Назад
Company hidden
11 часов назад

Detection Engineering Lead (Cybersecurity)

Формат работы
hybrid
Тип работы
fulltime
Грейд
lead
Английский
b2
Страна
US
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Detection Engineering Lead (Cybersecurity): Leading detection engineering operations for the AOUSC Security Operations Division with an accent on threat research and SIEM optimization. Focus on developing high-fidelity detection signatures, managing the Risk Based Alerting framework, and operationalizing intelligence-driven detections.

Location: Hybrid (Washington, DC). Must have an active Public Trust clearance.

Company

hirify.global provides specialized IT and cybersecurity support services to government agencies.

What you will do

  • Lead the full lifecycle of cybersecurity detection engineering, including research, testing, implementation, and maintenance of capabilities.
  • Develop, validate, and deploy new SIEM detection signatures and analytics using Splunk ES or Microsoft Sentinel.
  • Research emerging cyber threats, adversary capabilities, and TTPs to improve SOC visibility.
  • Maintain and manage the Risk Based Alerting (RBA) framework within the Judiciary SIEM environment.
  • Coordinate with Threat Hunting, CTI, and Blue Team personnel to operationalize intelligence-driven detections.
  • Analyze false positive alerts and perform necessary tuning to minimize analyst burden.

Requirements

  • Active Public Trust clearance is mandatory.
  • 5+ years of experience in Incident Response within a large SOC (5,000+ endpoints).
  • 3+ years of experience focused on proactive detection engineering, threat hunting, or adversary emulation.
  • Proficiency in Python and PowerShell for tool development.
  • Experience developing detections in Splunk ES or Microsoft Sentinel.
  • Active OSCP or GXPN certification.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →