The Role
The Detection Engineer designs and implements detection mechanisms for cyber threats, collaborates with teams, and ensures compliance with directives.
Summary Generated by Built In
Detection Engineer
Charleston, SC - Full Time
Minimum Secret Clearance with ability to obtain TS/SCI required
Position Description:
The Detection Engineer is responsible for designing, developing, and implementing detection mechanisms to identify cyber threats within a Cybersecurity Service Provider (CSSP) environment. The role focuses on creating and managing IDS/IPS signatures, log correlation rules, and other detection tools based on indicator lifecycle analysis. The Detection Engineer collaborates with Defensive Cyber Operations (DCO) Watch Analysts and other teams to ensure timely and effective threat detection, adhering to CJCSM 6510.01B reporting requirements and supporting the CSSP’s mission to protect data across a wide spectrum of sources and locations.
Position Requirements and Duties:
· Design, develop, and implement custom SIEM signatures and NIDS/HIDS rules based on indicator lifecycle analysis to detect cyber threats
· Develop and prioritize risk-based alerting mechanisms to focus detection efforts on high-impact threats, aligning with organizational risk assessments
· Analyze threat intelligence to create and refine detection mechanisms tailored to the customer’s environment
· Validate and test detection rules to ensure accuracy, minimize false positive and benign positive matches, and enhance threat identification capabilities
· Collaborate with DCO Watch Analysts to integrate detection mechanisms into monitoring and incident response workflows
· Maintain and update detection tools and signatures in response to evolving threats, ensuring compliance with CJCSM 6510.01B and other applicable directives
· Compile and maintain internal standard operating procedure (SOP) documentation for detection creation and implementation processes
· Perform log analysis of Splunk and Elastic to support detection development and validation
· Coordinate with reporting agencies and subscriber sites to align detection strategies with operational needs and threat intelligence
· Participate in program reviews, product evaluations, and onsite certification evaluations to assess detection tool efficacy
· Overtime may be required to support detection implementation or incident response actions (Surge)
· Up to 10% travel may be required
Minimum Qualifications:
· Bachelor’s Degree in relevant discipline and 5 years or at least 8 years of experience working in a CSSP, SOC, or similar environment
· 2+ years of experience with signature development, detection logic creation and optimization on multiple platforms
· Must be a U.S. Citizen
Desired Qualifications:
· Experience working with and developing signatures for Splunk and Elastic
· Experience with threat intelligence platforms and indicator management
· Proficient knowledge of detection creation and implementation processes
· Expertise in IDS/IPS solutions, including signature development and optimization
· Strong understanding of the indicator lifecycle, including initial discovery, development, operational maturity, and long-term sustainment
· Effective verbal and written communication skills
· Ability to solve complex problems independently
Required Certifications:
· Must have requisite certifications to fulfill DoD 8570 IAT Level II and CSSP-specific requirements
Charleston, SC - Full Time
Minimum Secret Clearance with ability to obtain TS/SCI required
Position Description:
The Detection Engineer is responsible for designing, developing, and implementing detection mechanisms to identify cyber threats within a Cybersecurity Service Provider (CSSP) environment. The role focuses on creating and managing IDS/IPS signatures, log correlation rules, and other detection tools based on indicator lifecycle analysis. The Detection Engineer collaborates with Defensive Cyber Operations (DCO) Watch Analysts and other teams to ensure timely and effective threat detection, adhering to CJCSM 6510.01B reporting requirements and supporting the CSSP’s mission to protect data across a wide spectrum of sources and locations.
Position Requirements and Duties:
· Design, develop, and implement custom SIEM signatures and NIDS/HIDS rules based on indicator lifecycle analysis to detect cyber threats
· Develop and prioritize risk-based alerting mechanisms to focus detection efforts on high-impact threats, aligning with organizational risk assessments
· Analyze threat intelligence to create and refine detection mechanisms tailored to the customer’s environment
· Validate and test detection rules to ensure accuracy, minimize false positive and benign positive matches, and enhance threat identification capabilities
· Collaborate with DCO Watch Analysts to integrate detection mechanisms into monitoring and incident response workflows
· Maintain and update detection tools and signatures in response to evolving threats, ensuring compliance with CJCSM 6510.01B and other applicable directives
· Compile and maintain internal standard operating procedure (SOP) documentation for detection creation and implementation processes
· Perform log analysis of Splunk and Elastic to support detection development and validation
· Coordinate with reporting agencies and subscriber sites to align detection strategies with operational needs and threat intelligence
· Participate in program reviews, product evaluations, and onsite certification evaluations to assess detection tool efficacy
· Overtime may be required to support detection implementation or incident response actions (Surge)
· Up to 10% travel may be required
Minimum Qualifications:
· Bachelor’s Degree in relevant discipline and 5 years or at least 8 years of experience working in a CSSP, SOC, or similar environment
· 2+ years of experience with signature development, detection logic creation and optimization on multiple platforms
· Must be a U.S. Citizen
Desired Qualifications:
· Experience working with and developing signatures for Splunk and Elastic
· Experience with threat intelligence platforms and indicator management
· Proficient knowledge of detection creation and implementation processes
· Expertise in IDS/IPS solutions, including signature development and optimization
· Strong understanding of the indicator lifecycle, including initial discovery, development, operational maturity, and long-term sustainment
· Effective verbal and written communication skills
· Ability to solve complex problems independently
Required Certifications:
· Must have requisite certifications to fulfill DoD 8570 IAT Level II and CSSP-specific requirements
Top Skills
Elastic
Ids
Ips
Splunk
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Adapt Forward specializes in Defensive and Offensive cyber operations. We strive to rewrite the rulebook on how Cyber Defense and Incident response is done with a unique blend of offense to validate our defense.
