Cyber Detection & Automation Engineer

Job Title: Cyber Detection & Automation Engineer

 Location: Seattle, WA

 Employment Type: Contract

About Us:

 DMV IT Service LLC is a trusted IT consulting firm, established in 2020. We specialize in optimizing IT infrastructure, providing expert guidance, and supporting workforce needs with top-tier staffing services. Our expertise spans system administration, cybersecurity, networking, and IT operations. We empower our clients to achieve their technology goals with a client-focused approach that includes online training and job placements, fostering long-term IT success.

Job Purpose:

The Cyber Detection & Automation Engineer will design, build, and maintain advanced detection logic and automation workflows across various security platforms. This role works closely with SOC analysts, threat intelligence teams, and incident responders to enhance threat detection, streamline security operations, and improve overall response capabilities.

Requirements

Key Responsibilities

• Develop and automate high-precision detection rules across SIEM, EDR, and cloud telemetry sources (e.g., Sentinel, Defender, AWS).
• Continuously monitor and optimize detection alerts to minimize false positives and enhance accuracy.
• Validate and test detection mechanisms to ensure ongoing reliability and effectiveness.
• Document detection methods, engineering processes, and knowledge transfer materials.
• Conduct detection coverage assessments and improve resilience and accuracy through gap analysis.
• Create security automation workflows using SOAR platforms, particularly Microsoft Sentinel and Logic Apps.
• Build custom integrations between security platforms, including SIEM, EDR, threat intelligence feeds, and ticketing systems.
• Automate repetitive SOC tasks like alert triage, IOC lookups, and ticket creation.
• Develop dashboards and utilities that provide insights into SOC metrics and operational performance.
• Collaborate with SOC analysts and threat intelligence teams to stay ahead of emerging threats using the MITRE ATT&CK framework.
• Maintain and update playbooks, runbooks, and documentation related to detection strategies and attacker behaviors.
• Prepare reports on detection performance, automation activities, and recommended improvements for leadership.

Required Skills & Experience

• Bachelor’s degree in cybersecurity, computer science, IT, or related discipline.
• 5+ years of experience in cybersecurity, with at least 3 years focused on detection and automation engineering.
• Proficient in writing detection logic using KQL, SPL, or similar query languages.
• Skilled in scripting with Bash, PowerShell, Python, or JavaScript.
• Hands-on experience developing automation with SOAR platforms, particularly Microsoft Sentinel/Logic Apps.
• Strong understanding of SOC operations, incident response workflows, and threat detection strategies.
• Experience working with RESTful APIs and integrating third-party security tools.
• Background in cloud environments, preferably AWS and Azure.
• In-depth knowledge of the MITRE ATT&CK framework and threat modeling.
• Practical understanding of attacker TTPs and detection methodologies.
• Familiarity with version control (Git), CI/CD pipelines, and infrastructure as code.
• Ability to process and analyze large datasets to detect patterns and threats.
• Effective communication skills for diverse technical audiences.
• Collaborative mindset with the ability to work across multiple teams in a fast-paced environment.

Preferred Certifications

• Microsoft SC-200, Azure Security Engineer Associate
• AWS Certified Security – Specialty
• GIAC (GCIA, GCTI, GDAT)
• CISSP, CISM