ResponsibilitiesWe are seeking a highly skilled and innovative Detection Engineer to join our team in the greater DMV area, supporting the Army National Guard.
Responsibilities
- Develop and maintain detection logic across SIEM, IDS/IPS, endpoint, and OT/DCI monitoring platforms: correlation rules, signatures, and behavioral analytics.
- Translate threat intelligence, CDAP findings, CHAP results, and vulnerability data into detection use cases, dashboards, and alerting content.
- Test detection rules in lab and sample datasets to verify functionality, tune for false-positive reduction, and validate operational readiness.
- Document detection logic, metadata, versioned content, and change histories to support operational tracking and auditability.
- Collaborate with SOC and NOSC analysts to tune alerts, refine rule logic, and validate detections against observed activity.
- Update runbooks, produce tuning notes, and support analysts during triage and validation workflows.
- Coordinate with data engineers to ensure ingestion, normalization, and field mappings for high-value telemetry sources.
- Review telemetry quality, identify gaps in coverage, and report issues that affect detection visibility.
- Contribute to continuous improvement by iterating detection content, refining workflows, and adopting new defensive techniques.
#ENOCS
QualificationsQualifications
- 2 years with BS/BA; 0 years with MS/MA; 6 years with no degree
- Clearance: Active TS/SCI clearance.
- Candidate must meet ONE of the following:
- Bachelor's degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR
- Relevant DoD/military training (examples: A-[redacted]; DISA (521) Training; Cyber Defense Infrastructure Support Specialist (Intermediate) Playlist); OR
- Relevant professional certification or equivalent experience (examples: GMON, GRID, CEH, Cloud+, CySA+, GSEC, PenTest+, Security+, SSCP).
- Required experience and skills:
- Detection engineering, SOC analytics, or security operations experience.
- Practical experience authoring correlation rules/signatures and analytic queries in one or more SIEM/analytics languages (e.g., KQL, SPL, Sigma, vendor-specific).
- Familiarity with IDS/IPS signature development, EDR/endpoint detection, and OT/DCI telemetry characteristics.
- Hands-on testing/tuning experience to validate detections, reduce false positives, and document operational runbooks.
- Ability to liaise with data engineering to specify ingestion and normalization requirements and validate telemetry fidelity.
- Strong documentation skills and capability to maintain versioned detection content and operational artifacts.
- Desired:
- Prior DoD/ARNG or enterprise SOC/NOSC detection engineering experience.
- Experience mapping detections to MITRE ATT&CK and integrating CTI/CDAP/CHAP inputs into use-case prioritization.
- Familiarity with automated testing frameworks, SOAR integrations, and detection performance metrics (precision/recall, MTTD).
#ENOCS
Target Salary Range$66,000 - $106,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual's experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.
