DMV IT Service
Job Title:
Cyber Detection & Automation Engineer Location:
Seattle, WA Employment Type:
Contract About Us: DMV IT Service LLC is a trusted IT consulting firm, established in 2020. We specialize in optimizing IT infrastructure, providing expert guidance, and supporting workforce needs with top-tier staffing services. Our expertise spans system administration, cybersecurity, networking, and IT operations. We empower our clients to achieve their technology goals with a client-focused approach that includes online training and job placements, fostering long-term IT success. Job Purpose: The
Cyber Detection & Automation Engineer
will design, build, and maintain advanced detection logic and automation workflows across various security platforms. This role works closely with SOC analysts, threat intelligence teams, and incident responders to enhance threat detection, streamline security operations, and improve overall response capabilities. Requirements Key Responsibilities
Develop and automate high-precision detection rules across
SIEM ,
EDR , and cloud telemetry sources (e.g., Sentinel, Defender, AWS). Continuously monitor and optimize detection alerts to minimize false positives and enhance accuracy. Validate and test detection mechanisms to ensure ongoing reliability and effectiveness. Document detection methods, engineering processes, and knowledge transfer materials. Conduct detection coverage assessments and improve resilience and accuracy through gap analysis. Create security automation workflows using
SOAR platforms , particularly
Microsoft Sentinel
and
Logic Apps . Build custom integrations between security platforms, including SIEM, EDR, threat intelligence feeds, and ticketing systems. Automate repetitive SOC tasks like alert triage, IOC lookups, and ticket creation. Develop dashboards and utilities that provide insights into SOC metrics and operational performance. Collaborate with SOC analysts and threat intelligence teams to stay ahead of emerging threats using the
MITRE ATT&CK
framework. Maintain and update playbooks, runbooks, and documentation related to detection strategies and attacker behaviors. Prepare reports on detection performance, automation activities, and recommended improvements for leadership. Required Skills & Experience
Bachelor’s degree in cybersecurity, computer science, IT, or related discipline. 5+ years of experience in cybersecurity , with at least
3 years focused on detection and automation engineering . Proficient in writing detection logic using
KQL, SPL , or similar query languages. Skilled in scripting with
Bash, PowerShell, Python, or JavaScript . Hands-on experience developing automation with
SOAR platforms , particularly
Microsoft Sentinel/Logic Apps . Strong understanding of
SOC operations , incident response workflows, and threat detection strategies. Experience working with
RESTful APIs
and integrating third-party security tools. Background in cloud environments, preferably
AWS
and
Azure . In-depth knowledge of the
MITRE ATT&CK framework
and threat modeling. Practical understanding of attacker TTPs and detection methodologies. Familiarity with
version control (Git) ,
CI/CD pipelines , and
infrastructure as code . Ability to process and analyze large datasets to detect patterns and threats. Effective communication skills for diverse technical audiences. Collaborative mindset with the ability to work across multiple teams in a fast-paced environment. Preferred Certifications
Microsoft SC-200 ,
Azure Security Engineer Associate AWS Certified Security – Specialty GIAC (GCIA, GCTI, GDAT) CISSP ,
CISM
Cyber Detection & Automation Engineer Location:
Seattle, WA Employment Type:
Contract About Us: DMV IT Service LLC is a trusted IT consulting firm, established in 2020. We specialize in optimizing IT infrastructure, providing expert guidance, and supporting workforce needs with top-tier staffing services. Our expertise spans system administration, cybersecurity, networking, and IT operations. We empower our clients to achieve their technology goals with a client-focused approach that includes online training and job placements, fostering long-term IT success. Job Purpose: The
Cyber Detection & Automation Engineer
will design, build, and maintain advanced detection logic and automation workflows across various security platforms. This role works closely with SOC analysts, threat intelligence teams, and incident responders to enhance threat detection, streamline security operations, and improve overall response capabilities. Requirements Key Responsibilities
Develop and automate high-precision detection rules across
SIEM ,
EDR , and cloud telemetry sources (e.g., Sentinel, Defender, AWS). Continuously monitor and optimize detection alerts to minimize false positives and enhance accuracy. Validate and test detection mechanisms to ensure ongoing reliability and effectiveness. Document detection methods, engineering processes, and knowledge transfer materials. Conduct detection coverage assessments and improve resilience and accuracy through gap analysis. Create security automation workflows using
SOAR platforms , particularly
Microsoft Sentinel
and
Logic Apps . Build custom integrations between security platforms, including SIEM, EDR, threat intelligence feeds, and ticketing systems. Automate repetitive SOC tasks like alert triage, IOC lookups, and ticket creation. Develop dashboards and utilities that provide insights into SOC metrics and operational performance. Collaborate with SOC analysts and threat intelligence teams to stay ahead of emerging threats using the
MITRE ATT&CK
framework. Maintain and update playbooks, runbooks, and documentation related to detection strategies and attacker behaviors. Prepare reports on detection performance, automation activities, and recommended improvements for leadership. Required Skills & Experience
Bachelor’s degree in cybersecurity, computer science, IT, or related discipline. 5+ years of experience in cybersecurity , with at least
3 years focused on detection and automation engineering . Proficient in writing detection logic using
KQL, SPL , or similar query languages. Skilled in scripting with
Bash, PowerShell, Python, or JavaScript . Hands-on experience developing automation with
SOAR platforms , particularly
Microsoft Sentinel/Logic Apps . Strong understanding of
SOC operations , incident response workflows, and threat detection strategies. Experience working with
RESTful APIs
and integrating third-party security tools. Background in cloud environments, preferably
AWS
and
Azure . In-depth knowledge of the
MITRE ATT&CK framework
and threat modeling. Practical understanding of attacker TTPs and detection methodologies. Familiarity with
version control (Git) ,
CI/CD pipelines , and
infrastructure as code . Ability to process and analyze large datasets to detect patterns and threats. Effective communication skills for diverse technical audiences. Collaborative mindset with the ability to work across multiple teams in a fast-paced environment. Preferred Certifications
Microsoft SC-200 ,
Azure Security Engineer Associate AWS Certified Security – Specialty GIAC (GCIA, GCTI, GDAT) CISSP ,
CISM