Detection Engineer- Active Secret Clearance 100% Remote

Detection Engineer

This company builds cybersecurity, maintenance, and compliance capabilities for operational technology systems used in defense, aerospace, and rail.

The company is located in Washington D.C. and will remain 100% remote.

The candidate must have an Active Secret Clearance.

What You Will Be Doing:

• Partner with hardware, software, field, and research engineers to build and mature detection capabilities.
• Develop detection modules, tools, and testbeds in C++, Rust, Golang, and Python targeting OT systems and serial networks.
• Deliver high-performance, real-time detection and prevention features in collaboration with cross-functional teams.
• Ensure full lifecycle testing with QA and Test Engineering, validating detection logic and algorithms.
• Analyze large volumes of serial bus traffic and differentiate legitimate activity from abnormal behavior.
• Investigate real customer anomalies, identify root causes, and strengthen or create new detection logic.
• Produce training materials, usage guides, and operational best practices enabling customers to triage findings and optimize configuration.
• Communicate complex cybersecurity threat information to both deeply technical experts and non-technical stakeholders.
• Contribute to threat classification frameworks and shared language for OT attack patterns.
• Interpret technical standards, specifications, and interface control documents to understand relevant data sources.
• Create engineering documentation, reports, and presentations for internal and external audiences.
• Collaborate with vulnerability researchers to build detections for emerging exploitation techniques targeting OT systems.
• Operate flexibly across shifting priorities in a fast-moving environment.
• Travel up to ~10%.

Required Skills & Experience:

• BS/MS in Computer Science, Electrical/Computer Engineering, or related discipline.
• Hands-on experience with intrusion detection.
• Proficient in C/C++, Rust, Golang, and Python.
• Familiar with DevOps tools and workflows (Git, GitHub Actions, Linux, Docker/Kubernetes, Cargo, etc.).
• Embedded systems development experience.
• Capable of analyzing and decoding serial data buses.
• Experience building or testing layered protocol parsers.
• Background in cybersecurity fundamentals or related fields.
• Comfortable with test-driven development practices.
• Able to juggle multiple efforts and shift focus quickly when priorities change.
• Must hold an active U.S. security clearance.

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn’t provide sponsorship.