Detection Engineer

We are seeking a highly skilled and innovative Detection Engineer to join our team in the greater DMV area supporting the Army National Guard.

Responsibilities

• Develop and maintain detection logic across SIEM IDS/IPS endpoint and OT/DCI monitoring platforms: correlation rules signatures and behavioral analytics.
• Translate threat intelligence CDAP findings CHAP results and vulnerability data into detection use cases dashboards and alerting content.
• Test detection rules in lab and sample datasets to verify functionality tune for falsepositive reduction and validate operational readiness.
• Document detection logic metadata versioned content and change histories to support operational tracking and auditability.
• Collaborate with SOC and NOSC analysts to tune alerts refine rule logic and validate detections against observed activity.
• Update runbooks produce tuning notes and support analysts during triage and validation workflows.
• Coordinate with data engineers to ensure ingestion normalization and field mappings for highvalue telemetry sources.
• Review telemetry quality identify gaps in coverage and report issues that affect detection visibility.
• Contribute to continuous improvement by iterating detection content refining workflows and adopting new defensive techniques.

#ENOCS

Qualifications

• 2 years with BS/BA; 0 years with MS/MA; 6 years with no degree

• Clearance: Active TS/SCI clearance.

• Candidate must meet ONE of the following:

  • Bachelors degree in Computer Science Cybersecurity Data Science Information Systems Information Technology or Software Engineering; OR
  • Relevant DoD/military training (examples: A5311900; DISA (521) Training; Cyber Defense Infrastructure Support Specialist (Intermediate) Playlist); OR
  • Relevant professional certification or equivalent experience (examples: GMON GRID CEH Cloud CySA GSEC PenTest Security SSCP).

• Required experience and skills:

  • Detection engineering SOC analytics or security operations experience.
  • Practical experience authoring correlation rules/signatures and analytic queries in one or more SIEM/analytics languages (e.g. KQL SPL Sigma vendorspecific).
  • Familiarity with IDS/IPS signature development EDR/endpoint detection and OT/DCI telemetry characteristics.
  • Handson testing/tuning experience to validate detections reduce false positives and document operational runbooks.
  • Ability to liaise with data engineering to specify ingestion and normalization requirements and validate telemetry fidelity.
  • Strong documentation skills and capability to maintain versioned detection content and operational artifacts.

• Desired:

  • Prior DoD/ARNG or enterprise SOC/NOSC detection engineering experience.
  • Experience mapping detections to MITRE ATT&CK and integrating CTI/CDAP/CHAP inputs into usecase prioritization.
  • Familiarity with automated testing frameworks SOAR integrations and detection performance metrics (precision/recall MTTD).

#ENOCS

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit to learn how were keeping people around the world safe and secure.