Security & Development Developer Security Clearance

Position: Security & Development Developer with Security Clearance
Security & Development Developer Federal Strategic Cyber Group Organization: ICS
Locations:
Rosslyn, VA (primary) | Beltsville, MD (secondary)

Schedule:

Monday–Friday | 8:00 AM – 4:00 PM

Position Overview ICS is seeking an experienced Security & Development Developer to support our Federal Strategic Cyber Group, delivering advanced detection engineering, automation, and security operations capabilities. This role is ideal for a highly technical developer who excels at building and tuning cyber detections, automating response workflows, and strengthening SOC operations against sophisticated adversaries. You will operate at the intersection of security engineering, detection development, and incident response, directly enhancing enterprise cyber monitoring, analysis, and response capabilities across SIEM, SOAR, and detection platforms.

Key Responsibilities Design, develop, and implement advanced custom cybersecurity alerts and detections. Develop, configure, tune, and maintain cybersecurity tools, alerts, and response mechanisms. Integrate security alerts and workflows into SIEM and SOAR platforms. Automate and optimize security alert workflows to improve incident response speed, accuracy, and efficiency. Analyze enterprise systems and environments to determine optimal logging and alerting strategies in a continuously evolving threat landscape.

Provide deep technical expertise across Splunk, Python, JavaScript, Power Shell, and related languages. Support Security Operations Center (SOC) functions through detection engineering and security development. Collaborate across engineering, operations, and threat intelligence teams to strengthen defenses against advanced cyber adversaries. Implement and enhance monitoring, analysis, and response capabilities within SIEM, SOAR, and detection platforms. Develop, tune, and maintain threat detections and advanced analytic logic.

Onboard and integrate new cyber monitoring tools from an analyst-centric perspective. Coordinate with platform engineers to build, integrate, and sustain security infrastructure. Partner with cyber threat experts to implement emerging signatures and detection logic. Create and maintain security dashboards, alerts, and operational reports. Write and maintain Zeek (Bro), Suricata, and Snort signatures. Maintain Python- and JavaScript-based automation and detection capabilities across security tooling.

Required Qualifications
Education & Experience Bachelor’s degree with 9+ years of relevant experience, or Master’s degree with 7+ years, or PhD with 4+ years, or 4 additional years of experience may be substituted in lieu of degree. Certifications Candidates must possess one of the following certifications or obtain prior to start date (continued certification required): CASP+ CE CCNA Cyber Ops, CCNA-Security, CCNP Security CEH, CFR, CISA CISSP (or Associate) Cloud+, CySA+ GCED, GCIA, GCIH, GICSP SCYBER VCA DCV, PPDA Agile IC, SNOW App Dev Clearance & Citizenship U.S. citizenship required Active Secret security clearance required Ability to obtain a Top Secret clearance

Preferred Qualifications Strong understanding of the MITRE ATT&CK Framework. Strong working knowledge of Splunk Enterprise Security. Solid understanding of Cybersecurity Incident Response processes and lifecycle.

Experience with cloud-based security development, particularly Microsoft Azure and Microsoft Defender for Endpoint (MDE). Familiarity with Machine Learning, User and Entity Behavior Analytics (UEBA), and advanced analytic techniques. Why Join ICS At ICS, you’ll help engineer the detection and response capabilities that defend mission-critical federal systems.

This role offers hands-on influence over how cyber threats are detected, analyzed, and neutralized—combining development, automation, and operational security in a high-impact national security environment.