Cybersecurity Detection Engineering Lead

Gunnison Consulting Group•Washington, DC

17h•$145,000 - $155,000•Hybrid

About The Position

Lead detection engineering activities supporting cybersecurity monitoring and defense for the federal customer. Oversee the full lifecycle of detection development, including research, testing, deployment, tuning, and maintenance. Research emerging threats, adversary capabilities, and attack methodologies to improve detection coverage. Develop, validate, and deploy SIEM detections, correlation rules, and analytic workflows. Manage and maintain risk-based alerting frameworks to prioritize critical threats. Conduct regular reviews of alert performance, including analysis of false positives and tuning opportunities. Document detection logic, configurations, and implementation procedures. Collaborate with threat hunting, intelligence, and incident response teams to operationalize threat insights. Develop new detections in response to emerging threats, vulnerabilities, and operational priorities. Ensure timely implementation of critical detections within defined SLAs. Evaluate new telemetry sources and security alerts for detection value and operational impact. Track detection changes and enhancements through Agile workflows and ticketing systems. Produce operational reports summarizing detection performance and improvements. Maintain configuration management and documentation repositories. Recommend improvements for telemetry collection, log visibility, and monitoring effectiveness. Coordinate with Blue Team to incorporate findings from adversary simulations and exercises. Deliver briefings and reports to technical teams and leadership. Support transition and operational readiness activities.

Requirements

Bachelor’s degree in Computer Science, Information Technology, or related field
Minimum of 5 years of experience in incident response or SOC operations, including at least 3 years focused on detection engineering, threat hunting, or adversary emulation
At least 3 years of experience developing hypotheses, querying large datasets, and identifying advanced threat behaviors
Minimum of 2 years of experience with scripting languages such as Python and PowerShell
At least 2 years of experience developing detection logic in SIEM platforms such as Splunk Enterprise Security or Microsoft Sentinel
Certification required: OSCP or GXPN
Ability to obtain and maintain a Public Trust clearance

Responsibilities

Lead detection engineering activities supporting cybersecurity monitoring and defense for the federal customer
Oversee the full lifecycle of detection development, including research, testing, deployment, tuning, and maintenance
Research emerging threats, adversary capabilities, and attack methodologies to improve detection coverage
Develop, validate, and deploy SIEM detections, correlation rules, and analytic workflows
Manage and maintain risk-based alerting frameworks to prioritize critical threats
Conduct regular reviews of alert performance, including analysis of false positives and tuning opportunities
Document detection logic, configurations, and implementation procedures
Collaborate with threat hunting, intelligence, and incident response teams to operationalize threat insights
Develop new detections in response to emerging threats, vulnerabilities, and operational priorities
Ensure timely implementation of critical detections within defined SLAs
Evaluate new telemetry sources and security alerts for detection value and operational impact
Track detection changes and enhancements through Agile workflows and ticketing systems
Produce operational reports summarizing detection performance and improvements
Maintain configuration management and documentation repositories
Recommend improvements for telemetry collection, log visibility, and monitoring effectiveness
Coordinate with Blue Team to incorporate findings from adversary simulations and exercises
Deliver briefings and reports to technical teams and leadership
Support transition and operational readiness activities