Government Careers
  • Senior Detection Engineer #3279

  • Genius Road
  • San Antonio, Texas 78201 United States View Map

Senior Detection Engineer

Contract Length: 12+ months

Location: Austin or San Antonio, Texas (Hybrid)

Behind every clean dashboard and every quiet shift is an engineer who built the system that made it possible. This role is for that engineer, the one who can take a sea of raw network and log data and turn it into detection logic that catches the right things at the right time. The work spans tuning SIEM platforms, sharpening IDS/IPS signatures, dissecting packet captures, and translating threat intelligence into rules that hold up under real attack conditions. It is technical, it is detailed, and the payoff is a monitoring environment that genuinely works the way it is supposed to. If you find real satisfaction in fine-tuning detection until the noise disappears and the signal stays sharp, this is where that skill belongs!

Qualifications/Requirements:

  • 5+ years of SOC, detection engineering, and security monitoring
  • Security Certifications such as CISSP, CEH, GSEC, or Security+ preferred
  • Hands-on with IDS/IPS platforms like Cisco Firepower and TippingPoint, including signature tuning and false-positive reduction
  • Strong packet capture and traffic analysis skills using tools like Corelight, NetWitness, and CRIBL to spot anomalies and lateral movement
  • Experience tuning EDR platforms such as CrowdStrike and SentinelOne and feeding that telemetry into SIEM and orchestration workflows
  • Practical experience turning threat intelligence into usable detection logic
  • Strong understanding of MITRE ATT&CK and the ability to build detections aligned with known adversary techniques
  • Ability to build detection content that maps cleanly to known adversary TTPs
  • Experience with intelligence platforms like Recorded Future, GreyNoise, or Mandiant a plus
  • Familiarity with SOAR tools, particularly Cyware, for automated SOC workflows a plus
  • Comfortable serving as an escalation point for other analysts needing network context

Duties/Responsibilities:

  • Build, tune, and maintain SIEM platforms including correlation rules, dashboards, and detection content
  • Configure and refine IDS/IPS technologies, developing signatures and reducing false positives
  • Analyze packet captures to validate alerts and confirm malicious activity
  • Monitor network traffic for anomalies, lateral movement, and command-and-control activity
  • Turn threat intelligence into detection logic, correlation rules, and enrichment workflows
  • Continuously tune detection content to improve accuracy across the monitoring environment
  • Build orchestration playbooks connecting SIEM, EDR, threat intelligence, and ticketing systems
  • Support log onboarding, data normalization, and broader SOC detection engineering
  • Maintain sensors, collectors, and log pipelines that the monitoring environment depends on
  • Partner with incident responders, providing network-level evidence and context
  • Document engineering work, tuning decisions, and platform health assessments

Genius Road, LLC is proud to be a Certified Women's Business Enterprise, an Equal Opportunity Employer and values diversity. All employment is decided on the basis of qualifications, merit and business need.

Senior Detection Engineer

Contract Length: 12+ months

Location: Austin or San Antonio, Texas (Hybrid)

Behind every clean dashboard and every quiet shift is an engineer who built the system that made it possible. This role is for that engineer, the one who can take a sea of raw network and log data and turn it into detection logic that catches the right things at the right time. The work spans tuning SIEM platforms, sharpening IDS/IPS signatures, dissecting packet captures, and translating threat intelligence into rules that hold up under real attack conditions. It is technical, it is detailed, and the payoff is a monitoring environment that genuinely works the way it is supposed to. If you find real satisfaction in fine-tuning detection until the noise disappears and the signal stays sharp, this is where that skill belongs!

Qualifications/Requirements:

  • 5+ years of SOC, detection engineering, and security monitoring
  • Security Certifications such as CISSP, CEH, GSEC, or Security+ preferred
  • Hands-on with IDS/IPS platforms like Cisco Firepower and TippingPoint, including signature tuning and false-positive reduction
  • Strong packet capture and traffic analysis skills using tools like Corelight, NetWitness, and CRIBL to spot anomalies and lateral movement
  • Experience tuning EDR platforms such as CrowdStrike and SentinelOne and feeding that telemetry into SIEM and orchestration workflows
  • Practical experience turning threat intelligence into usable detection logic
  • Strong understanding of MITRE ATT&CK and the ability to build detections aligned with known adversary techniques
  • Ability to build detection content that maps cleanly to known adversary TTPs
  • Experience with intelligence platforms like Recorded Future, GreyNoise, or Mandiant a plus
  • Familiarity with SOAR tools, particularly Cyware, for automated SOC workflows a plus
  • Comfortable serving as an escalation point for other analysts needing network context

Duties/Responsibilities:

  • Build, tune, and maintain SIEM platforms including correlation rules, dashboards, and detection content
  • Configure and refine IDS/IPS technologies, developing signatures and reducing false positives
  • Analyze packet captures to validate alerts and confirm malicious activity
  • Monitor network traffic for anomalies, lateral movement, and command-and-control activity
  • Turn threat intelligence into detection logic, correlation rules, and enrichment workflows
  • Continuously tune detection content to improve accuracy across the monitoring environment
  • Build orchestration playbooks connecting SIEM, EDR, threat intelligence, and ticketing systems
  • Support log onboarding, data normalization, and broader SOC detection engineering
  • Maintain sensors, collectors, and log pipelines that the monitoring environment depends on
  • Partner with incident responders, providing network-level evidence and context
  • Document engineering work, tuning decisions, and platform health assessments

Genius Road, LLC is proud to be a Certified Women's Business Enterprise, an Equal Opportunity Employer and values diversity. All employment is decided on the basis of qualifications, merit and business need.

Government Careers

Government Careers

Government jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.

Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.

Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.

Show more

MORE JOBS