Security Engineer - Senior

Security Engineer

Z FEDERAL s seeking a Senior Security Engineer Cyber Threat Mitigation Lead to work in our Washington DC office to lead a cross functional team (Cyber Threat Intelligence Hunt and Analytics). The position is full time and will support a US Government civilian agency. This position requires an Active Top Secret Clearance and 6 years of relevant work experience.

The successful candidate will be a deeply technical leader with hands-on engineering experience a clear understanding of attacker behavior and the ability to convert threat intelligence into actionable detections and countermeasures. This position also owns the quality and clarity of team deliverables ensuring all intelligence products detections and reports effectively communicate their value and impact.

Job Requirements

• Lead and mentor a cross-functional team of CTI analysts threat hunters and detection engineers.
• Architect detection strategies based on emerging threats adversary behaviors and customer risk posture.
• Drive threat hunting operations to proactively identify undetected malicious activity.
• Translate threat intelligence reports and TTP analysis into actionable detections telemetry gaps and defensive measures.
• Oversee and ensure the accuracy clarity and timeliness of all team deliverables including:
• Detection documentation and enrichment logic
• Threat reports and intelligence summaries
• Hunt plans and post-hunt analysis
• Metrics and dashboards demonstrating operational impact
• Champion technical excellence and documentation standards across the team.
• Collaborate closely with SOC leadership incident responders and engineers to ensure team outputs drive measurable risk reduction.
• Evaluate detection effectiveness and coverage using data-driven assessments.
• Knowledge of detection engineering methodologies including behavioral signature creation enrichment logic and telemetry correlation.
• Familiarity with endpoint detection and response (EDR) telemetry (e.g. SentinelOne CrowdStrike Defender for Endpoint) and how adversary activity presents in those platforms.
• Expertise in SIEM platforms such as Splunk (e.g. SPL query development data models correlation searches macros lookups CIM normalization).
• Proficiency with data transformation and routing technologies such as CRIBL including pipeline logic and field normalization strategies.

Required Skills

• Bachelors degree or higher
• 7 years of experience in cybersecurity with direct experience in at least two of the following:
• Cyber Threat Intelligence (CTI)
• Threat Hunting / Adversary Emulation
• Detection Engineering / Security Analytics
• 2 years of leadership experience with technical teams including project ownership and report review responsibilities.
• Proven experience translating complex technical data into consumable products for leadership engineers and IR staff.
• Familiarity with SOC workflows telemetry pipelines and threat modeling.
• Background in writing formal technical reports with a focus on clarity completeness and audience relevance.
• Understanding of log sources across domains including:
• Host-based logs (Windows Event Logs Sysmon EDR)
• Network telemetry (firewall proxy VPN DNS NDR)
• Cloud logs (Azure AD AWS CloudTrail O365 Management Activity)
• Familiarity with threat hunting techniques including:
• Hypothesis-driven hunting
• Behavioral pattern detection
• Environmental baselining and anomaly detection
• Knowledge of common persistence mechanisms lateral movement techniques and evasion tactics used by threat actors.
• Understanding of malware execution models (e.g. LOLBins scripting engines scheduled tasks registry autostarts).
• Ability to map cyber threat intelligence to technical detections SOC coverage gaps or architectural weaknesses.

Active Top Secret clearance

Desired Skills

• Ability to understand customer non-technical mission sets and drive technical cyber operations to generate value for stakeholders.
• Programming or scripting experience (e.g. Python PowerShell Bash or similar) to assist with automation enrichment or analytic tooling.
• Deep technical expertise in areas such as EDR telemetry log forensics malware behavior or threat modeling.
• Ability to translate complex technical threat intelligence into tangible technical controls detections and mitigations that reduce risk to the organization.
• Familiarity with data routing/normalization platforms (e.g. CRIBL).
• Experience with purple teaming emulation frameworks or detection validation.
• Security certifications such as GCTI GCFA GREM OSCP or Splunk Certified Architect.