Senior Cybersecurity Engineer (SME)

Peraton is seeking a Senior Cybersecurity Engineer (SME) to support a federal customer's Virtual Security Operations Center (vSOC).

Location: Washington, DC

This individual will serve as the technical lead for SIEM operations, detection engineering, and advanced security analytics, leveraging Microsoft Sentinel and the Microsoft Defender security stack.

The ideal candidate is a hands-on technical expert who can operate at both the engineering and operational levels, ensuring comprehensive monitoring, high-fidelity detection, and actionable intelligence across enterprise environments.

This role directly supports mission-critical cybersecurity operations protecting sensitive federal data (CUI/PII/PHI/FTI) and aligns to Zero Trust and NIST-based security frameworks.

What You'll Do

Lead Microsoft Sentinel Operations

Serve as the primary SME for Microsoft Sentinel, the enterprise SIEM platform
• Design, implement, and optimize analytics rules, correlation logic, and data models
• Develop advanced KQL queries, workbooks, and dashboards to support SOC operations and reporting
• Ensure all monitoring and analytics align to the Microsoft Sentinel data model

Drive Detection Engineering & Threat Analytics

• Lead development and continuous tuning of MITRE ATT&CK-aligned detection use cases
• Implement cross-domain correlation logic spanning identity, endpoint, network, and cloud telemetry
• Perform and guide proactive threat hunting activities
• Continuously improve detection capabilities based on:
• Threat intelligence
• Incident response findings
• Red team and assessment results

Integrate and Optimize Microsoft Security Stack

• Leverage and optimize:
• Microsoft Defender for Endpoint (MDE) for endpoint visibility
• Microsoft Defender for Identity (MDI) for Active Directory and identity monitoring
• Ensure all Defender telemetry is:
• Properly ingested into Sentinel
• Actively monitored and correlated
• Optimized for detection and response

Engineer Multi-Source Log Ingestion & Normalization

• Lead ingestion and integration of non-Microsoft data sources, including:
• AWS CloudTrail and VPC Flow Logs
• Proofpoint email security logs
• Veeam backup logs
• Checkpoint and Cisco network/security logs
• iBoss proxy logs
• VPN and remote access logs
• Ensure all telemetry is:
• Normalized to Sentinel schema
• Aligned for cross-plane correlation
• Optimized for detection engineering and threat hunting

Ensure Data Integrity & Pipeline Health

• Oversee ingestion pipelines to ensure:
• Log integrity and completeness
• Accurate timestamping and synchronization
• Proper schema mapping and field normalization
• Monitor ingestion health to identify:
• Dropped or malformed logs
• Latency or ingestion failures
• Configure and manage log routing tools (e.g., Cribl), ensuring:
• No data loss
• Preservation of original log fidelity

Enable Cross-Plane Security Visibility

• Implement and maintain end-to-end visibility across:
• Identity
• Endpoint
• Network
• Cloud
• Develop correlation strategies that:
• Map to MITRE ATT&CK techniques
• Support advanced threat detection
• Enable full attack path analysis

Deliver Operational Reporting & Dashboards

• Build and maintain real-time dashboards and automated reporting within Sentinel
• Provide visibility into:
• Detection performance (MTTD/MTTR)
• Log ingestion health
• Threat trends and risk posture
• Support delivery of:
• Operational SOC reporting
• Executive-level insights
• Compliance and audit artifacts

Mentor and Lead Technical Teams

• Serve as a technical escalation point and mentor for SOC analysts (Tier I-III)
• Provide guidance on:
• Detection strategy
• Log onboarding
• Security architecture improvements
• Collaborate with:
• Incident Response teams
• Cloud and infrastructure teams
• Government stakeholders

Required:

Education & Experience:

• Bachelors degree and a minimum of 8 years of relevant experience. An additional 4 years of experience in lieu of degree.
• Minimum of 8 years of cybersecurity experience, including:
  • 5+ years in SOC, SIEM, or detection engineering roles
  • 3+ years of hands-on experience with Microsoft Sentinel
• Technical Skills
  • Deep expertise in:
    • Microsoft Sentinel (analytics, KQL, data models)
    • Microsoft Defender for Endpoint (MDE)
    • Microsoft Defender for Identity (MDI)
  • Strong experience with:
    • Log ingestion, normalization, and schema mapping
    • Multi-source telemetry integration (cloud, network, endpoint)
    • AWS logging (CloudTrail, VPC Flow Logs)
  • Knowledge of:
    • MITRE ATT&CK framework
    • SIEM/XDR integration
    • Log routing tools (e.g., Cribl, Logstash, Fluentd)
• U.S citizenship required
• Ability to obtain Top Secret Clearance

Preferred:

• Relevant certifications:
• CISSP, GCIA, GCIH, CEH, or equivalent
• Microsoft Security certifications (Sentinel, Defender)
• AWS Security certifications
• Privacy certifications (e.g., CIPP/US, CIPM) where applicable
• Experience supporting:
• Federal civilian agencies
• NIST-based frameworks (800-53, 800-61, 800-92)
• Zero Trust architectures

What Sets You Apart

• Ability to operate as both a hands-on engineer and strategic technical leader
• Experience building detection capabilities from the ground up
• Strong understanding of identity-centric security and Zero Trust principles
• Proven ability to optimize security operations for efficiency and cost

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.