Threat Detection Expert

Job Title : Threat Detection Expert Location: Mclean, VA Duration: Full Time Direct Hire Employment Security Clearance : Active Top Secret/SCI Clearance with Full Scope Polygraph Salary Range : $220,000 - $250,000 Per Annum   Responsibilities: In this role, you will be working with a commercial company’s security team to create and build new solutions to challenging problems. In performing this role, you will be required to: Work with the customer to establish a mature Insider threat monitoring capability across multiple windows, Linux, and container environments. This person will be leading the development of new alerting frameworks Execute a dual mandate over a designated time period to: Develop detection logic in the customer SIEM solution. Architecting and deploying detections from the ground up Support the migration of logic, queries, and visualizations into a new SIEM solution. Work with the customer to improve incident response efficiencies. Support the Tier 1 Security Operations Team with investigations and responses. Improve the customer’s ability for early detection and mitigation of risks Must Have Qualifications: This position requires an active TS/SCI clearance with Full Scope polygraph. Specialist with architecting and deploying new frameworks from the ground up. Bachelor’s degree in computer science, Engineering, Information Assurance, or a related discipline and 10+ years of related experience. Additional experience may be substituted for a degree. Must have experience and expertise with SIEM solutions such as Splunk, Kabana, etc. Must have experience with log telemetry structure and log logic in Windows, Linux, and Containerized environments. Experience with migrating schema mappings from one SIEM solution to another. The ability to demonstrate query language proficiencies. Must have experience with cloud service providers i.e., Google, AWS, Azure, etc. Have experience with the deployment and configuration of data collections from various system components that include operating systems, networking devices, and containerization platforms. Experience creating dashboards, analytics, and alerts within SIEM tools. Experience working with monitoring systems supporting auditing, incident response, and system health. Experience with the OSINT framework and related tools. Working in an air gapped environment Analyze user behavior and how to create alerts from scratch Comfortable with both Splunk and ELK

Created: 2026-04-02