Threat Detection Engineer

5d5 days ago

Leidos

Arlington, US · Full-time · $131,300 – $237,350

About this role

At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people dedicated to customers’ success. We empower teams, contribute to communities, and operate sustainably. The Digital Modernization Sector supports DHS CISA SOC with a Threat Detection Engineer on a strategic Cybersecurity Task Order.

The Threat Detection Engineer builds, implements, and tunes threat detection logic to identify malicious activities. Expertise in security analytics, data correlation, threat intelligence, and automation within SIEM platforms is required. This self-starter role demands analytical skills, flexibility, and good judgment.

Work closely with the Incident Response Team for threat coverage, analysis, and documentation. Collaborate with threat intelligence teams to develop detection logic for emerging threats. Integrate automated workflows and playbooks to streamline response processes within the team environment.

Generate reports and dashboards to highlight detection efficiency and threat trends. Document processes, methodologies, and workflows while sharing insights. Mentor team members on best practices to mature cybersecurity capabilities.

Requirements

BS degree in Science, Technology, Engineering, Math or related field and 12-15 years of prior relevant experience with a focus on cybersecurity
Strong expertise in SIEM platforms and familiarity with query languages (e.g. SPL, KQL)
Understanding of malware behaviors, threat actors, and attack tactics (MITRE ATT&CK)
Ability to independently assess and improve detection rules
Expertise with troubleshooting and documentation skills
Develop and fine-tune detection rules to identify more complex threats
Collaborate with the threat intelligence team to incorporate threat indicators into detection logic
Experience with automation and scripting (e.g., Python)

Responsibilities

Develop, implement, and maintain detection rules to identify malicious behaviors
Optimize detection efficacy by reducing false positives and increasing true positive rates
Work closely with the Incident Response Team to provide coverage for detected threats, as well as detailed analysis and documentation
Integrate automated workflows and playbooks to streamline response processes
Collaborate with threat intelligence teams to develop detection logic for emerging threats
Generate reports and dashboards to highlight detection efficiency and threat trends
Document detection processes, methodologies, and workflows
Share insights and mentor team members on best practices in threat detection