Detection Engineering Lead (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Detection Engineering Lead (Cybersecurity): Leading detection engineering operations for the AOUSC Security Operations Division with an accent on threat research and SIEM optimization. Focus on developing high-fidelity detection signatures, managing the Risk Based Alerting framework, and operationalizing intelligence-driven detections.
Location: Hybrid (Washington, DC). Must have an active Public Trust clearance.
Company
provides specialized IT and cybersecurity support services to government agencies.
What you will do
- Lead the full lifecycle of cybersecurity detection engineering, including research, testing, implementation, and maintenance of capabilities.
- Develop, validate, and deploy new SIEM detection signatures and analytics using Splunk ES or Microsoft Sentinel.
- Research emerging cyber threats, adversary capabilities, and TTPs to improve SOC visibility.
- Maintain and manage the Risk Based Alerting (RBA) framework within the Judiciary SIEM environment.
- Coordinate with Threat Hunting, CTI, and Blue Team personnel to operationalize intelligence-driven detections.
- Analyze false positive alerts and perform necessary tuning to minimize analyst burden.
Requirements
- Active Public Trust clearance is mandatory.
- 5+ years of experience in Incident Response within a large SOC (5,000+ endpoints).
- 3+ years of experience focused on proactive detection engineering, threat hunting, or adversary emulation.
- Proficiency in Python and PowerShell for tool development.
- Experience developing detections in Splunk ES or Microsoft Sentinel.
- Active OSCP or GXPN certification.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →