Cyber Detections Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Leidos · 16 hours ago

Cyber Detections Engineer

positionAshburn, VA
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$154K/yr - $278K/yr
date15+ years exp

Leidos is seeking an experienced Cyber Detection Engineer to join their team supporting the U.S. Customs and Border Protection. The role involves conducting in-depth technical analysis of network and endpoint logs, developing security content, and improving the security posture of the environment against cyber threats.

ComputerGovernmentInformation ServicesInformation TechnologyNational SecuritySoftware
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Create, develop, and maintain new security content as the result of hunt missions, penetration tests, tuning requests and others, to include signatures, alerts, rules, workflows, and automation
Identify, track, and investigate high priority threat campaigns, malicious actors with the interest, capability and Tactics, Techniques, and Procedures (TTPs) to target the agency
Coordinate & lead cross functional collaboration to improve threat detection, design security content, and improve overall security posture of the Enterprise
Proactively and iteratively search through systems and networks to detect advanced threats and create content to monitor and alert on such activity/threats
Use the MITRE ATT&CK framework to understand TTPs of adversaries, threat actors, APTs, and threats targeting the customer agency and organize threat hunts around ATT&CK techniques and sub-techniques
Responsible for maintaining a comprehensive understanding of the cyber threat landscape, including identifying and analyzing cyber threats actors and/or activities to enhance cybersecurity posture of the organization’s IT operating environment
Responsible for conducting cyber threat analysis, identifying mitigation and/or remediation courses of action; developing actionable intelligence used to protect organizational IT assets; and trending cyber threat metrics for leadership situational awareness
Analyze host, network, and application logs in addition to malware and code
Will be responsible for developing scripts to support cyber threat detection that outputs results in a variety of formats, such as VB scripts, Python, C++, HTML, XML or other type most appropriate for the task
Produce high quality technical and non-technical products, briefings, whitepapers, etc., with minimal supervision and emphasis on effective/accurate reporting on product topics
Maintain the daily battle rhythm for the Detection Engineering Team with an emphasis on adherence to deadlines, attention to detail, and clear/concise communication with the customer and stakeholders
Will be responsible for developing, creating, and maintaining security content for deployment on tools and technologies across the enterprise environment
Identifying, tracking, and investigating high priority threat campaigns, malicious actors with the interest, capability and Tactics, Techniques, and Procedures (TTPs) to create security content, and tune alerts, signatures, and rules
Use the MITRE ATT&CK framework to understand TTPs of adversaries, threat actors, APTs, and threats targeting the customer agency and organize threat hunts around ATT&CK techniques and sub-techniques
Author technical and non-technical reports and briefings to ensure leadership awareness of findings and observations
Create daily, weekly, and monthly reports and metrics for products and briefings
Process technical data from various sources and fuse the data with intelligence reporting to improve the security posture of the customer, as well as manage Threat Hunt tools

Qualification

Cyber threat huntingIncident responseSIEM toolsScripting PythonScripting VBMITRE ATT&CK frameworkNetwork security monitoringMalware analysisTechnical reportingCommunication skillsAttention to detailSelf-motivated

Required

Must have a Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or a related field and a minimum of 15 years of professional experience in incident detection and response, malware analysis, cyber threat hunting, or cyber forensics
Have 2+ years recent experience with host-based and network-based security monitoring using cybersecurity capabilities
Must be experienced developing scripts to support cyber threat detection that outputs results in a variety of formats, such as VB scripts, Python, C++, HTML, XML or other
Established experience with incident response and SIEM tools, host-based logs, network-based logs, and regex
Ability to work independently with minimal direction; self-starter/self-motivated
The candidate should have at minimum ONE of the following certifications: CompTIA Cyber Security Analyst (CySA+), CompTIA Linux Network Professional (CLNP), CompTIA Pentest+, CompTIA Cybersecurity Analyst (CySA+), GPEN – Penetration Tester, GWAPT – Web Application Penetration Tester, GSNA – System and Network Auditor, GISF – Security Fundamentals, GXPN – Exploit Researcher and Advanced Penetration Tester, GWEB – Web Application Defender, GNFA – Network Forensic Analyst, GMON – Continuous Monitoring Certification, GCTI – Cyber Threat Intelligence, GOSI – Open Source Intelligence, OSCP (Certified Professional), OSCE (Certified Expert), OSWP (Wireless Professional), OSEE (Exploitation Expert), CCFP – Certified Cyber Forensics Professional, CISSP – Certified Information Systems Security, CEH – Certified Ethical Hacker, CHFI – Computer Hacking Forensic Investigator, LPT – Licensed Penetration Tester, CSA – EC Council Certified SOC Analyst (Previously ECSA – EC-Council Certified Security Analyst), ENSA – EC-Council Network Security Administrator, ECIH – EC-Council Certified Incident Handler, ECSS – EC-Council Certified Security Specialist, ECES – EC-Council Certified Encryption Specialist

Preferred

A minimum of 15 years of hands-on experience with experience in the last 2 years that includes host-based and network-based security monitoring using cybersecurity capabilities
Demonstrated experience planning, executing, and participating in threat hunt missions
Previous DOD, IC or Law Enforcement Intelligence or Counterintelligence Training/Experience
Understanding of complex Enterprise networks to include routing, switching, firewalls, proxies, load balancers
Working knowledge of common (HTTP, DNS, SMB, etc) networking protocols
Familiarity with operation of both Windows and Linux based systems
Proficient with scripting languages such as Python or PowerShell
Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL)

Company

Leidos

twittertwittertwitter
Glassdoor3.9
company-logo
Leidos is a Fortune 500® innovation company rapidly addressing the world’s most vexing challenges in national security and health.
dateFounded in 1969
location
Reston, Virginia, USA
people-size10001+ employees
web-link
https://www.leidos.com/

Funding

Current Stage
Public Company
Total Funding
unknown
2025-02-20Post Ipo Debt
2013-09-17IPO

Leadership Team

leader-logo
James Carlini
Chief Technology Officer
linkedin
leader-logo
Theodore Tanner
Chief Technology Officer
linkedin

Recent News

Fortune
Fortune 500 Power Moves: Which executives gained and lost power this week
2025-12-20
MarketScreener
Leidos Names Theodore Tanner Chief Technology Officer
2025-12-16
Benzinga.com
Citigroup, Leidos Holdings And More On CNBC's 'Final Trades'
2025-12-16
Company data provided by crunchbase