Detection Engineering Lead (Cybersecurity)

TL;DR

Detection Engineering Lead (Cybersecurity): Leading detection engineering operations for the Administrative Office of the United States Courts with an accent on SIEM rule development, threat hunting, and adversary emulation. Focus on building and maintaining a robust Risk Based Alerting framework, optimizing detection coverage, and ensuring rapid response to emerging cyber threats.

Location: Must be based in or able to commute to Washington, DC (Hybrid)

Company

hirify.global provides specialized IT and cybersecurity solutions for government agencies.

What you will do

• Lead detection engineering operations to support security mission objectives.
• Develop, test, and deploy SIEM detection signatures and analytics using Splunk ES or Microsoft Sentinel.
• Manage the Risk Based Alerting framework to ensure effective detection of malicious activity.
• Research emerging threats and TTPs to improve SOC visibility and detection coverage.
• Coordinate with Incident Response and Threat Hunting teams to operationalize intelligence-driven detections.
• Analyze false positives and perform tuning to minimize analyst burden and improve monitoring effectiveness.

Requirements

• Active Public Trust clearance required.
• B.S. in Computer Science, Information Technology, or related field.
• 5+ years of experience in IR within a large SOC (5,000+ endpoints).
• 3+ years of experience in proactive detection engineering, threat hunting, or adversary emulation.
• 2+ years of experience with Python and PowerShell for tool development.
• 2+ years of experience developing detections in SIEM (Splunk ES or Microsoft Sentinel).
• Active OSCP or GXPN certification required.

Culture & Benefits

• Support for critical government cybersecurity missions.
• Opportunity to work with large-scale enterprise security environments.
• Collaborative environment involving Red Team, Blue Team, and CTI stakeholders.
• Structured Agile workflow using Jira for project tracking.