MANTECH seeks a motivated and detail-oriented Detection Engineering Lead to join our team in support of advanced cybersecurity operations.
The Detection Engineering Lead will enhance cybersecurity detection and response capabilities by developing high-fidelity detection logic, automating security workflows, and strengthening threat-hunting operations. This role serves as a technical leader and liaison with customer staff, overseeing project and task workflow while improving the organization's ability to identify, analyze, and respond to evolving cyber threats.
Responsibilities include but are not limited to:
Developing, optimizing, and deploying custom detection rules across SIEM platforms such as Splunk, ELK, Sentinel, Chronicle, or similar technologies
Utilizing YARA, Snort, and Suricata to create signatures and detection rules for malware and network-based threats
Building, testing, and tuning security analytics pipelines to reduce false positives and improve alert fidelity
Designing and implementing SOAR playbooks to streamline and enhance security operations
Automating threat intelligence ingestion, correlation, and alerting mechanisms
Developing integration scripts between security tools and data sources to enhance visibility and response capabilities
Developing and maintaining robust detection logic mapped to MITRE ATT&CK techniques
Conducting continuous security log analysis to identify anomalies and potential threats
Collaborating with Incident Response teams to provide detection logic for emerging threats
Leveraging EDR solutions to detect and investigate endpoint threats
Analyzing Windows internals and system logs to identify malicious activities and forensic artifacts
Analyzing network traffic and developing Snort/Suricata rules to detect suspicious behaviors
Serving as a liaison with customer staff and overseeing project and task workflow to ensure successful mission execution
Minimum Qualifications:
Bachelor's degree or equivalent experience and 7+ years of experience in cybersecurity with a focus on detection engineering, threat hunting, incident response, or CNO/CNE
Experience with Python or a similar language for automation and data analysis
Hands-on experience with SIEM platforms such as Splunk, ELK, Sentinel, Chronicle, or similar technologies
Experience applying the MITRE ATT&CK framework for adversary tactics and techniques mapping
Knowledge of YARA, Snort, Suricata, and other signature-based detection technologies
Familiarity with Windows internals and forensic artifacts for endpoint security investigations
Strong analytical skills with the ability to develop custom detection methodologies
Preferred Qualifications:
Familiarity with SOAR solutions and security automation workflows
Experience with threat intelligence platforms and integrating threat intelligence feeds into security operations
Prior experience in penetration testing, red teaming, or reverse engineering
Certifications such as GCDA, GCIH, GCFA, OSCP, or Splunk Certified Security Professional
Clearance Requirements:
Current/Active TS/SCI with polygraph.
Physical Requirements:
Must be able to remain in a stationary position 50% of the time.
Frequently communicates with co-workers, management, and customers, which may involve delivering technical briefings and exchanging accurate information in these situations.
MANTECH International Corporation considers all qualified applicants for employment without regard to disability or veteran status or any other status protected under any federal, state, or local law or regulation.
If you need a reasonable accommodation to apply for a position with MANTECH, please email us at careers@mantech.com and provide your name and contact information.
