Detection Engineer Elastic SME, Cyber Security Analyst III

About The Position

Requirements

• Bachelor’s Degree in relevant discipline and 5 years or at least 8 years of experience working in a CSSP, SOC, or similar environment
• 2+ years of experience with signature development, detection logic creation and optimization on multiple platforms
• Must be a U.S. Citizen
• Must have requisite certifications to fulfill DoD 8570 IAT Level II and CSSP-specific requirements
• Secret Clearance, with ability to obtain TS/SCI

Nice To Haves

• Experience in threat detection engineering, threat hunting, or a related role with hands-on experience using the Elastic Stack, Kibana Query Language (KQL), Event Query Language (EQL), Elasticsearch Query Language (ES|QL) and/or Elastic Defend.
• Experience with threat intelligence platforms and indicator management
• Proficient knowledge of detection creation and implementation processes
• Expertise in IDS/IPS solutions, including signature development and optimization
• Strong understanding of the indicator lifecycle, including initial discovery, development, operational maturity, and long-term sustainment
• Effective verbal and written communication skills
• Ability to solve complex problems independently
• Preferred certifications: Elastic Certified Analyst; Elastic Certified SIEM Analyst, Elastic Certified Engineer.

Responsibilities

• Develop, implement, and maintain custom, high-fidelity detection rules and logic in the Elastic Security platform specifically targeting adversary TTPs mapped to the MITRE ATT&CK® framework.
• Develop and prioritize risk-based alerting mechanisms to focus detection efforts on high-impact threats, aligning with organizational risk assessments
• Analyze threat intelligence to create and refine detection mechanisms tailored to the customer’s environment
• Validate and test detection rules to ensure accuracy, minimize false positive and benign positive matches, and enhance threat identification capabilities
• Collaborate with DCO Watch Analysts to integrate detection mechanisms into monitoring and incident response workflows
• Maintain and update detection tools and signatures in response to evolving threats, ensuring compliance with CJCSM 6510.01B and other applicable directives
• Compile and maintain internal standard operating procedure (SOP) documentation for detection creation and implementation processes
• Coordinate with reporting agencies and subscriber sites to align detection strategies with operational needs and threat intelligence
• Participate in program reviews, product evaluations, and onsite certification evaluations to assess detection tool efficacy
• Overtime may be required to support detection implementation or incident response actions (Surge)
• Up to 10% travel may be required

Benefits

• Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan.
• 401k Retirement Plan with Matching Contribution is immediately available and vested.
• Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.
• Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.
• Employee Assistance Program: Counseling/legal assistance and other employee well-being programs are also offered.