Qualifications

• US Citizenship is required.
• Ability to obtain a Public Trust Clearance.
• Must hold OSCP or GXPN certification.
• 5+ years of experience in Incident Response within a large Security Operations Center (SOC) of over 5,000 endpoints, with at least 3 years in proactive detection engineering, threat hunting, or adversary emulation.
• 3 years of experience in forming hypotheses, querying large datasets, and identifying Advanced Persistent Threat (APT) behaviors.
• 2 years of scripting experience with Python and PowerShell for tool development.
• 2 years of experience developing detections in a Security Information and Event Management (SIEM) system, particularly using Splunk ES or Microsoft Sentinel.

Responsibilities

• Lead detection engineering efforts to enhance threat detection capabilities.
• Develop and implement proactive detection strategies against emerging threats.
• Conduct threat hunting activities to identify potential security breaches.
• Formulate hypotheses based on threat intelligence and conduct data analysis.
• Create and optimize detection rules in the SIEM environment.
• Mentor and guide junior team members in detection engineering and incident response.
• Collaborate with cross-functional teams to improve overall security posture.

Benefits

• Opportunity to work on significant projects within the Federal IT sector.
• Engagement with a large-scale operations environment, enhancing skill set.
• Potential for personal and professional growth in a specialized field.