Tech Stack

Description

You will work on the Cyber Incident Response Team (CIRT) within the Information Security organization, designing and implementing security detection initiatives. You'll develop detection logic for SIEM and network security platforms, write KQL queries for Sentinel, and tune detection sets to improve security monitoring. Your role bridges network engineering and cybersecurity teams to enhance secure network designs and compliance with federal standards.

Requirements

• U.S. Citizenship required
• Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience)
• 6+ years experience in information security or equivalent combination of education and work experience
• 2+ years experience performing event and log analysis across enterprise security tools (AV, IDS/IPS, Firewalls, Active Directory, Web Proxies, DLP, SIEM)
• Hands-on experience with: Microsoft Sentinel KQL (minimum 1 year)
• Cisco FirePower and IDS/IPS configuration (minimum 1 year)
• SIEM platforms (Sentinel preferred)
• Detection engineering: designing and tuning signatures for IoCs and IoAs
• Packet and malware analysis using tools like Wireshark
• Git and GitHub for detection code version control and collaborative workflows
• Scripting and parsing (regex, PowerShell, Python, grep, sed, awk)
• TCP/IP, application layer protocols, and Windows/Linux internals
• MITRE ATT CK framework for detection mapping

Responsibilities

• Design, engineer, and implement security detection initiatives under the cybersecurity team lead
• Develop new detection logic for SIEM (Microsoft Sentinel) and network security platforms (Cisco FirePower, IDS/IPS), incorporating AI-driven tooling where applicable
• Write and optimize KQL queries for Sentinel to improve detection fidelity and reduce false positives
• Tune detection sets to raise security-relevant events for triage and response teams
• Maintain version control of detection logic using Git and GitHub workflows for collaborative development and auditability
• Bridge the gap between network engineering and cybersecurity teams to advocate for secure network designs and maximize security device capabilities
• Conduct technical briefings to enhance team awareness of network architecture and detection strategies
• Collaborate with operations and management to recommend improvements to security posture and ensure compliance with industry and federal standards (e.g., NIST, CISA)