SIEM Detection Engineer (DoD TS Clearance)

MartinFedWashington, DC
Onsite

About The Position

The SIEM Detection Engineer is responsible for developing, tuning, and maintaining the detection content that identifies security threats within government agencies. This role owns correlation searches, alerts, and security use cases built in Splunk, aligning detections to frameworks such as MITRE ATT&CK and incorporating threat intelligence. The Detection Engineer works closely with security analysts, threat intelligence teams, and the Data and Platform Engineers to ensure threats are detected accurately and with minimal noise.

Requirements

  • Detection development in SPL: correlation searches, scheduled searches, alerts, and thresholds
  • Security use case design mapped to MITRE ATT&CK
  • Alert tuning and false-positive reduction while maintaining coverage
  • Threat intelligence application and IOC/behavioral detection logic
  • Dashboard and visualization development for SOC triage and investigation
  • Detection testing and validation against known attack techniques and sample data
  • Working knowledge of Splunk Enterprise Security (ES): notable events, risk-based alerting (RBA), and data models
  • Understanding of the incident response lifecycle and SOC workflows
  • Familiarity with adversary tactics, techniques, and common attack patterns across endpoint, network, and cloud

Responsibilities

  • Develop and optimize search queries, correlation searches, and alerts in SPL to proactively detect security threats, anomalies, and suspicious behavior.
  • Configure alerts to trigger automated responses or notifications based on predefined criteria.
  • Design and implement security use cases mapped to MITRE ATT&CK and driven by threat intelligence and agency risk priorities.
  • Translate threat scenarios and requirements into actionable, testable detection logic.
  • Tune detections to reduce false positives and alert fatigue while maintaining coverage.
  • Continuously review and refine detection performance against evolving threats.
  • Design and build dashboards and visualizations that support SOC triage, investigation, and decision-making.
  • Present detection results and metrics in a clear, actionable manner.
  • Monitor and analyze security-related events to detect and help respond to potential threats.
  • Support incident response by providing detection context and refining content based on findings.
  • Test and validate detections against known attack techniques and sample data before deployment.
  • Document detection logic, coverage, and expected outcomes.
  • Collaborate with security analysts and threat intelligence teams to align detections with operational needs.
  • Maintain documentation and runbooks for detection content and response guidance.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service