Principal Cybersecurity Detection Engineer AI Driven Threats

Role: Principal Cybersecurity Detection Engineer AI Driven Threats

Hybrid Role in Vienna, VA or Winchester, VA or Pensacola, FL

JD: Key ResponsibilitiesAI & Emerging Threat Detection • Serve as the senior technical subject matter expert for AI-focused threat detection within the CSOC. • Design, develop, deploy, and maintain advanced detection content across SIEM and security platforms to identify AI-enabled and emerging attack techniques. • Engineer high-confidence detections using complex query languages and techniques (SPL, KQL, regex, YARA, macros, lookups) across on-premises, hybrid, and cloud environments. • Continuously evaluate detection coverage and fidelity, tuning or retiring content as adversary tactics, data sources, and operational needs evolve. • Research emerging AI and advanced technology threats (e.g., prompt injection, model poisoning, adversarial AI, data exposure) and translate them into actionable detection strategies. • Align detection use cases to industry frameworks such as MITRE ATT&CK, MITRE ATLAS, and NIST CSF. • Partner with threat intelligence, detection engineering, threat hunting, red team, and architecture teams to proactively strengthen detection capabilities. • Support proofs of concept and pilots that apply AI to detection engineering and SOC operations, ensuring solutions deliver measurable operational value. • Mentor and guide senior detection engineers and analysts on AI threat concepts and advanced detection strategies. • Communicate complex technical findings clearly to technical teams, leadership, and executive stakeholders. Required Qualifications • 7+ years of experience in cybersecurity operations, detection engineering, or SIEM engineering in a senior individual contributor role. • Advanced expertise in detection engineering across the full content lifecycle (design, testing, deployment, tuning, and decommissioning). • Hands-on experience applying AI or machine learning capabilities within SOC or detection workflows. • Familiarity with AI security frameworks (e.g., MITRE ATLAS, OWASP AI Security). • Advanced proficiency with SIEM query languages and multi-source telemetry across on-prem, cloud (IaaS/PaaS/SaaS), and hybrid environments. • Strong understanding of adversary TTPs, including emerging AI-enabled threats. • Demonstrated ability to analyze large-scale log and telemetry datasets to identify threats and detection gaps. • Strong communication skills, with the ability to present complex technical concepts to both technical and non-technical audiences. Preferred Qualifications • Experience leading or contributing to AI-focused SOC pilots, automation initiatives, or advanced detection programs. • Relevant certifications (e.g., CISSP, CySA+, CASP+, CCSP) or comparable credentials. • Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or a related field.