Jobs · Engineering · South Carolina

Detection Enigneer (Cloud)

Valiant Solutions · Charleston County, SC · 1 mo ago
EngineeringFull-time

Responsibilities

  • Acting as the primary SME for cloud log sources, designing efficient detections across multi-cloud environments (Gov. Cloud, AWS, Azure, GCP, etc.)
  • Designing and implementing detection logic (KQL, EQL, and/or SPL) tailored to cloud-native threats and cloud infrastructure (e.g., containers like Kubernetes, Docker, etc.)
  • Analyzing threat intelligence to create and refine detection mechanisms tailored to the customer’s environment.
  • Validating and testing detection rules to ensure accuracy, minimize false positive and benign positive matches, and enhance threat identification capabilities.
  • Collaboration with DCO Watch Analysts to integrate detection mechanisms into monitoring and incident response workflows.
  • Maintaining and updating detection tools and signatures in response to evolving threats, ensuring compliance with CJCSM 6510.01B and other applicable directives.
  • Compiling and maintaining standard operating procedure (SOP) documentation for detection creation and implementation processes.
  • Performing log analysis of Splunk and Elastic to support detection development and validation.
  • Coordinating with reporting agencies and subscriber sites to align detection strategies with operational needs and threat intelligence.
  • Participation in program reviews, product evaluations, and onsite certification evaluations to assess detection tool efficacy.
  • Overtime may be required to support detection implementation or incident response actions (Surge).
  • Up to 10% travel may be required.

Requirements

  • 5+ years of experience working in a Cloud CSSP, SOC, or similar environment.
  • 2+ years of experience with signature development, detection logic creation, and optimization on multiple platforms.
  • Technical expertise in major cloud provider security models, services, and logs (Gov. Cloud, AWS, Azure, GCP, etc.).
  • Experience working with and developing signatures for Splunk and Elastic.
  • Experience with threat intelligence platforms and indicator management.
  • Proficient knowledge of detection creation and implementation processes.
  • Expertise in IDS/IPS solutions, including signature development and optimization.
  • Strong understanding of the indicator lifecycle, including initial discovery, development, operational maturity, and long-term sustainment.
  • Effective verbal and written communication skills.
  • Ability to solve complex problems independently.

Qualifications

  • Bachelor’s Degree in a relevant discipline.
  • At least 8 years of experience working in a CSSP, SOC, or similar.
  • DoD 8570 IAT Level II and DoD 8140 CSSP-specific certification.

Skills

  • DoD 8570 IAT Level II and DoD 8140 CSSP-specific certification.
  • Validated Secret clearance.
  • Experience with major cloud providers (Gov. Cloud, AWS, Azure, GCP).
  • Experience with Splunk and Elastic.
  • Experience with threat intelligence platforms and indicator management.
  • Knowledge of IDS/IPS solutions, including signature development and optimization.
  • Understanding of the indicator lifecycle, including initial discovery, development, operational maturity, and long-term sustainment.
  • Effective verbal and written communication skills.
  • Ability to solve complex problems independently.

Benefits

  • Named one of the Best Places to Work in the Washington DC area for 12 consecutive years.

Pay

TBD

Schedule

100% onsite in Charleston, SC.

Similar jobs

Cloud Identity Engineer

The Larry H. Miller CompanySandy, UT· 1 wk ago
Engineering$102k–$112k/yrapply on recruiting2.ultipro.com