← Back to Jobs
Employee
Administrative
Detect Engineers (Elastic ) and (Cloud) with Security Clearance
BreakPoint LabsCharleston, SC🇺🇸United StatesPosted 13 Jul 2026
Quick Overview
Work Type
On Site
Schedule
Employee
Level
Mid Senior
Job Description
BreakPoint Labs is seeking two Detection Engineers, one with expertise in Elastic, and one who has expertise in Cloud to design, develop, and implement detection mechanisms to identify cyber threats within a Cybersecurity Service Provider (CSSP) environment. The candidate will focus on creating and managing IDS/IPS signatures, log correlation rules, and other detection tools based on indicator lifecycle analysis. The Detection Engineer collaborates with Defensive Cyber Operations (DCO) Watch Analysts and other teams to ensure timely and effective threat detection, adhering to CJCSM 6510.01B reporting requirements and supporting the CSSP’s mission to protect data across a wide spectrum of sources and locations. Responsibilities include: - Develop, implement, and maintain custom, high-fidelity detection rules and logic in the Elastic Security platform specifically targeting adversary TTPs mapped to the MITRE ATT&CK® framework.
- Develop and prioritize risk-based alerting mechanisms to focus detection efforts on high-impact threats, aligning with organizational risk assessments.
- Analyze threat intelligence to create and refine detection mechanisms tailored to the customer’s environment.
- Validate and test detection rules to ensure accuracy, minimize false positive and benign positive matches, and enhance threat identification capabilities.
- Collaborate with DCO Watch Analysts to integrate detection mechanisms into monitoring and incident response workflows.
- Maintain and update detection tools and signatures in response to evolving threats, ensuring compliance with CJCSM 6510.01B and other applicable directives.
- Compile and maintain internal standard operating procedure (SOP) documentation for detection creation and implementation processes.
- Coordinate with reporting agencies and subscriber sites to align detection strategies with operational needs and threat intelligence.
- Participate in program reviews, product evaluations, and onsite certification evaluations to assess detection tool efficacy.
- Overtime may be required to support detection implementation or incident response actions (Surge).
- Up to 10% travel may be required. Required Experience: - 5+ years of experience working in a CSSP, SOC, or similar environment.
- 2+ years of experience with signature development, detection logic creation and optimization on multiple platforms.
- Experience in threat detection engineering, threat hunting, or a related role with hands-on experience using the Elastic Stack, Kibana Query Language (KQL), Event Query Language (EQL), Elasticsearch Query -Language (ES|QL) and/or Elastic Defend.
- Experience with threat intelligence platforms and indicator management.
- Proficient knowledge of detection creation and implementation processes.
- Expertise in IDS/IPS solutions, including signature development and optimization.
- Strong understanding of the indicator lifecycle, including initial discovery, development, operational maturity, and long-term sustainment.
- Effective verbal and written communication skills.
- Ability to solve complex problems independently.
- Preferred certifications: Elastic Certified Analyst; Elastic Certified SIEM Analyst, Elastic Certified Engineer. Certifications Required: DoD 8570 IAT Level II and DoD 8140 CSSP-specific certification. Security Clearance Required: DoD Secret Clearance. Education Required: Bachelor’s Degree Area(s) of Study of relevant discipline and 5 years of experience. OR, at least 8 years of experience working in a CSSP, SOC, or similar.
- Develop and prioritize risk-based alerting mechanisms to focus detection efforts on high-impact threats, aligning with organizational risk assessments.
- Analyze threat intelligence to create and refine detection mechanisms tailored to the customer’s environment.
- Validate and test detection rules to ensure accuracy, minimize false positive and benign positive matches, and enhance threat identification capabilities.
- Collaborate with DCO Watch Analysts to integrate detection mechanisms into monitoring and incident response workflows.
- Maintain and update detection tools and signatures in response to evolving threats, ensuring compliance with CJCSM 6510.01B and other applicable directives.
- Compile and maintain internal standard operating procedure (SOP) documentation for detection creation and implementation processes.
- Coordinate with reporting agencies and subscriber sites to align detection strategies with operational needs and threat intelligence.
- Participate in program reviews, product evaluations, and onsite certification evaluations to assess detection tool efficacy.
- Overtime may be required to support detection implementation or incident response actions (Surge).
- Up to 10% travel may be required. Required Experience: - 5+ years of experience working in a CSSP, SOC, or similar environment.
- 2+ years of experience with signature development, detection logic creation and optimization on multiple platforms.
- Experience in threat detection engineering, threat hunting, or a related role with hands-on experience using the Elastic Stack, Kibana Query Language (KQL), Event Query Language (EQL), Elasticsearch Query -Language (ES|QL) and/or Elastic Defend.
- Experience with threat intelligence platforms and indicator management.
- Proficient knowledge of detection creation and implementation processes.
- Expertise in IDS/IPS solutions, including signature development and optimization.
- Strong understanding of the indicator lifecycle, including initial discovery, development, operational maturity, and long-term sustainment.
- Effective verbal and written communication skills.
- Ability to solve complex problems independently.
- Preferred certifications: Elastic Certified Analyst; Elastic Certified SIEM Analyst, Elastic Certified Engineer. Certifications Required: DoD 8570 IAT Level II and DoD 8140 CSSP-specific certification. Security Clearance Required: DoD Secret Clearance. Education Required: Bachelor’s Degree Area(s) of Study of relevant discipline and 5 years of experience. OR, at least 8 years of experience working in a CSSP, SOC, or similar.
Similar jobs
External Integration Support & Capability Lead with Security Clearance
Parsons · schriever sfb, United States
14 minutes ago$112.2k - $196.4k/yrSystems Architect with Security Clearance
Guidehouse · Rockville, United States
14 minutes ago$130k - $216k/yrInformation Systems Security Officer (ISSO) with Security Clearance
Echelon Services, LLC · Hanahan, United States
14 minutes agoSecurity Operations Center Subject Matter Expert (SOC/SME) - USSOCOM Zero Trust
Kentro · Tampa, United States
46 minutes agoSystems Engineering Manager (Systems Engineering Management) with Security Clearance
Boeing · Tukwila, United States
1 hour ago$158.1k - $246.1k/yrProduct Security Analyst (Mid-Senior) with Security Clearance
Boeing · Seattle, United States
1 hour ago$148.8k - $201.3k/yr