Cybersecurity Threat Detection & Incident Response Engineer

<b>Description</b><br><p>Dragonfli Group is a cybersecurity and IT consulting firm based out of Washington, DC that provides consulting services to both government and Fortune 500 clients. Our work spans high-impact national security programs, enterprise-scale IT modernization, and mission-critical cybersecurity operations.</p><p><br></p><p>We are seeking a Cybersecurity Threat Detection &amp; Incident Response Engineer to take a leading role in safeguarding critical systems against advanced cyber threats. This position offers the opportunity to work at the forefront of cyber defense—leveraging AI/ML-enabled automation, SOAR orchestration, and proactive threat hunting to detect, analyze, and neutralize sophisticated attacks before they impact operations.</p><p><br></p><p>As the senior technical authority in this domain, you will conduct complex triage, guide investigations, and design cutting-edge detection capabilities, while influencing policy and best practices across the organization. You will be working in a fully remote capacity, but preference will be given to candidates located in Northern Virginia or the Washington, DC corridor who can collaborate in person when required.</p><p><br></p><p>This role is suited for professionals who thrive in fast-paced, high-responsibility environments, and who are committed to applying their expertise to defend critical systems and networks.</p><p><br></p><p>Work Environment: Remote (Preference: Northern Virginia / DC corridor)</p><p>Clearance: May require ability to obtain Public Trust clearance</p><p>Experience Required: 7+ years in security operations, threat hunting, and incident response</p><p>Citizenship Requirement: U.S. citizens or lawful permanent residents only</p><p>AI Policy: Candidates must be able to prove technical proficiency independently and without the use of AI tools during assessments or interviews</p><p><br></p><p><strong>Responsibilities:</strong></p><ul><li>Responsible for performing triage on all security escalations and detections to determine scope, severity, and root cause.</li><li>Monitor cyber security events, detecting incidents, and investigating incidents.</li><li>Identify, recommend strategies, develop, and implement automation use cases leveraging AI/ML capabilities.</li><li>Support deploying, configuring, testing, and maintaining Security Orchestration, Automation, and Response (SOAR) platform, and tools integrated with AI/ML capabilities to enhance threat detection, analysis and response.</li><li>Provide support to contract Program Manager, as necessary.</li><li>Effectively communicates technical information to non-technical audiences.</li><li>Influence others to comply with policies and conform to standards and best practices.</li></ul><br> <b>Requirements</b><br><ul><li>7+ years of experience with security operations, threat hunting, and incident response</li><li>Experience in analyzing alerts from Cloud, SIEM, EDR, and XDR tools, and alerts tuning process with preference on SentinelOne, Armis, and Splunk.</li><li>Experience in configuring network devices and analyzing network traffic</li><li>Experience with Artificial Intelligence and Machine Learning (AI/ML) based security tools.</li><li>Experience in researching, developing, and implementing SOAR use cases.</li><li>Familiar with Security Orchestration, Automation, and Response (SOAR) platform</li><li>Familiarity with cybersecurity operation center functions.</li><li>Experience configuring and re-configuring security tools, including SenintelOne and Splunk.</li><li>Experience implementing Security frameworks, such as MITRE ATT&amp;CK and NIST, and can interpret use cases into actionable monitoring solutions.</li><li>MUST have one or more of the following Certification(s): CISSP, CISA, CISM, GIAC, RHCE.</li></ul><p><br></p><br> <b>Skill(s)</b><br><ul><li>Develop, test and Implement dynamic Risk-Based Alerting (RBA)</li><li>Identifying and developing RBA and identifying use cases for SOAR and AI/ML.</li><li>Monitor and analyze alerts from various sources such as IDS/IPS, Splunk, Tanium, MS Defender, SentinelOne and Cloud security tools leveraging SOAR and AI/ML capabilities, and provide recommendations for further tuning of these alerts when necessary.</li><li>Analyze network traffic utilizing available tools and provide recommendations</li><li>Perform vulnerability assessments of recently discovered CVEs against USPS systems and network.</li><li>Assist in the process of configuring or re-configuring the security tools.</li><li>Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.</li><li>Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.</li><li>Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.</li></ul><p><br></p><br> <b>Benefits</b><br><ul><li>Health, dental, and vision insurance</li><li>PTO and 11 Federal Holidays</li><li>401(k) employer match</li></ul><br> <b>Travel</b><br>None<br>