Facebook pixel

Threat Detection Engineer
Posted on 11/10/2022
Reston, VA, USA
Experience Level
  • Using ATT&CK and/or other frameworks to categorize alerts and signatures
  • Baselining enterprise events to identify “normal” activity over time
  • SOP development and updating along with training new SOP's
  • Create documentation that details what signatures are supposed to detect, and how to properly triage
  • Mentoring Junior and mid Analysts
  • Expertise in developing optimized custom SPL using macros, lookups, sub-searches, sequenced events, and other advanced techniques
  • Leveraging multiple log sources to identify malicious behaviors that blend in with normal Enterprise activity
  • Use regex for direct pattern matching and data extraction
  • Using network, endpoint, and other security tools and SIEM technologies
  • Automation and security orchestration tools to support Incident Response
  • Using Cloud log data and understanding of cloud architecture to develop security monitoring
  • Network ports and protocols (TCP, UDP, HTTP, SMTP, DNS)
  • Network security devices (FW, IDS/IPS, Proxy, Email Filtration, DNS, etc.)
  • Common host and web application attacks and countermeasures against those attacks
  • Industry frameworks such as cyber kill chain and ATT&CK
  • APT capabilities and ability to implement appropriate detection measures or counter measures
  • Normal working hours of 8:00am - 5:00pm are anticipated, however actual hours may vary depending on mission requirements
  • Must possess a current Secret clearance
  • Bachelors degree and 5 years of relevant experience
  • GCIH
  • GCFA
  • GPEN
  • GCIA
  • Creating threat detection strategies to close visibility and alerting gaps for SOC
  • Creating and maintaining high fidelity alerts across all Security Tool technologies
  • Working with security methodologies and processes within Security Operations Centers supporting medium-large enterprises
  • Configuring and operating technical security solutions to improve or enhance capabilities and ensure optimal performance
  • Analyze, trend, and filter data and events across all data sources to create security dashboards that provide insight into enterprise events, trends, and activity for multiple stake holders
  • Develop and formalize processes to support the full lifecycle of content-development (conception, creation, testing, documentation, implementation, tuning)
  • Researching attacker methodologies and techniques to identify criteria needed to create high fidelity signatures

10,001+ employees

Scientific & engineering systems integration service
Company Overview
Leidos’s mission is to make the world safer, healthier, and more efficient through technology, engineering, and science. The company is a leader in systems integration and technical solutions while working closely with all branches of the U.S. military, the U.S. Department of Defense, other U.S. government civil agencies, and also customers in select markets across the globe.
  • Medical, dental, & vision insurance
  • Health Savings account
  • Income protection
  • PTO
  • Paid parental leave
  • Jury duty pay
  • Bereavement leave
  • 401(k) Retirement Plan
  • Employee Stock Purchase Plan
  • Family Benefits
Company Core Values
  • Integrity: Is having the courage to make tough ethical decisions, taking pride in our work, being transparent with our team, and being respectful of everyone.
  • Inclusion: Is fostering a sense of belonging, welcoming all perspectives and contributions, and providing equal access to opportunities and resources for everyone.
  • Innovation: Is not limited to our engineers and scientists. It is acting as a catalyst. Being tenacious and curious to help us excel and be a part of a learning organization.
  • Agility: Is being flexible, creative, and resilient. It is our ability to think and act small while using the size and strength of our balance sheet to our advantage.
  • Collaboration: Is being team-oriented and proactively engaging to meet shared objectives. It is about building relationships and staying connected with each other.
  • Commitment: Is being accountable, taking ownership, modeling servant leadership, and operating with a sense of urgency to our customers and teams.