Detection and Response Engineer Security Clearance

Position: Detection and Response Engineer with Security Clearance
Location: Laurel

Description Are you interested in being part of a highly collaborative Detection & Response Engineering team? Are you inquisitive and analytical with a Cybersecurity focus? If so, we're looking for someone like you to join our team  are seeking a Detection & Response Engineer to help us hunt for sophisticated cyber threats operating in an actively changing cyber threat landscape!

Perform real-time incident handling, independently following and creating procedures to analyze and contain malicious activity. Create detections and contribute to a highly collaborative team who maintain and mature our detection infrastructure (e.g., Security Data Lake, S3, Azure, or Databricks). Make recommendations and enhance procedures based on insights into sophisticated threat behaviors. This role bridges traditional incident response and advanced analytics to identify novel attacker behaviors.

Ideal candidates will combine curiosity, data fluency, and an understanding of adversary tradecraft to continuously evolve our detection ecosystem. As a Detection & Response Engineer:
* Create novel detections in Python, SQL, and similar scripting languages based on a deep understanding of adversarial tradecraft.

* Bring together data-driven analytics and traditional detection engineering to stay ahead of sophisticated threats by developing and deploying novel tooling that may improve Machine Learning, Statistical methods, or Large Language Models to enhance detection, investigation, and response capabilities.

* Hunt for advanced threats by analyzing data through hypothesis crafting and iterative searching through data to identify malicious behaviors.

* Develop and enhance processes, work flows, and detections to quickly identify and respond to potential incidents.

* Collect evidence to include digital media, logs, and malware to perform analysis associated with cyber intrusions.

* Participate in projects and multi-functional security teams requiring interaction with IT operations. Qualifications You meet our minimum qualifications for the job if you...
* Bachelor's Degree in Information Security, a security related field, or equivalent experience that provides the necessary knowledge, skill and abilities.
* 3+years of real-world cyber experience or an equivalent blend of cybersecurity and data science experience.
* Proficient understanding operating systems (OS), OS normal activities, OS internals, MITRE ATT&CK TTPs mapped to OS, and identifying anomalous behaviors.
* Proficiency with extracting and manipulating data, using scripting languages such as Python, Power Shell, SQL, or others.
* Experience applying data science or statistical methodologies to cybersecurity data using Python and SQL.
* Experience with cloud attack detection and response in cloud infrastructure.
* Demonstrate ambition to further current knowledge and understanding by exploring new concepts and applying to cyber security.
* Are able to obtain a Secret security clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.
You'll go above and beyond our minimum requirements if you...
* Master's Degree in Information Security Assurance or security related field.
* Demonstrated ability in operational cybersecurity and incident response in large scale environments.
* Familiarity with data platforms such as AWS Security Lake and Databricks for large-scale data analysis.
* Experience with Assume Breach methodologies and proficient understanding of advanced attack methodologies of Nation State adversaries.
* Proficient knowledge of the MITRE ATT&CK framework.
* Technical experience in some of the following areas:
Endpoint Detection & Response, Active Directory and authentication anomalies, Suricata, Zeek, Full Packet capture technologies, Firewall, Proxy, and Sandbox technologies.
* Experience with memory analysis, host-based anomaly detection, network anomaly detection, and authentication anomaly detection.
* Experience leveraging Large Language Models to enhance detection and response capabilities. About…