ECS
Senior Security Engineer – Cyber Threat Mitigation Lead
ECS, Washington, District of Columbia, us, 20022
Senior Security Engineer – Cyber Threat Mitigation Lead
Join to apply for the
Senior Security Engineer – Cyber Threat Mitigation Lead
role at
ECS Senior Security Engineer – Cyber Threat Mitigation Lead
1 week ago Be among the first 25 applicants Join to apply for the
Senior Security Engineer – Cyber Threat Mitigation Lead
role at
ECS Job Description
ECS is seeking a This position is contingent upon additional funding.
ECS Federal is a leading information security and information technology company in Washington, DC. We are looking to hire a Senior Security Engineer - Cyber Threat Mitigation Lead to lead a cross functional team (Cyber Threat Intelligence, Hunt, and Analytics) on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance. Job Description
ECS is seeking a
Senior Security Engineer - Cyber Threat Mitigation Lead
to work in our
Washington, DC
office.
Please Note:
This position is contingent upon additional funding.
ECS Federal is a leading information security and information technology company in Washington, DC. We are looking to hire a Senior Security Engineer - Cyber Threat Mitigation Lead to lead a cross functional team (Cyber Threat Intelligence, Hunt, and Analytics) on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.
The successful candidate will be a deeply technical leader with hands-on engineering experience, a clear understanding of attacker behavior, and the ability to convert threat intelligence into actionable detections and countermeasures. This position also owns the quality and clarity of team deliverables, ensuring all intelligence products, detections, and reports effectively communicate their value and impact.
Lead and mentor a cross-functional team of CTI analysts, threat hunters, and detection engineers. Architect detection strategies based on emerging threats, adversary behaviors, and customer risk posture. Drive threat hunting operations to proactively identify undetected malicious activity. Translate threat intelligence reports and TTP analysis into actionable detections, telemetry gaps, and defensive measures. Oversee and ensure the accuracy, clarity, and timeliness of all team deliverables, including: Detection documentation and enrichment logic Threat reports and intelligence summaries Hunt plans and post-hunt analysis Metrics and dashboards demonstrating operational impact Champion technical excellence and documentation standards across the team. Collaborate closely with SOC leadership, incident responders, and engineers to ensure team outputs drive measurable risk reduction. Evaluate detection effectiveness and coverage using data-driven assessments. Knowledge of detection engineering methodologies, including behavioral signature creation, enrichment logic, and telemetry correlation. Familiarity with endpoint detection and response (EDR) telemetry (e.g., SentinelOne, CrowdStrike, Defender for Endpoint) and how adversary activity presents in those platforms. Expertise in SIEM platforms such as Splunk (e.g., SPL query development, data models, correlation searches, macros, lookups, CIM normalization). Proficiency with data transformation and routing technologies such as CRIBL, including pipeline logic and field normalization strategies.
Salary Range: $140,000 - $160,000
Required Skills
General Description of Benefits
Bachelor’s degree or higher 7+ years of experience in cybersecurity, with direct experience in at least two of the following: Cyber Threat Intelligence (CTI) Threat Hunting / Adversary Emulation Detection Engineering / Security Analytics 2+ years of leadership experience with technical teams, including project ownership and report review responsibilities. Proven experience translating complex technical data into consumable products for leadership, engineers, and IR staff. Familiarity with SOC workflows, telemetry pipelines, and threat modeling. Background in writing formal technical reports with a focus on clarity, completeness, and audience relevance. Understanding of log sources across domains, including: Host-based logs (Windows Event Logs, Sysmon, EDR) Network telemetry (firewall, proxy, VPN, DNS, NDR) Cloud logs (Azure AD, AWS CloudTrail, O365 Management Activity) Familiarity with threat hunting techniques including: Hypothesis-driven hunting Behavioral pattern detection Environmental baselining and anomaly detection Knowledge of common persistence mechanisms, lateral movement techniques, and evasion tactics used by threat actors. Understanding of malware execution models (e.g., LOLBins, scripting engines, scheduled tasks, registry autostarts). Ability to map cyber threat intelligence to technical detections, SOC coverage gaps, or architectural weaknesses. Active Top Secret clearance Desired Skills
Ability to understand customer non-technical mission sets and drive technical cyber operations to generate value for stakeholders. Programming or scripting experience (e.g., Python, PowerShell, Bash, or similar) to assist with automation, enrichment, or analytic tooling. Deep technical expertise in areas such as EDR telemetry, log forensics, malware behavior, or threat modeling. Ability to translate complex technical threat intelligence into tangible technical controls, detections, and mitigations that reduce risk to the organization. Familiarity with data routing/normalization platforms (e.g., CRIBL). Experience with purple teaming, emulation frameworks, or detection validation. Security certifications such as GCTI, GCFA, GREM, OSCP, or Splunk Certified Architect.
