AWS Detection Engineer

Description We are seeking an AWS Detection Engineer to join our team in support of the GSM-O II effort. This position allows a hybrid schedule, and candidates can work out of Scott AFB, IL; Whitehall, OH; or Hill AFB, UT on their on-site days. The Cyber Security Analyst/AWS Detection Engineer develops SIEM/SOAR capabilities to support the teamu2019s Cyber Security Service Provider (CSSP) services. This will include developing, implementing, testing, and executing detection capabilities for AWS security monitoring using Elastic and Splunk. A successful candidate will have experience in cyber analysis/incident response and SIEM/SOAR development. Candidates with experience using Elastic and Splunk within AWS environments will be able to apply that knowledge while analyzing and responding to cyber threats and warnings. PRIMARY RESPONSIBILITIES: + Work with site threat emulation/analytic development team to maximize detection opportunities referenced to the MITRE ATT&CK framework. + Develop, implement, and test analytics using Elastic and Splunk to detect malicious actor activity within AWS IaaS environments. + Review operation and threat reports to determine detection improvement opportunities. + Provide analyst training opportunities using test environments and emulations of malicious activity. + Assist/advise other teams within DISA Global on their cloud security missions as needed. BASIC QUALIFICATIONS: + Active DoD Secret security clearance and ability to obtain TS/SCI + DoD 8570 IAT level II or higher certification such as CompTIA Security+ CE, CySA+, ISC2 SSCP, SANS GSEC prior to starting. + DoD 8570 CSSP-A level Certification such as CEH, CySA+, GCIA or other certification is required within 180 days of hire. + Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain and an ability to think and work independently. + Bachelor's degree and 4+ years of prior relevant experience; additional work experience or Cyber courses/certifications may be substituted in lieu of degree. + Knowledge of architecture, engineering, and operations of Elastic and/or Splunk. + Understanding of AWS cyber security monitoring tools such as CloudWatch, GuardDuty, VPC Flow logs, and Security Hub. + Strong written and oral communications skills and strong analytical and troubleshooting skills. + An ability to think critically and work independently. PREFERRED QUALIFICATIONS: + CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization + Experience with Azure, Google Cloud Platform (GCP), or Oracle Cloud Infrastructure is desirable. + Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs). + Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements. + Unix/Linux command line experience. + Experience with automation templates such as CloudFormation, ARM template, or terraform. + Scripting and programming experience such as PowerShell, bash, or python. + Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings. + Familiarity or experience in Intelligence Driven Defense and/or Cyber Kill Chain methodology. + Existing 8570 CSSP Analyst Certifications (CEH), CySA+, etc. + Familiarity or experience using cybersecurity frameworks such as MITRE ATT&CK, CIS Controls, NIST CSF, or CSA CCM. At Leidos, we donu2019t want someone who

Created: 2025-10-04