Senior Cybersecurity Engineer (SME)

Peraton is seeking a Senior Cybersecurity Engineer (SME) to support a federal customer’s Virtual Security Operations Center (vSOC).

Location: Washington, DC

This individual will serve as the technical lead for SIEM operations, detection engineering, and advanced security analytics, leveraging Microsoft Sentinel and the Microsoft Defender security stack.

The ideal candidate is a hands-on technical expert who can operate at both the engineering and operational levels, ensuring comprehensive monitoring, high-fidelity detection, and actionable intelligence across enterprise environments.

This role directly supports mission-critical cybersecurity operations protecting sensitive federal data (CUI/PII/PHI/FTI) and aligns to Zero Trust and NIST-based security frameworks.

What You’ll Do

Lead Microsoft Sentinel Operations

• Serve as the primary SME for Microsoft Sentinel, the enterprise SIEM platform
• Design, implement, and optimize analytics rules, correlation logic, and data models
• Develop advanced KQL queries, workbooks, and dashboards to support SOC operations and reporting
• Ensure all monitoring and analytics align to the Microsoft Sentinel data model

Drive Detection Engineering & Threat Analytics

• Lead development and continuous tuning of MITRE ATT&CK-aligned detection use cases
• Implement cross-domain correlation logic spanning identity, endpoint, network, and cloud telemetry
• Perform and guide proactive threat hunting activities
• Continuously improve detection capabilities based on:
• Threat intelligence
• Incident response findings
• Red team and assessment results

Integrate and Optimize Microsoft Security Stack

• Leverage and optimize:
• Microsoft Defender for Endpoint (MDE) for endpoint visibility
• Microsoft Defender for Identity (MDI) for Active Directory and identity monitoring
• Ensure all Defender telemetry is:
• Properly ingested into Sentinel
• Actively monitored and correlated
• Optimized for detection and response

Engineer Multi-Source Log Ingestion & Normalization

• Lead ingestion and integration of non-Microsoft data sources, including:
• AWS CloudTrail and VPC Flow Logs
• Proofpoint email security logs
• Veeam backup logs
• Checkpoint and Cisco network/security logs
• iBoss proxy logs
• VPN and remote access logs
• Ensure all telemetry is:
• Normalized to Sentinel schema
• Aligned for cross-plane correlation
• Optimized for detection engineering and threat hunting

Ensure Data Integrity & Pipeline Health

• Oversee ingestion pipelines to ensure:
• Log integrity and completeness
• Accurate timestamping and synchronization
• Proper schema mapping and field normalization
• Monitor ingestion health to identify:
• Dropped or malformed logs
• Latency or ingestion failures
• Configure and manage log routing tools (e.g., Cribl), ensuring:
• No data loss
• Preservation of original log fidelity

Enable Cross-Plane Security Visibility

• Implement and maintain end-to-end visibility across:
• Identity
• Endpoint
• Network
• Cloud
• Develop correlation strategies that:
• Map to MITRE ATT&CK techniques
• Support advanced threat detection
• Enable full attack path analysis

Deliver Operational Reporting & Dashboards

• Build and maintain real-time dashboards and automated reporting within Sentinel
• Provide visibility into:
• Detection performance (MTTD/MTTR)
• Log ingestion health
• Threat trends and risk posture
• Support delivery of:
• Operational SOC reporting
• Executive-level insights
• Compliance and audit artifacts

Mentor and Lead Technical Teams

• Serve as a technical escalation point and mentor for SOC analysts (Tier I–III)
• Provide guidance on:
• Detection strategy
• Log onboarding
• Security architecture improvements
• Collaborate with:
• Incident Response teams
• Cloud and infrastructure teams
• Government stakeholders

Required:

Education & Experience:

• Bachelors degree and a minimum of 8 years of relevant experience. An additional 4 years of experience in lieu of degree. 
• Minimum of 8 years of cybersecurity experience, including:
  • 5+ years in SOC, SIEM, or detection engineering roles
  • 3+ years of hands-on experience with Microsoft Sentinel
• Technical Skills
  • Deep expertise in:
    • Microsoft Sentinel (analytics, KQL, data models)
    • Microsoft Defender for Endpoint (MDE)
    • Microsoft Defender for Identity (MDI)
  • Strong experience with:
    • Log ingestion, normalization, and schema mapping
    • Multi-source telemetry integration (cloud, network, endpoint)
    • AWS logging (CloudTrail, VPC Flow Logs)
  • Knowledge of:
    • MITRE ATT&CK framework
    • SIEM/XDR integration
    • Log routing tools (e.g., Cribl, Logstash, Fluentd)
• U.S citizenship required
• Ability to obtain Top Secret Clearance

Preferred:

• Relevant certifications:
• CISSP, GCIA, GCIH, CEH, or equivalent
• Microsoft Security certifications (Sentinel, Defender)
• AWS Security certifications
• Privacy certifications (e.g., CIPP/US, CIPM) where applicable
• Experience supporting:
• Federal civilian agencies
• NIST-based frameworks (800-53, 800-61, 800-92)
• Zero Trust architectures

What Sets You Apart

• Ability to operate as both a hands-on engineer and strategic technical leader
• Experience building detection capabilities from the ground up
• Strong understanding of identity-centric security and Zero Trust principles
• Proven ability to optimize security operations for efficiency and cost