Cybersecurity Detection Engineer (Government)
Oakton, Virginia
Job Description:
This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered.
AT&T Global Public Sector is a trusted provider of secure, IP enabled, cloud-based, network solutions and professional services to the Federal Government. We are dedicated to recruiting, developing and empowering a diverse, high-performing workforce that is passionate about what they do, committed to our shared values and dedicated to our customers’ mission.
The detection engineer blends technical skills, threat research experience, and knowledge of adversary techniques to work with new and existing data sources to create high fidelity, actionable alerts the client SOC can use to quickly and effectively identify, analyze, and eradicate cybersecurity threats. This individual will be familiar with adversary Tactics, Techniques, and Procedures (TTPs), and will identify opportunities to improve the effectiveness of existing detection efforts. They will be responsible for developing methodologies to maintain and maximize the integrity and effectiveness of existing alerting through the creation, periodic review, testing, and validation of custom detection content. Additionally, they will leverage cybersecurity threat intelligence and collaborate with the SOC’s incident response teams to meet operational needs and defend against real-world threats.
Job Duties/Responsibilities:
1. A minimum of three years of experience working in detection engineering, threat hunting, security operations, or incident response using Splunk Enterprise Security or Microsoft Sentinel.
2. Experience with the processes to add/update/delete detection rules in Splunk Enterprise Security and Microsoft Sentinel.
3. Proficient in detection engineering methodologies including SNORT and YARA rules.
4. Proficient in Python programming, Bash, and PowerShell.
5. Proficient in Splunk’s Search Processing Language, React, Kusto Query Language, and the Common Information Model (CIM)
6. Knowledgeable and experienced in leveraging cybersecurity threat intelligence, indicators of compromise, STIX/TAXII data feeds, MITRE ATT&CK, and SIEM integrations.
7. Strong experience in networking principles, operating systems (Linux / Windows), and security tools such as IDS/IPS, firewalls, proxy servers and Endpoint Detection and Response (EDR).
8. Knowledge of Windows Sysinternal Suite (including Sysmon) Unix auditd, and how to tune configuration files for identification of malicious activity.
9. At least one of the following certifications: Splunk Enterprise Security Certified Admin credential or have passed the AZ-500 Microsoft Azure Security Technologies exam.
Key Responsibilities:
• Develop and refine detection techniques to identify malicious activities and security breaches.
• Analyze descriptions of IOCs and design effective searches to detect these activities in large data sets.
• Create and maintain detection content, ensuring it is up-to-date with the latest threat intelligence.
• Collaborate with threat hunters to continuously improve detection capabilities.
• Utilize advanced Splunk query skills to develop and run complex searches and analyze security data.
• Ensure the accuracy and efficiency of detection mechanisms to reduce false positives and improve response times.
Required Clearance:
Able to pass police background check.
Required Qualifications:
• Proven experience as a Detection Engineer, with a strong emphasis on detection engineering as a primary job function.
• In-depth knowledge of threat hunting methodologies and experience working as a threat hunter.
• Expertise in Splunk, including the ability to create and optimize complex queries independently.
• Demonstrated ability to analyze and interpret various data sets to identify suspicious activities.
• Strong understanding of cyber security threats, vulnerabilities, and attack vectors.
• Ability to work independently and collaboratively within a team environment.
Desired Qualifications:
• Certifications related to cyber security and detection engineering (e.g., GIAC Certified Detection Analyst, Splunk Certified User).
• Experience in a Security Operations Center (SOC) environment, specifically in a detection engineering role.
• Familiarity with other security information and event management (SIEM) tools and technologies.
Note: This position is not an entry-level role. We require candidates with substantial experience in detection engineering, not just occasional detection creation as part of a SOC analyst role. Candidates who have primarily worked as SOC analysts and only occasionally created detections will not be considered suitable for this role. We are looking for individuals who have demonstrated a consistent focus on detection engineering throughout their career.
Our Cybersecurity Detection Engineer's earn between $89,200 - $207,900. Not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.
Joining our team comes with amazing perks and benefits:
- Medical/Dental/Vision coverage
- 401(k) plan
- Tuition reimbursement program
- Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
- Paid Parental Leave
- Paid Caregiver Leave
- Additional sick leave beyond what state and local law require may be available but is unprotected
- Adoption Reimbursement
- Disability Benefits (short term and long term)
- Life and Accidental Death Insurance
- Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
- Employee Assistance Programs (EAP)
- Extensive employee wellness programs
- Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone
Weekly Hours:
40Time Type:
RegularLocation:
Oakton, VirginiaIt is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities.
Job ID R-57157 Date posted 02/24/2025
Benefits
Your needs? Met. Your wants? Considered. Take a look at our comprehensive benefits.
- Paid Time Off
- Tuition Assistance
- Insurance Options
- Discounts
- Training & Development
Our hiring process
Apply Now
Confirm your qualifications align with the job requirements and submit your application.
Assessments
You may be required to complete one or more assessments, depending on the role.
Interview
Get ready to put your best foot forward! More than one interview may be necessary.
Conditional Job Offer
We’ll reach out to discuss a conditional job offer and the next steps to joining the team.
Background Check
Timing is important – complete the necessary actions to proceed with onboarding.
Welcome to the Team!
Congratulations! It’s time to experience #LifeAtATT.
Check your email (and SPAM) throughout the process for important messages and next steps.
Connect today
Didn’t find what you were looking for here? Sign up for our job alerts so we can connect and share the latest.