Detection & Case Management Lead

About The Position

Requirements

• 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD
• Clearance: TS/SCI (active)
• Education / Training / Certification: Candidate must meet ONE of the following: Master’s or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR Relevant DoD/Military training (e.g., 4C‑255N (CP)); OR Relevant certifications (see list below).
• Experience: Progressive cybersecurity experience focused on detection engineering, SOC operations, or security case management in enterprise/DoD environments.
• Demonstrated expertise in SIEM rule engineering, EDR/XDR tuning, IDS/IPS signatures, cloud-native detection, OT/DCI monitoring, and MITRE ATT&CK mapping.
• Proven experience translating threat intel and vulnerability data into operational detection use cases and validated analytics.
• Strong skills in tooling (SIEM, SOAR, EDR, network telemetry), telemetry normalization, analytic validation, and creating decision‑grade dashboards and runbooks.
• Excellent written and verbal communication for briefings to technical and executive audiences.
• CISSP‑ISSAP, CISSP‑ISSEP, GCIA, GICSP, or equivalent advanced detection/forensics certifications

Nice To Haves

• Prior DoD/Army/ARNG SOC or NOSC experience
• Experience with threat emulation frameworks, Purple Teaming, SOAR playbook development, cloud detection platforms, and telemetry engineering
• Familiarity with CDAP/CHAP assessment processes and compliance/audit evidence requirements

Responsibilities

• Define and govern detection architecture standards and lifecycle for correlation rules, signatures, behavioral analytics, and analytics pipelines aligned to MITRE ATT&CK and prioritized risks.
• Translate threat intelligence, CDAP/CHAP/vulnerability findings into prioritized, testable detection use cases and automated alerting frameworks.
• Oversee detection validation using telemetry analysis, adversary emulation, red‑team exercises, and lab testbeds; tune to reduce false positives and alert fatigue.
• Lead end‑to‑end case management design: triage, enrichment, documentation, escalation, remediation tracking, and closure processes with SLAs and audit controls.
• Establish runbooks, QA controls, and standard operating procedures for detection tuning and investigative documentation.
• Partner with data engineering to improve telemetry ingestion, normalization, enrichment, retention, and evidence integrity for investigations.
• Implement dashboards and reporting for detection efficacy, MTTD, MTTR, case quality, and executive risk metrics.
• Mentor SOC/NOSC analysts and coordinate with incident response, threat intel, vulnerability management, and service owners.
• Maintain continuous improvement process for detection coverage, playbooks, and case management maturity.