced expertise, operational leadership, and strict compliance with CJCSM 6510.01B standards. Valiant Solutions has been recognized as one of the Best Places to Work in the Washington DC area for 12 consecutive years, highlighting their employee-centric culture and commitment to excellence. The position is 100% onsite in Charleston, SC.

Requirements

Active Secret clearance required.
Bachelor’s Degree in Cybersecurity, Computer, Electrical, or Electronics Engineering, OR Mathematics with a concentration in computer science or equivalent.
DoD 8570 IAT Level II certification and CSSP/CND certification required.
5 years of experience supporting CSSP or similar SOC technical role.
Comprehensive knowledge of CJCSM 6510.01B and incident response procedures.
In depth expertise with IDS/IPS solutions, including signature development and optimization.
Extensive experience performing digital forensics across multiple operating systems.

Responsibilities

Lead incident response efforts, including analysis, mitigation, and reporting of significant incidents per CJCSM 6510.01B.
Manage incident response campaigns by developing strategies, coordinating multi-team efforts, and ensuring comprehensive resolution and reporting.
Conduct proactive threat hunting to identify advanced threats and network vulnerabilities.
Lead purple team exercises in collaboration with red and blue teams to evaluate and enhance detection and response capabilities.
Evaluate and refine detection mechanisms, including IDS/IPS signatures and log correlation rules, to improve accuracy and reduce false positives.
Perform advanced network and host-based digital forensics on Windows and other operating systems to support investigations.
Coordinate with reporting agencies and subscriber sites for comprehensive incident analysis and reporting.
Develop and maintain internal SOP documentation, ensuring alignment with CJCSM 6510.01B and applicable directives.
Work with a team to provide 24/7 support for incident response, including non-core hours, and mentor junior analysts.
Participate in program reviews, product evaluations, and onsite certification assessments.
Work four 10-hour shifts (Sunday-Wednesday or Wednesday Saturday); shift placement at management’s discretion.
Surge support may be required to support incident response actions.
Up to 10% travel may be required, to include OCONUS locations.