SIEM Detection Engineer (DoD TS Clearance)

MartinFed

$90K — $130K *
Aerospace & Defense
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Expertise in developing detection in SPL, including correlation and scheduled searches.
  • Proficient in designing security use cases aligned with MITRE ATT&CK.
  • Experience in alert tuning to balance false positives and operational coverage.
  • Ability to apply threat intelligence and develop IOC/behavioral detection logic.
  • Skilled in creating dashboards and visualizations tailored for SOC operations.
  • Competent in testing detection methods against known attack techniques.
  • Familiarity with Splunk Enterprise Security and incident response workflows.

Responsibilities

  • Develop and optimize SPL queries to identify security threats.
  • Design security use cases based on threat intelligence and risk assessment.
  • Tune alerts to mitigate false positives while ensuring threat coverage.
  • Create dashboards to facilitate SOC decision-making and investigations.
  • Monitor security events and assist in threat response efforts.
  • Test detection capabilities with known attack scenarios prior to release.
  • Collaborate with analysts to ensure alignment and maintain documentation.

Benefits

  • Inside office environment that promotes focus and productivity.
  • Standard office hours, with the potential for a fast-paced, dynamic workload.
  • Opportunity to work on cutting-edge security projects within government agencies.
Full Job Description
JOB OVERVIEW

The SIEM Detection Engineer is responsible for developing, tuning, and maintaining the detection content that identifies security threats within government agencies. This role owns correlation searches, alerts, and security use cases built in Splunk, aligning detections to frameworks such as MITRE ATT&CK and incorporating threat intelligence. The Detection Engineer works closely with security analysts, threat intelligence teams, and the Data and Platform Engineers to ensure threats are detected accurately and with minimal noise.

Essential Functions:
  • Detection Development
    • Develop and optimize search queries, correlation searches, and alerts in SPL to proactively detect security threats, anomalies, and suspicious behavior.
    • Configure alerts to trigger automated responses or notifications based on predefined criteria.
  • Use Case Development
    • Design and implement security use cases mapped to MITRE ATT&CK and driven by threat intelligence and agency risk priorities.
    • Translate threat scenarios and requirements into actionable, testable detection logic.
  • Alert Tuning and Optimization
    • Tune detections to reduce false positives and alert fatigue while maintaining coverage.
    • Continuously review and refine detection performance against evolving threats.
  • Dashboards and Visualization
    • Design and build dashboards and visualizations that support SOC triage, investigation, and decision-making.
    • Present detection results and metrics in a clear, actionable manner.
  • Threat Detection and Response Support
    • Monitor and analyze security-related events to detect and help respond to potential threats.
    • Support incident response by providing detection context and refining content based on findings.
  • Detection Testing and Validation
    • Test and validate detections against known attack techniques and sample data before deployment.
    • Document detection logic, coverage, and expected outcomes.
  • Collaboration and Documentation
    • Collaborate with security analysts and threat intelligence teams to align detections with operational needs.
    • Maintain documentation and runbooks for detection content and response guidance.

Qualifications:
  • Detection development in SPL: correlation searches, scheduled searches, alerts, and thresholds
  • Security use case design mapped to MITRE ATT&CK
  • Alert tuning and false-positive reduction while maintaining coverage
  • Threat intelligence application and IOC/behavioral detection logic
  • Dashboard and visualization development for SOC triage and investigation
  • Detection testing and validation against known attack techniques and sample data
  • Working knowledge of Splunk Enterprise Security (ES): notable events, risk-based alerting (RBA), and data models
  • Understanding of the incident response lifecycle and SOC workflows
  • Familiarity with adversary tactics, techniques, and common attack patterns across endpoint, network, and cloud

PHYSICAL REQUIREMENTS & ENVIRONMENTAL CONDITIONS
  • Inside office environment.
  • Working on a computer for long periods of time.
  • May involve long period of sitting at a desk.
  • The work environment is fast-paced and sometimes involves extreme deadline pressures.

OTHER DUTIES

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Similar Jobs

More Jobs at MartinFed

More Aerospace & Defense Jobs

Find similar SIEM Detection Engineer (DoD TS Clearance) jobs: