Detection Engineer Cleared

Company Overview

Critical Tilt blends 25+ years of specialized experience with a lean, responsive approach, delivering tailored solutions to government agencies and private sector clients. From navigating complex networks to adapting to new compliance demands, we understand our customers’ challenges and are primed to tilt the board towards success for their projects.

Critical Tilt, Inc. is seeking a highly skilled and experienced DETECTION ENGINEER (CORELIGHT) with a strong emphasis on network intrusion detection using the Corelight platform. The ideal candidate will possess a deep understanding of Zeek, Suricata, and YARA and measurable experience using Corelight sensors and the Fleet management platform. This role will be as resident engineer and subject‑matter expert on the Customer’s site.

The DETECTION ENGINEER (CORELIGHT) will be responsible for efforts focused on implementation, configuration, use case development, and operational consulting by working closely with the customer to adapt visibility to mission.

Applicants must hold an active TS / SCI clearance with Full Scope Polygraph.

• Craft and maintain novel detection rules, algorithms and alerts that identify malicious and unusual activities
• Conduct threat hunting activities to identify anomalies and potential threats
• Leverage controlled environments for analyzing the operation of specific attacks and attacker techniques
• Engage with Customer IT and cybersecurity personnel as well as Corelight support to produce and refine effective detections
• Disseminate knowledge and discoveries regarding detections via internal- and external-facing documentation
• Continuously improve intrusion detection capabilities based on emerging threats

• 3+ years of experience in one or more of the following information security disciplines: detection engineering, threat hunting, incident response, security operations engineering
• Demonstrated knowledge of information security tools such as Zeek, Suricata, and YARA
• Demonstrated history of creating and maintaining detection rules and capabilities
• Working knowledge of security investigation and incident response processes, particularly at enterprise‑scale
• Strong analytical skills related to detection engineering, including NSM/NDS systems, threat hunting, and threat identification
• Familiarity with the capabilities of threat intel, malware analysis, and digital forensics
• In‑depth knowledge of networking concepts and protocols such as TCP/IP, HTTP, TLS, DNS, Kerberos, SMB
• Experience working in an Agile work environment
• Working knowledge of programming in at least two languages

• Administrate, Configure, and Optimize
• Corelight Fleet Manager
• Corelight Sensor(s)
• Zeek
• Suricata
• YARA
• Network
• Operating System (Windows)
• Operating System (Linux)
• Cloud (AWS, Azure, GCP)
• Software Development / Automation
• Use‑Case Analysis
• Zeek
• Suricata
• YARA
• Splunk
• Elastic
• Endpoint Detection and Response (EDR)
• Specialization
• Security Fundamentals
• Security Operations
• Threat Hunting
• Incident Response
• Network Security
• Professional
• Project Management
• Documentation
• Training / Knowledge Share Delivery
• Cross‑functional collaboration
• Mentoring

• Use‑Case Analysis
• Grafana
• Humio
• Specialization
• Identity and Access Management
• Governance and Compliance
• Application Security
• Mobile / IoT Security

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodation may be made to enable individuals with disabilities to perform the functions.

While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers; handle or feel objects, tools, and controls. The employee is occasionally required to stand, walk; sit; reach with hands and arms; climb or balance, and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 50 pounds.

Specific vision abilities required by this position include close vision, distance vision,…