Cybersecurity Engineer
Arlington, Texas, United States of America
Full Time
2 weeks ago
No Visa Sponsorship
Key skills
CloudCyber SecurityDACLinuxPythonTCP/IPUnixPowerShellAILarge Language ModelsAnalyticsActive DirectoryAgileCI/CDCommunicationNetwork SecurityCloud Security
About this role
Role Overview
- Designs, tunes, and maintains high‑fidelity cybersecurity detections across the incident response lifecycle, ensuring alerts are accurate, actionable, and aligned to investigation and response workflows.
- Leverages advanced analytics and AI‑assisted techniques to reduce noise, accelerate investigations, and improve detection quality at scale.
- Develop and maintain detection rules at source and within a SIEM to identify anomalous behaviors, suspicious activity, and emerging threats across on-prem and cloud environments
- Manage, filter, and correlate high-volume telemetry from multiple sources to produce actionable insights
- Align detection engineering efforts with CSIRT operational goals, ensuring seamless integration with incident response workflows and Detection as Code (DaC) Pipelines
- Continuously improve alert fidelity by tuning detection logic and reducing false positives
- Perform threat hunting and detection gap analysis to proactively identify coverage gaps and strengthen detection capabilities
- Investigate security incidents from detection to resolution, engaging in any containment, eradication and recovery actions as needed
- Conduct purple teaming exercises and analyze resulting log activity to validate detection coverage and identify gaps
- Collaborate with our threat intelligence team to incorporate emerging indicators and TTPs into detection strategies
- Document detection logic, tuning, playbooks and validation results for transparency, auditability, and knowledge sharing
- Stay current with evolving attack techniques and security technologies to adapt detection strategies accordingly
- Participate in an on‑call rotation as needed to support timely response to security incidents outside of standard business hours
Requirements
- Strong technical skills and hands on experience in Cybersecurity Defensive Operations as it relates to alert triage, on-going monitoring, detection, investigation, and incident response activities
- Understanding of Cybersecurity concepts such as SIEM analytics, Endpoint security, Network security, Cloud security, Data Loss Prevention/Data Privacy, and Web/Email security
- Practical understanding of the NIST Incident Response Life Cycle and the MITRE ATT&CK Framework
- Demonstrate familiarity with AI and large language models (LLMs) and their application in cybersecurity, including how they can support threat detection, analysis, and decision‑making
- Strong knowledge of the OSI model and security that is associated with each layer
- Strong knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux/Mac, web/email traffic fundamentals, and using a command line interface (CLI)
- Practical understanding of cloud providers, technologies, and concepts
- Understanding of Agile, CI/CD, and DevOps environments
- Experience with scripting languages such as Python or PowerShell
- Demonstrated ability to communicate across multiple levels of stakeholders
- Ability to document and summarize technical evidence and findings
- Good interpersonal, verbal, and written communication skills across various mediums
- Detail oriented with good time and analytical skills
- Ability to exercise prudent judgment and offer knowledgeable recommendations
- Ability to work both independently and in a team environment
- Ability to manage multiple projects, tasks, and investigations
- Ability to work in sensitive situations
- Be a reputable representative of the department
- Attention to detail and ability to formulate decisions based on evidence gathering
- High School Diploma or equivalent required
- Bachelor’s Degree in related field or equivalent work experience strongly preferred
- 1-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
- 1-5 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred
- One or more security related certifications, such as CISSP, CCNP-Security, GIAC, CEH, or CPTS highly preferred
Tech Stack
- Cloud
- Cyber Security
- DAC
- Linux
- Python
- TCP/IP
- Unix
Benefits
- Generous benefits package available on day one to include: 401K matching
- bonding leave for new parents (12 weeks, 100% paid)
- tuition assistance
- training
- GM employee auto discount
- community service pay
- nine company holidays.