Detection Engineer Elastic SME

Cyber Security Analyst III, Detection Engineer Elastic SME

Charleston, SC – Secret Clearance, with ability to obtain TS/SCI

As a Detection Engineer you will be responsible for designing, developing, and implementing detection mechanisms to identify cyber threats within a Cybersecurity Service Provider (CSSP) environment. You will create and manage IDS/IPS signatures, log correlation rules, and other detection tools based on indicator lifecycle analysis. You will collaborate with Defensive Cyber Operations (DCO) Watch Analysts and other teams to ensure timely and effective threat detection, adhering to CJCSM 6510.01B reporting requirements and supporting the CSSP’s mission to protect data across a wide spectrum of sources and locations.

• Develop, implement, and maintain custom, high-fidelity detection rules and logic in the Elastic Security platform specifically targeting adversary TTPs mapped to the MITRE ATT&CK® framework.
• Develop and prioritize risk-based alerting mechanisms to focus detection efforts on high-impact threats, aligning with organizational risk assessments
• Analyze threat intelligence to create and refine detection mechanisms tailored to the customer’s environment
• Validate and test detection rules to ensure accuracy, minimize false positive and benign positive matches, and enhance threat identification capabilities
• Collaborate with DCO Watch Analysts to integrate detection mechanisms into monitoring and incident response workflows
• Maintain and update detection tools and signatures in response to evolving threats, ensuring compliance with CJCSM 6510.01B and other applicable directives
• Compile and maintain internal standard operating procedure (SOP) documentation for detection creation and implementation processes
• Coordinate with reporting agencies and subscriber sites to align detection strategies with operational needs and threat intelligence
• Participate in program reviews, product evaluations, and onsite certification evaluations to assess detection tool efficacy
• Overtime may be required to support detection implementation or incident response actions (Surge)
• Up to 10% travel may be required

• Bachelor’s Degree in relevant discipline and 5 years or at least 8 years of experience working in a CSSP, SOC, or similar environment
• 2+ years of experience with signature development, detection logic creation and optimization on multiple platforms
• Must be a U.S. Citizen

• Experience in threat detection engineering, threat hunting, or a related role with hands‑on experience using the Elastic Stack, Kibana Query Language (KQL), Event Query Language (EQL), Elasticsearch Query Language (ES|QL) and/or Elastic Defend.
• Experience with threat intelligence platforms and indicator management
• Proficient knowledge of detection creation and implementation processes
• Expertise in IDS/IPS solutions, including signature development and optimization
• Strong understanding of the indicator lifecycle, including initial discovery, development, operational maturity, and long-term sustainment
• Effective verbal and written communication skills
• Ability to solve complex problems independently
• Preferred certifications:
  Elastic Certified Analyst;
  Elastic Certified SIEM Analyst, Elastic Certified Engineer.

• Must have requisite certifications to fulfill DoD 8570 IAT Level II and CSSP-specific requirements

Adapt Forward is a cybersecurity solutions provider for some of the nation’s most valuable information systems. Leveraging advanced threat assessment technology and experience in building high-level information security infrastructure, we develop adaptive solutions uniquely tailored to our customers’ business objectives to protect sensitive data against sophisticated threats in an increasingly complex security environment.

• Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan.
• 401k Retirement Plan with Matching Contribution is immediately available and vested.
• Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.
• Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.
• Employee Assistance Program:
  Counseling/legal assistance and other employee well-being programs are also offered.

Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities.

Adapt Forward’s Veteran/Disability affirmative action plan narrative section is available for inspection upon request during normal business hours at the Human Resources office and may be requested by contacting Human Resources at