Detection Engineering Lead

MANTECH seeks a motivated and detail-oriented Detection Engineering Lead to join our team in support of advanced cybersecurity operations.The Detection Engineering Lead will enhance cybersecurity detection and response capabilities by developing high-fidelity detection logic, automating security workflows, and strengthening threat-hunting operations. This role serves as a technical leader and liaison with customer staff, overseeing project and task workflow while improving the organization’s ability to identify, analyze, and respond to evolving cyber threats.Responsibilities include but are not limited to:Developing, optimizing, and deploying custom detection rules across SIEM platforms such as Splunk, ELK, Sentinel, Chronicle, or similar technologiesUtilizing YARA, Snort, and Suricata to create signatures and detection rules for malware and network-based threatsBuilding, testing, and tuning security analytics pipelines to reduce false positives and improve alert fidelityDesigning and implementing SOAR playbooks to streamline and enhance security operationsAutomating threat intelligence ingestion, correlation, and alerting mechanismsDeveloping integration scripts between security tools and data sources to enhance visibility and response capabilitiesDeveloping and maintaining robust detection logic mapped to MITRE ATT&CK techniquesConducting continuous security log analysis to identify anomalies and potential threatsCollaborating with Incident Response teams to provide detection logic for emerging threatsLeveraging EDR solutions to detect and investigate endpoint threatsAnalyzing Windows internals and system logs to identify malicious activities and forensic artifactsAnalyzing network traffic and developing Snort/Suricata rules to detect suspicious behaviorsServing as a liaison with customer staff and overseeing project and task workflow to ensure successful mission executionMinimum Qualifications:Bachelor’s degree or equivalent experience and 7+ years of experience in cybersecurity with a focus on detection engineering, threat hunting, incident response, or CNO/CNEExperience with Python or a similar language for automation and data analysisHands-on experience with SIEM platforms such as Splunk, ELK, Sentinel, Chronicle, or similar technologiesExperience applying the MITRE ATT&CK framework for adversary tactics and techniques mappingKnowledge of YARA, Snort, Suricata, and other signature-based detection technologiesFamiliarity with Windows internals and forensic artifacts for endpoint security investigationsStrong analytical skills with the ability to develop custom detection methodologiesPreferred Qualifications:Familiarity with SOAR solutions and security automation workflowsExperience with threat intelligence platforms and integrating threat intelligence feeds into security operationsPrior experience in penetration testing, red teaming, or reverse engineeringCertifications such as GCDA, GCIH, GCFA, OSCP, or Splunk Certified Security ProfessionalClearance Requirements:Current/Active TS/SCI with polygraph.Physical Requirements:Must be able to remain in a stationary position 50% of the time.Frequently communicates with co-workers, management, and customers, which may involve delivering technical briefings and exchanging accurate information in these situations.

Created: 2026-03-05