Posted today
Secret
Senior Level Career (10+ yrs experience)
Unspecified
Security
Beltsville, MD (On/Off-Site)
Security & Development Developer
Federal Strategic Cyber Group
Organization: ICS
Locations: Rosslyn, VA (primary) | Beltsville, MD (secondary)
Schedule: Monday–Friday | 8:00 AM – 4:00 PM
Position Overview
ICS is seeking an experienced Security & Development Developer to support our Federal Strategic Cyber Group, delivering advanced detection engineering, automation, and security operations capabilities. This role is ideal for a highly technical developer who excels at building and tuning cyber detections, automating response workflows, and strengthening SOC operations against sophisticated adversaries.
You will operate at the intersection of security engineering, detection development, and incident response, directly enhancing enterprise cyber monitoring, analysis, and response capabilities across SIEM, SOAR, and detection platforms.
Key Responsibilities
Design, develop, and implement advanced custom cybersecurity alerts and detections.
Develop, configure, tune, and maintain cybersecurity tools, alerts, and response mechanisms.
Integrate security alerts and workflows into SIEM and SOAR platforms.
Automate and optimize security alert workflows to improve incident response speed, accuracy, and efficiency.
Analyze enterprise systems and environments to determine optimal logging and alerting strategies in a continuously evolving threat landscape.
Provide deep technical expertise across Splunk, Python, JavaScript, PowerShell, and related languages.
Support Security Operations Center (SOC) functions through detection engineering and security development.
Collaborate across engineering, operations, and threat intelligence teams to strengthen defenses against advanced cyber adversaries.
Implement and enhance monitoring, analysis, and response capabilities within SIEM, SOAR, and detection platforms.
Develop, tune, and maintain threat detections and advanced analytic logic.
Onboard and integrate new cyber monitoring tools from an analyst-centric perspective.
Coordinate with platform engineers to build, integrate, and sustain security infrastructure.
Partner with cyber threat experts to implement emerging signatures and detection logic.
Create and maintain security dashboards, alerts, and operational reports.
Write and maintain Zeek (Bro), Suricata, and Snort signatures.
Maintain Python- and JavaScript-based automation and detection capabilities across security tooling.
Required Qualifications
Education & Experience
Bachelor’s degree with 9+ years of relevant experience, or
Master’s degree with 7+ years, or
PhD with 4+ years, or
4 additional years of experience may be substituted in lieu of degree.
Certifications
Candidates must possess one of the following certifications or obtain prior to start date (continued certification required):
CASP+ CE
CCNA CyberOps, CCNA-Security, CCNP Security
CEH, CFR, CISA
CISSP (or Associate)
Cloud+, CySA+
GCED, GCIA, GCIH, GICSP
SCYBER
VCA DCV, PPDA
Agile IC, SNOW App Dev
Clearance & Citizenship
U.S. citizenship required
Active Secret security clearance required
Ability to obtain a Top Secret clearance
Preferred Qualifications
Strong understanding of the MITRE ATT&CK Framework.
Strong working knowledge of Splunk Enterprise Security.
Solid understanding of Cybersecurity Incident Response processes and lifecycle.
Experience with cloud-based security development, particularly Microsoft Azure and Microsoft Defender for Endpoint (MDE).
Familiarity with Machine Learning, User and Entity Behavior Analytics (UEBA), and advanced analytic techniques.
Why Join ICS
At ICS, you’ll help engineer the detection and response capabilities that defend mission-critical federal systems. This role offers hands-on influence over how cyber threats are detected, analyzed, and neutralized—combining development, automation, and operational security in a high-impact national security environment.
Federal Strategic Cyber Group
Organization: ICS
Locations: Rosslyn, VA (primary) | Beltsville, MD (secondary)
Schedule: Monday–Friday | 8:00 AM – 4:00 PM
Position Overview
ICS is seeking an experienced Security & Development Developer to support our Federal Strategic Cyber Group, delivering advanced detection engineering, automation, and security operations capabilities. This role is ideal for a highly technical developer who excels at building and tuning cyber detections, automating response workflows, and strengthening SOC operations against sophisticated adversaries.
You will operate at the intersection of security engineering, detection development, and incident response, directly enhancing enterprise cyber monitoring, analysis, and response capabilities across SIEM, SOAR, and detection platforms.
Key Responsibilities
Design, develop, and implement advanced custom cybersecurity alerts and detections.
Develop, configure, tune, and maintain cybersecurity tools, alerts, and response mechanisms.
Integrate security alerts and workflows into SIEM and SOAR platforms.
Automate and optimize security alert workflows to improve incident response speed, accuracy, and efficiency.
Analyze enterprise systems and environments to determine optimal logging and alerting strategies in a continuously evolving threat landscape.
Provide deep technical expertise across Splunk, Python, JavaScript, PowerShell, and related languages.
Support Security Operations Center (SOC) functions through detection engineering and security development.
Collaborate across engineering, operations, and threat intelligence teams to strengthen defenses against advanced cyber adversaries.
Implement and enhance monitoring, analysis, and response capabilities within SIEM, SOAR, and detection platforms.
Develop, tune, and maintain threat detections and advanced analytic logic.
Onboard and integrate new cyber monitoring tools from an analyst-centric perspective.
Coordinate with platform engineers to build, integrate, and sustain security infrastructure.
Partner with cyber threat experts to implement emerging signatures and detection logic.
Create and maintain security dashboards, alerts, and operational reports.
Write and maintain Zeek (Bro), Suricata, and Snort signatures.
Maintain Python- and JavaScript-based automation and detection capabilities across security tooling.
Required Qualifications
Education & Experience
Bachelor’s degree with 9+ years of relevant experience, or
Master’s degree with 7+ years, or
PhD with 4+ years, or
4 additional years of experience may be substituted in lieu of degree.
Certifications
Candidates must possess one of the following certifications or obtain prior to start date (continued certification required):
CASP+ CE
CCNA CyberOps, CCNA-Security, CCNP Security
CEH, CFR, CISA
CISSP (or Associate)
Cloud+, CySA+
GCED, GCIA, GCIH, GICSP
SCYBER
VCA DCV, PPDA
Agile IC, SNOW App Dev
Clearance & Citizenship
U.S. citizenship required
Active Secret security clearance required
Ability to obtain a Top Secret clearance
Preferred Qualifications
Strong understanding of the MITRE ATT&CK Framework.
Strong working knowledge of Splunk Enterprise Security.
Solid understanding of Cybersecurity Incident Response processes and lifecycle.
Experience with cloud-based security development, particularly Microsoft Azure and Microsoft Defender for Endpoint (MDE).
Familiarity with Machine Learning, User and Entity Behavior Analytics (UEBA), and advanced analytic techniques.
Why Join ICS
At ICS, you’ll help engineer the detection and response capabilities that defend mission-critical federal systems. This role offers hands-on influence over how cyber threats are detected, analyzed, and neutralized—combining development, automation, and operational security in a high-impact national security environment.
group id: 10176392
