Detection & Case Management Lead

We are seeking a highly skilled and innovative Detection and Case Management Lead to join our team in the greater DMV area supporting the Army National Guard.

Key Responsibilities

• Define and govern detection architecture standards and lifecycle for correlation rules signatures behavioral analytics and analytics pipelines aligned to MITRE ATT&CK and prioritized risks.
• Translate threat intelligence CDAP/CHAP/vulnerability findings into prioritized testable detection use cases and automated alerting frameworks.
• Oversee detection validation using telemetry analysis adversary emulation redteam exercises and lab testbeds; tune to reduce false positives and alert fatigue.
• Lead endtoend case management design: triage enrichment documentation escalation remediation tracking and closure processes with SLAs and audit controls.
• Establish runbooks QA controls and standard operating procedures for detection tuning and investigative documentation.
• Partner with data engineering to improve telemetry ingestion normalization enrichment retention and evidence integrity for investigations.
• Implement dashboards and reporting for detection efficacy MTTD MTTR case quality and executive risk metrics.
• Mentor SOC/NOSC analysts and coordinate with incident response threat intel vulnerability management and service owners.
• Maintain continuous improvement process for detection coverage playbooks and case management maturity.

#ENOCS

Required Qualifications

• 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD
• Clearance: TS/SCI (active)
• Education / Training / Certification: Candidate must meet ONE of the following:
  • Masters or Ph.D. in Computer Science Cybersecurity Data Science Information Systems Information Technology or Software Engineering; OR
  • Relevant DoD/Military training (e.g. 4C255N (CP)); OR
  • Relevant certifications (see list below).
• Experience: Progressive cybersecurity experience focused on detection engineering SOC operations or security case management in enterprise/DoD environments.
• Demonstrated expertise in SIEM rule engineering EDR/XDR tuning IDS/IPS signatures cloud-native detection OT/DCI monitoring and MITRE ATT&CK mapping.
• Proven experience translating threat intel and vulnerability data into operational detection use cases and validated analytics.
• Strong skills in tooling (SIEM SOAR EDR network telemetry) telemetry normalization analytic validation and creating decisiongrade dashboards and runbooks.
• Excellent written and verbal communication for briefings to technical and executive audiences.

Acceptable Certifications (one or more preferred)

• CISSPISSAP CISSPISSEP GCIA GICSP or equivalent advanced detection/forensics certifications

Desired / Preferred

• Prior DoD/Army/ARNG SOC or NOSC experience
• Experience with threat emulation frameworks Purple Teaming SOAR playbook development cloud detection platforms and telemetry engineering
• Familiarity with CDAP/CHAP assessment processes and compliance/audit evidence requirements

#ENOCS

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit to learn how were keeping people around the world safe and secure.