Detection Engineering Lead Security Clearance

Position: Detection Engineering Lead with Security Clearance
MANTECH seeks a motivated and detail-oriented Detection Engineering Lead to join our team in support of advanced cybersecurity operations. The Detection Engineering Lead will enhance cybersecurity detection and response capabilities by developing high-fidelity detection logic, automating security workflows, and strengthening threat-hunting operations. This role serves as a technical leader and liaison with customer staff, overseeing project and task workflow while improving the organization's ability to identify, analyze, and respond to evolving cyber threats.

Responsibilities include but are not limited to:
* Developing, optimizing, and deploying custom detection rules across SIEM platforms such as Splunk, ELK, Sentinel, Chronicle, or similar technologies

* Utilizing YARA, Snort, and Suricata to create signatures and detection rules for malware and network-based threats

* Building, testing, and tuning security analytics pipelines to reduce false positives and improve alert fidelity

* Designing and implementing SOAR playbooks to streamline and enhance security operations

* Automating threat intelligence ingestion, correlation, and alerting mechanisms

* Developing integration scripts between security tools and data sources to enhance visibility and response capabilities

* Developing and maintaining robust detection logic mapped to MITRE ATT&CK techniques

* Conducting continuous security log analysis to identify anomalies and potential threats

* Collaborating with Incident Response teams to provide detection logic for emerging threats

* Leveraging EDR solutions to detect and investigate endpoint threats

* Analyzing Windows internals and system logs to identify malicious activities and forensic artifacts

* Analyzing network traffic and developing Snort/Suricata rules to detect suspicious behaviors

* Serving as a liaison with customer staff and overseeing project and task workflow to ensure successful mission execution

Minimum Qualifications:

* Bachelor's degree or equivalent experience and 7+ years of experience in cybersecurity with a focus on detection engineering, threat hunting, incident response, or CNO/CNE

* Experience with Python or a similar language for automation and data analysis

* Hands-on experience with SIEM platforms such as Splunk, ELK, Sentinel, Chronicle, or similar technologies

* Experience applying the MITRE ATT&CK framework for adversary tactics and techniques mapping

* Knowledge of YARA, Snort, Suricata, and other signature-based detection technologies

* Familiarity with Windows internals and forensic artifacts for endpoint security investigations

* Strong analytical skills with the ability to develop custom detection methodologies

Preferred Qualifications:

* Familiarity with SOAR solutions and security automation workflows

* Experience with threat intelligence platforms and integrating threat intelligence feeds into security operations

* Prior experience in penetration testing, red teaming, or reverse engineering

* Certifications such as GCDA, GCIH, GCFA, OSCP, or Splunk Certified Security Professional Clearance Requirements:
* Current/Active TS/SCI with polygraph.

Physical Requirements:

* Must be able to remain in a stationary position 50% of the time.

* Frequently communicates with co-workers, management, and customers, which may involve delivering technical briefings and exchanging accurate information in these situations.