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law.All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People. Seniority level
Seniority level Mid-Senior level Employment type
Employment type Full-time Job function
Job function Information Technology Industries IT System Data Services Referrals increase your chances of interviewing at ECS by 2x Sign in to set job alerts for “Senior Security Engineer” roles.
Cybersecurity Engineer/Analyst (Junior Level | 1-2 years exp.)
FBI Special Agent: Cybersecurity/IT Expertise
Arlington, VA $99,461.00-$128,329.00 1 week ago Cybersecurity Engineer/Analyst (Junior Level | 1-2 years exp.)- Fairfax County
Washington, DC $110,000.00-$125,000.00 2 weeks ago Information Systems Security Engineer (Hybrid)
Bethesda, MD $90,000.00-$100,000.00 4 hours ago Washington, DC $130,000.00-$170,000.00 1 month ago Sterling, VA $150,000.00-$190,000.00 2 days ago District of Columbia, United States $90,000.00-$145,000.00 8 months ago Cybersecurity Engineer (SOAR) [JOB ID 20250725]
Washington, DC $120.00-$125.00 1 month ago Information Security Analyst (SOC 2 Compliance)
Fairfax, VA $92,400.00-$115,000.00 1 month ago Information Systems Security Engineer (Hybrid)
Fort Meade, MD $120,000.00-$160,000.00 1 week ago Cybersecurity Engineer/Analyst (Intermediate-Level | 3-4 years exp.)
Cybersecurity Engineer (SOAR) [JOB ID 20250725]
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Join to apply for the
Senior Security Engineer – Cyber Threat Mitigation Lead
role at
ECS Senior Security Engineer – Cyber Threat Mitigation Lead
1 week ago Be among the first 25 applicants Join to apply for the
Senior Security Engineer – Cyber Threat Mitigation Lead
role at
ECS Job Description
ECS is seeking a This position is contingent upon additional funding.
ECS Federal is a leading information security and information technology company in Washington, DC. We are looking to hire a Senior Security Engineer - Cyber Threat Mitigation Lead to lead a cross functional team (Cyber Threat Intelligence, Hunt, and Analytics) on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance. Job Description
ECS is seeking a
Senior Security Engineer - Cyber Threat Mitigation Lead
to work in our
Washington, DC
office.
Please Note:
This position is contingent upon additional funding.
ECS Federal is a leading information security and information technology company in Washington, DC. We are looking to hire a Senior Security Engineer - Cyber Threat Mitigation Lead to lead a cross functional team (Cyber Threat Intelligence, Hunt, and Analytics) on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.
The successful candidate will be a deeply technical leader with hands-on engineering experience, a clear understanding of attacker behavior, and the ability to convert threat intelligence into actionable detections and countermeasures. This position also owns the quality and clarity of team deliverables, ensuring all intelligence products, detections, and reports effectively communicate their value and impact.
