Cyber Detection Engineer (CI Polygraph)

Zachary Piper Solutions is seeking a Senior Cyber Detection Engineer (SIEM) to support a classified Intelligence program in Springfield, VA. The team is seeking a security engineer to create and deploy threat-based signatures for operational intrusion detection capabilities for the Cybersecurity Operations Center (CSOC).

Clearance: Active TS/SCI CI Polygraph Clearance

Location: Springfield, VA/Chantilly, VA (100% on-site)

This job opens for applications on 6/3/2026. Applications for this job will be accepted for at least 30 days from the posting date

Responsibilities of the Cyber Detection Engineer:

• Support Cyber Operations Squadron (COS) efforts by ensuring timely publication of updated cybersecurity tool signatures, including antivirus and host-based security systems.
• Conduct in-depth threat analysis, including reverse engineering of malware, to uncover critical details such as origin, target, impacted systems, recommended mitigations, and mission risk.
• Develop custom content for Security Information and Event Management (SIEM) tools and create tailored IDS/IPS signatures to counter specific threats.
• Correlate security events and incidents using data from diverse enterprise sources to identify patterns and potential threats.
• Assess the impact of cyber incidents on data and infrastructure, providing detailed evaluations of damage and recovery needs.
• Perform trend analysis and reporting on cyber incidents to identify recurring threats and inform proactive defense strategies.
• Analyze network traffic and system data to detect anomalies and potential security threats.
• Deliver real-time detection, identification, and reporting of cyber intrusions, suspicious activities, and policy violations.
• Create and implement detection rules
  
  

Qualifications of the Cyber Detection Engineer:

• Active TS/SCI CI Polygraph required in order to be considered
• Bachelor’s degree from an accredited college in a related discipline and 5 years of prior relevant experience
• IAT Level II (GSEC, Security , SSCP, or CCNA-Security) certification required
• Proficient in modern operating systems, including Windows, UNIX, network OS environments, databases, and virtualized computing platforms.
• Experienced with enterprise-grade security tools, such as Security Information and Event Management (SIEM) systems specifically Splunk, Threat Intelligence Platforms (TIPs), and network monitoring solutions.
• Skilled in developing, modifying, and fine-tuning detection mechanisms, including IDS signatures and SIEM correlation rules.
• Knowledgeable in implementing cybersecurity countermeasures and mitigation strategies to reduce risk and enhance system resilience.
  
  

Compensation of the Cyber Detection Engineer:

• Total compensation based on experience level - $135,000-$150,000 **based on experience level**
• Full Benefits: PTO, 11 Paid Holidays, Cigna Medical, Dental, and Vision, 401k with ADP
• Certification reimbursement
• Contract mobility and job stability – Contract through 2026
  
  

Keywords: Cybersecurity, threat detection, incident response, Splunk, SIEM, log analysis, security operations, data correlation, Splunk, Wireshark, PCAP, alerting, dashboarding, TS/SCI, Polygraph, intelligence, DoD, top secret/sci, hiring, opentowork, springfield, Chantilly, onsite, MS Defender, red team, blue team, ethical hacker, CEH, Sec , CASP , SecurityX, alert tuning, dashboard creation, search queries, SPL (Search Processing Language), anomaly detection, network security, endpoint monitoring, MITRE ATT&CK, threat intelligence, security event monitoring, intrusion detection, vulnerability assessment, risk analysis, automation, SOAR, Python, regex, Linux, Windows event logs, cloud security, AWS, Azure, compliance, NIST, SOC, firewall logs, packet capture, forensics, log ingestion, data normalization, real-time monitoring, security alerts, incident triage, rule development, threat hunting, security policies, access controls, user behavior analytics, machine learning, KQL, Elastic Stack, syslog, TCP/IP, DNS, HTTP, SSL/TLS.