Senior Security Detection Engineer

ECS is seeking a Senior Security Detection Engineer to work in our Fairfax, VA office.

Job Description :

At ECS Federal, we're driven by a commitment to excellence and innovation in solving complex challenges. As a premier provider of advanced technology solutions and services, our mission is to secure and optimize the most critical commercial, government, defense, and intelligence projects across the country.

Our team is composed of dynamic professionals who thrive in a collaborative and empowering environment, where our team members leverage the latest technologies and insights to make a real-world impact.

Join us and be part of a forward-thinking organization that values your expertise and supports your professional growth.

We are seeking a Senior Detection Engineer to serve as a pivotal contributor within our Security Operations Center (SOC).

This role demands a strategic thinker and an expert in detection engineering, dedicated to enhancing our cybersecurity posture through advanced threat detection, proactive threat hunting, and automation.

You will work closely with our SOC analysts, Incident Response, and Threat Intelligence teams to ensure that our detection mechanisms are always ahead of emerging threats.

If you are passionate about developing innovative detection solutions and enhancing security operations, we invite you to bring your expertise to ECS, where your efforts will help secure the future of our clients' digital landscapes.

Responsibilities :

• Design, develop, and implement advanced detection strategies across a variety of security platforms, including but not limited to SIEMs, EDR, NDR, and SOAR tools.
• Create and maintain custom detection content (e.g., correlation rules, signatures, alerts) to identify and mitigate emerging threats.
• Collaborate with Threat Intelligence and Incident Response teams to refine detection logic and ensure security alerts are relevant, actionable, and aligned with the latest threats and overall security strategy.
• Continuously optimize and tune detection content to reduce false positives and improve detection accuracy.
• Provide mentorship and technical guidance to junior engineers and analyst, fostering a culture of continuous learning and improvement.
• Document detection logic, use cases, and operational procedures to ensure consistency and knowledge sharing across teams.
• Conduct regular tuning of detection content to adapt to evolving threats and changes in the operational environment.
• Contribute to the development and tracking of key performance indicators (KPIs) related to detection efficacy and response times.
• Engage with cross-functional teams to ensure seamless integration of detection content within broader security operations.
• Document and maintain detection methodologies, operational procedures, and best practices to ensure consistency, scalability and knowledge sharing across teams.

Required Skills :

• Bachelor’s degree; preferably in Computer Science, Information Security, or a related field. Will consider experience in lieu of a degree.
• Minimum of 10 years of experience in cybersecurity, with a strong focus on detection engineering, threat detection, or SOC operations.
• Proficiency in developing detection content for SIEM platforms such as Splunk, ArcSight, Qradar, Logrhythm, or Securonix
• Experience with endpoint detection and response (EDR) tools such as CrowdStrike, SentinelOne, or Carbon Black.
• Expertise in analyzing and interpreting threats from a wide range of data sources, including IDS / IPS, AV, HIDS / HIPS, WAFs, firewalls, web applications, and web proxies, with the ability to identify and mitigate advanced threats.
• Experience in utilizing technologies such as ElasticSearch, Zeek, SIGMA, Suricata, and YARA for developing and optimizing detection rules, threat hunting, and incident response.
• Proficiency in leveraging Detection as Code (DaC) practices to automate and standardize detection logic, enabling rapid deployment and consistent threat detection across multiple environments.
• Comprehensive knowledge of cyber threat tactics, techniques, and procedures (TTPs), with a proven ability to develop and implement effective alerting, countermeasures, and proactive threat-hunting techniques.
• Proficiency with the MITRE ATT&CK framework and its application in detection strategies.
• Deep understanding of network security, intrusion detection / prevention systems (IDS / IPS), and malware analysis.

Desired Skills :

• Certifications such as GCIA / GCIH / GCFA / GNFA / GREM or OSCP.
• Excellent analytical and problem-solving skills, with the ability to handle complex security challenges and think like an adversary
• Experience with cloud security platforms (AWS, Azure, GCP) and integrating native security tools.
• Experience with scripting languages such as Python, PowerShell, or Bash to support automation and custom detection development.
• Proven track record of performing threat hunting and incident detection in large-scale enterprise environments.
• Experience leading security projects that have significantly enhanced detection capabilities or reduced incident response times.
• Strong communication skills, with the ability to articulate complex technical concepts to both technical and non-technical audiences.
30+ days ago