Senior Cybersecurity Engineer (SME)

Peraton is seeking a Senior Cybersecurity Engineer (SME) to support a federal customers Virtual Security Operations Center (vSOC).

Location: Washington DC

This individual will serve as the technical lead for SIEM operations detection engineering and advanced security analytics leveraging Microsoft Sentinel and the Microsoft Defender security stack.

The ideal candidate is a hands-on technical expert who can operate at both the engineering and operational levels ensuring comprehensive monitoring high-fidelity detection and actionable intelligence across enterprise environments.

This role directly supports mission-critical cybersecurity operations protecting sensitive federal data (CUI/PII/PHI/FTI) and aligns to Zero Trust and NIST-based security frameworks.

What Youll Do

Lead Microsoft Sentinel Operations

• Serve as the primary SME for Microsoft Sentinel the enterprise SIEM platform
• Design implement and optimize analytics rules correlation logic and data models
• Develop advanced KQL queries workbooks and dashboards to support SOC operations and reporting
• Ensure all monitoring and analytics align to the Microsoft Sentinel data model

Drive Detection Engineering & Threat Analytics

• Lead development and continuous tuning of MITRE ATT&CK-aligned detection use cases
• Implement cross-domain correlation logic spanning identity endpoint network and cloud telemetry
• Perform and guide proactive threat hunting activities
• Continuously improve detection capabilities based on:
• Threat intelligence
• Incident response findings
• Red team and assessment results

Integrate and Optimize Microsoft Security Stack

• Leverage and optimize:
• Microsoft Defender for Endpoint (MDE) for endpoint visibility
• Microsoft Defender for Identity (MDI) for Active Directory and identity monitoring
• Ensure all Defender telemetry is:
• Properly ingested into Sentinel
• Actively monitored and correlated
• Optimized for detection and response

Engineer Multi-Source Log Ingestion & Normalization

• Lead ingestion and integration of non-Microsoft data sources including:
• AWS CloudTrail and VPC Flow Logs
• Proofpoint email security logs
• Veeam backup logs
• Checkpoint and Cisco network/security logs
• iBoss proxy logs
• VPN and remote access logs
• Ensure all telemetry is:
• Normalized to Sentinel schema
• Aligned for cross-plane correlation
• Optimized for detection engineering and threat hunting

Ensure Data Integrity & Pipeline Health

• Oversee ingestion pipelines to ensure:
• Log integrity and completeness
• Accurate timestamping and synchronization
• Proper schema mapping and field normalization
• Monitor ingestion health to identify:
• Dropped or malformed logs
• Latency or ingestion failures
• Configure and manage log routing tools (e.g. Cribl) ensuring:
• No data loss
• Preservation of original log fidelity

Enable Cross-Plane Security Visibility

• Implement and maintain end-to-end visibility across:
• Identity
• Endpoint
• Network
• Cloud
• Develop correlation strategies that:
• Map to MITRE ATT&CK techniques
• Support advanced threat detection
• Enable full attack path analysis

Deliver Operational Reporting & Dashboards

• Build and maintain real-time dashboards and automated reporting within Sentinel
• Provide visibility into:
• Detection performance (MTTD/MTTR)
• Log ingestion health
• Threat trends and risk posture
• Support delivery of:
• Operational SOC reporting
• Executive-level insights
• Compliance and audit artifacts

Mentor and Lead Technical Teams

• Serve as a technical escalation point and mentor for SOC analysts (Tier IIII)
• Provide guidance on:
• Detection strategy
• Log onboarding
• Security architecture improvements
• Collaborate with:
• Incident Response teams
• Cloud and infrastructure teams
• Government stakeholders

Required:

Education & Experience:

• Bachelors degree and a minimum of 8 years of relevant experience. An additional 4 years of experience in lieu of degree.
• Minimum of 8years of cybersecurity experience including:
  • 5 years in SOC SIEM or detection engineering roles
  • 3 years of hands-on experience with Microsoft Sentinel
• Technical Skills
  • Deep expertise in:
    • Microsoft Sentinel (analytics KQL data models)
    • Microsoft Defender for Endpoint (MDE)
    • Microsoft Defender for Identity (MDI)
  • Strong experience with:
    • Log ingestion normalization and schema mapping
    • Multi-source telemetry integration (cloud network endpoint)
    • AWS logging (CloudTrail VPC Flow Logs)
  • Knowledge of:
    • MITRE ATT&CK framework
    • SIEM/XDR integration
    • Log routing tools (e.g. Cribl Logstash Fluentd)
• U.S citizenship required
• Ability to obtain Top Secret Clearance

Preferred:

• Relevant certifications:
• CISSP GCIA GCIH CEH or equivalent
• Microsoft Security certifications (Sentinel Defender)
• AWS Security certifications
• Privacy certifications (e.g. CIPP/US CIPM) where applicable
• Experience supporting:
• Federal civilian agencies
• NIST-based frameworks ()
• Zero Trust architectures

What Sets You Apart

• Ability to operate as both a hands-on engineer and strategic technical leader
• Experience building detection capabilities from the ground up
• Strong understanding of identity-centric security and Zero Trust principles
• Proven ability to optimize security operations for efficiency and cost

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit to learn how were keeping people around the world safe and secure.