Lead and mentor a cross-functional team of CTI analysts, threat hunters, and detection engineers. Architect detection strategies based on emerging threats, adversary behaviors, and customer risk posture. Drive threat hunting operations to proactively identify undetected malicious activity. Translate threat intelligence reports and TTP analysis into actionable detections, telemetry gaps, and defensive measures. Oversee and ensure the accuracy, clarity, and timeliness of all team deliverables, including: Detection documentation and enrichment logic Threat reports and intelligence summaries Hunt plans and post-hunt analysis Metrics and dashboards demonstrating operational impact Champion technical excellence and documentation standards across the team. Collaborate closely with SOC leadership, incident responders, and engineers to ensure team outputs drive measurable risk reduction. Evaluate detection effectiveness and coverage using data-driven assessments. Knowledge of detection engineering methodologies, including behavioral signature creation, enrichment logic, and telemetry correlation. Familiarity with endpoint detection and response (EDR) telemetry (e.g., SentinelOne, CrowdStrike, Defender for Endpoint) and how adversary activity presents in those platforms. Expertise in SIEM platforms such as Splunk (e.g., SPL query development, data models, correlation searches, macros, lookups, CIM normalization). Proficiency with data transformation and routing technologies such as CRIBL, including pipeline logic and field normalization strategies.
Salary Range: $140,000 - $160,000
Required Skills
General Description of Benefits
Bachelor’s degree or higher 7+ years of experience in cybersecurity, with direct experience in at least two of the following: Cyber Threat Intelligence (CTI) Threat Hunting / Adversary Emulation Detection Engineering / Security Analytics 2+ years of leadership experience with technical teams, including project ownership and report review responsibilities. Proven experience translating complex technical data into consumable products for leadership, engineers, and IR staff. Familiarity with SOC workflows, telemetry pipelines, and threat modeling. Background in writing formal technical reports with a focus on clarity, completeness, and audience relevance. Understanding of log sources across domains, including: Host-based logs (Windows Event Logs, Sysmon, EDR) Network telemetry (firewall, proxy, VPN, DNS, NDR) Cloud logs (Azure AD, AWS CloudTrail, O365 Management Activity) Familiarity with threat hunting techniques including: Hypothesis-driven hunting Behavioral pattern detection Environmental baselining and anomaly detection Knowledge of common persistence mechanisms, lateral movement techniques, and evasion tactics used by threat actors. Understanding of malware execution models (e.g., LOLBins, scripting engines, scheduled tasks, registry autostarts). Ability to map cyber threat intelligence to technical detections, SOC coverage gaps, or architectural weaknesses. Active Top Secret clearance Desired Skills
Ability to understand customer non-technical mission sets and drive technical cyber operations to generate value for stakeholders. Programming or scripting experience (e.g., Python, PowerShell, Bash, or similar) to assist with automation, enrichment, or analytic tooling. Deep technical expertise in areas such as EDR telemetry, log forensics, malware behavior, or threat modeling. Ability to translate complex technical threat intelligence into tangible technical controls, detections, and mitigations that reduce risk to the organization. Familiarity with data routing/normalization platforms (e.g., CRIBL). Experience with purple teaming, emulation frameworks, or detection validation. Security certifications such as GCTI, GCFA, GREM, OSCP, or Splunk Certified Architect.
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law.All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People. Seniority level
Seniority level Mid-Senior level Employment type
Employment type Full-time Job function
Job function Information Technology Industries IT System Data Services Referrals increase your chances of interviewing at ECS by 2x Sign in to set job alerts for “Senior Security Engineer” roles.
Cybersecurity Engineer/Analyst (Junior Level | 1-2 years exp.)
FBI Special Agent: Cybersecurity/IT Expertise
Arlington, VA $99,461.00-$128,329.00 1 week ago Cybersecurity Engineer/Analyst (Junior Level | 1-2 years exp.)- Fairfax County
Washington, DC $110,000.00-$125,000.00 2 weeks ago Information Systems Security Engineer (Hybrid)
Bethesda, MD $90,000.00-$100,000.00 4 hours ago Washington, DC $130,000.00-$170,000.00 1 month ago Sterling, VA $150,000.00-$190,000.00 2 days ago District of Columbia, United States $90,000.00-$145,000.00 8 months ago Cybersecurity Engineer (SOAR) [JOB ID 20250725]
Washington, DC $120.00-$125.00 1 month ago Information Security Analyst (SOC 2 Compliance)
Fairfax, VA $92,400.00-$115,000.00 1 month ago Information Systems Security Engineer (Hybrid)
Fort Meade, MD $120,000.00-$160,000.00 1 week ago Cybersecurity Engineer/Analyst (Intermediate-Level | 3-4 years exp.)
Cybersecurity Engineer (SOAR) [JOB ID 20250725]
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr