Senior Security Engineer Cyber Threat Mitigation Lead (Washington)

Senior Security Engineer Cyber Threat Mitigation Lead

ECS is seeking a Senior Security Engineer Cyber Threat Mitigation Lead to work in our Washington, DC office. ECS Federal is a leading information security and information technology company in Washington, DC. We are looking to hire a Senior Security Engineer Cyber Threat Mitigation Lead to lead a cross functional team (Cyber Threat Intelligence, Hunt, and Analytics) on a long-term contract in Washington DC. The position is full time / permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance. The successful candidate will be a deeply technical leader with hands-on engineering experience, a clear understanding of attacker behavior, and the ability to convert threat intelligence into actionable detections and countermeasures. This position also owns the quality and clarity of team deliverables, ensuring all intelligence products, detections, and reports effectively communicate their value and impact.

Lead and mentor a cross-functional team of CTI analysts, threat hunters, and detection engineers. Architect detection strategies based on emerging threats, adversary behaviors, and customer risk posture. Drive threat hunting operations to proactively identify undetected malicious activity. Translate threat intelligence reports and TTP analysis into actionable detections, telemetry gaps, and defensive measures. Oversee and ensure the accuracy, clarity, and timeliness of all team deliverables, including : Detection documentation and enrichment logic Threat reports and intelligence summaries Hunt plans and post-hunt analysis Metrics and dashboards demonstrating operational impact Champion technical excellence and documentation standards across the team. Collaborate closely with SOC leadership, incident responders, and engineers to ensure team outputs drive measurable risk reduction. Evaluate detection effectiveness and coverage using data-driven assessments.

Knowledge of detection engineering methodologies, including behavioral signature creation, enrichment logic, and telemetry correlation. Familiarity with endpoint detection and response (EDR) telemetry (e.g., SentinelOne, CrowdStrike, Defender for Endpoint) and how adversary activity presents in those platforms. Expertise in SIEM platforms such as Splunk (e.g., SPL query development, data models, correlation searches, macros, lookups, CIM normalization). Proficiency with data transformation and routing technologies such as CRIBL, including pipeline logic and field normalization strategies.