Senior Detection Engineer

About

Peraton is currently seeking an experienced Senior Detection Engineer to become part of our Federal Strategic Cyber Group.

Location

Rosslyn, VA and a secondary at Beltsville, MD.

Schedule

Monday - Friday, 08:00-16:00 (8:00 AM - 4:00PM).

Responsibilities

• Perform advanced custom development and implementation of cybersecurity alerts
• Develop, configure, and tune cyber security tools, alerts, and response capabilities
• Integrate security alerts and process workflows into SOAR and SIEM systems
• Automate and optimize security alert workflows to enhance threat response capabilities and enhance efficiency throughout the Incident Response lifecycle
• Analyze systems and environments to determine necessary logging and alerting to optimize cyber security monitoring in an ever-changing cyber threat landscape
• Provide technical expertise for Splunk, Python, JavaScript, PowerShell, and similar coding languages
• Support the security operations center through security development
• Support cross team collaboration efforts to enhance the customer’s defense against advanced cyber adversaries
• Implement cyber monitoring, analysis, and response capabilities within our SIEM, SOAR, and detection tools.
• Develop and enhance threat detections and advanced analysis capabilities.
• Provide tuning of threat detections.
• On-board and integrate cyber monitoring tools from the analyst’s perspective.
• Coordinate with engineers to assist in building and maintaining platforms.
• Coordinate with cyber threat experts to implement the latest signatures.
• Create and maintain various security dashboards, alerts, and reports.
• Write Zeek (Bro), Suricata and Snort signatures.
• Maintain Python and JavaScript based detections and automation capabilities within our tools.

Minimum Requirements

• Bachelor’s degree and minimum of 9 years of relevant experience; 7 years with Masters degree; 4 years with PhD. An additional 4 years of relevant experience will be substituted in lieu of the degree requirement.
• To be considered for this position, you must either currently hold one of the professional certifications listed below or obtain one prior to their start date. Continued certification is required as a condition of employment:
  • CASP+ CE, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CISA, CISSP (or Associate), Cloud+, CySA+, GCED, GCIA, GCIH, GICSP, SCYBER, VCA DCV, PPDA, Agile IC, SNOW App Dev
• U.S. citizenship required.
• Active Secret security clearance.
• Ability to obtain final Top Secret clearance.

Preferred Qualifications

• A solid understanding of the MITRE ATT&CK Framework
• A solid understanding of Splunk Enterprise Security
• A solid understanding of Cybersecurity Incident Response
• A solid understanding of Cloud Development with Microsoft Azure/MDE.
• A solid understanding of Machine Learning and User and Entity Behavior Analytics.