Detection & Case Management Lead

We are seeking a highly skilled and innovative Detection and Case Management Lead to join our team in the greater DMV area, supporting the Army National Guard.

Key Responsibilities

Define and govern detection architecture standards and lifecycle for correlation rules, signatures, behavioral analytics, and analytics pipelines aligned to MITRE ATT&CK and prioritized risks.
• Translate threat intelligence, CDAP/CHAP/vulnerability findings into prioritized, testable detection use cases and automated alerting frameworks.
• Oversee detection validation using telemetry analysis, adversary emulation, redteam exercises, and lab testbeds; tune to reduce false positives and alert fatigue.
• Lead endtoend case management design: triage, enrichment, documentation, escalation, remediation tracking, and closure processes with SLAs and audit controls.
• Establish runbooks, QA controls, and standard operating procedures for detection tuning and investigative documentation.
• Partner with data engineering to improve telemetry ingestion, normalization, enrichment, retention, and evidence integrity for investigations.
• Implement dashboards and reporting for detection efficacy, MTTD, MTTR, case quality, and executive risk metrics.
• Mentor SOC/NOSC analysts and coordinate with incident response, threat intel, vulnerability management, and service owners.
• Maintain continuous improvement process for detection coverage, playbooks, and case management maturity.

#ENOCS

Required Qualifications

• 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD
• Clearance: TS/SCI (active)
• Education / Training / Certification: Candidate must meet ONE of the following:
  • Master's or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR
  • Relevant DoD/Military training (e.g., 4C255N (CP)); OR
  • Relevant certifications (see list below).
• Experience: Progressive cybersecurity experience focused on detection engineering, SOC operations, or security case management in enterprise/DoD environments.
• Demonstrated expertise in SIEM rule engineering, EDR/XDR tuning, IDS/IPS signatures, cloud-native detection, OT/DCI monitoring, and MITRE ATT&CK mapping.
• Proven experience translating threat intel and vulnerability data into operational detection use cases and validated analytics.
• Strong skills in tooling (SIEM, SOAR, EDR, network telemetry), telemetry normalization, analytic validation, and creating decisiongrade dashboards and runbooks.
• Excellent written and verbal communication for briefings to technical and executive audiences.

Acceptable Certifications (one or more preferred)

• CISSPISSAP, CISSPISSEP, GCIA, GICSP, or equivalent advanced detection/forensics certifications

Desired / Preferred

• Prior DoD/Army/ARNG SOC or NOSC experience
• Experience with threat emulation frameworks, Purple Teaming, SOAR playbook development, cloud detection platforms, and telemetry engineering
• Familiarity with CDAP/CHAP assessment processes and compliance/audit evidence requirements

#ENOCS

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.