Security Detection Engineer

Direct message the job poster from Unisys

Detection engineering focus. Incident response, Splunk(SOAR), EDR tools, SOC

Must have’s:

• Detection Engineering specialty
• SOC
• Splunk (especially Splunk SOAR)ßwe will be doing automation with SOAR

Nice to have

• Python

JD: We are seeking a skilled and proactive Security Detection Engineer to join our Security Operations team. This role is pivotal in identifying, analyzing, and mitigating security threats and vulnerabilities in our environment. The ideal candidate will have a deep understanding of security systems, threat detection techniques, and a strong ability to design and develop security monitoring solutions.

Key Responsibilities:

• Threat Detection and Monitoring:

o Design, implement, and maintain advanced threat detection systems, including intrusion detection/prevention systems (IDS/IPS), Security Information and Event Management (SIEM), and endpoint detection.

o Continuously monitor security alerts and logs to identify signs of malicious activity or vulnerabilities within the network.

o Develop and tune detection rules, signatures, and patterns to identify threats in real-time.

o Collaborate with the Incident Response team to analyze security incidents, identify the root cause, and work on mitigation strategies.

o Conduct forensic investigations to understand the scope and impact of security incidents.

• Security Intelligence and Automation:

o Research emerging security threats/vulnerabilities and integrate intelligence feeds into detection systems.

o Implement automation strategies for faster threat detection and response times.

• Collaboration with Other Teams:

o Work closely with IT, DevOps, and Security teams to ensure all systems are secure by design and actively monitored.

o Provide security expertise for the design and implementation of secure architecture for internal and external services.

• Reporting and Documentation:

o Document security threats, incidents, and response actions in a clear and concise manner.

o Provide regular reporting on security detection activities, including metrics on threats detected, false positives, and incidents mitigated.

o Perform regular tuning and optimization of detection rules to minimize false positives and maximize detection effectiveness.

o Stay up to date on security trends, tools, and methodologies, and apply them to enhance the security posture of the organization.

Required Qualifications:

• Basic understanding of network protocols, operating systems, and cybersecurity principles.

• Experience with common security tools such as SIEM (e.g., Splunk, ArcSight), IDS/IPS, firewalls, endpoint protection, and antivirus solutions.

• Understanding of common attack vectors (e.g., phishing, malware, DDoS) and defense mechanisms.

• Ability to analyze logs, network traffic, and system activity to identify potential threats.

Preferred Qualifications:

• Knowledge of security frameworks such as NIST, CIS, or ISO 27001.

• Certifications such as CompTIA Security+, GIAC Certified Detection Analyst (GCDA), GIAC Certified Incident Handler (GCIH), Cisco CCNA Security, or other cybersecurity-related certifications are a plus.

• Strong analytical and problem-solving skills, with attention to detail.

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  IT Services and IT Consulting

Referrals increase your chances of interviewing at Unisys by 2x

Medical insurance

Vision insurance

401(k)

Get notified when a new job is posted.

Washington, DC $110,000.00-$165,000.00 4 months ago

Gaithersburg, MD $127,000.00-$145,000.00 3 months ago

Reston, VA $110,000.00-$130,000.00 3 months ago

District of Columbia, United States 2 weeks ago

Rockville, MD $90,000.00-$155,000.00 5 months ago

Arlington, VA $90,000.00-$105,000.00 1 month ago

Washington, DC $90,000.00-$145,000.00 5 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.