SIEM Detection Engineer

Join to apply for the SIEM Detection Engineer role at L3Harris Technologies. L3Harris is dedicated to recruiting and developing high‑performing talent who are passionate about what they do. Our employees share a focus on our customers’ mission, growth, and an inclusive, engaging environment that empowers work‑life success. We are committed to values, community dedication, and excellence in all we do. L3Harris Technologies is the trusted disruptor in the defense industry. We deliver end‑to‑end technology solutions that connect space, air, land, sea, and cyber domains to serve national security. About your next challenge as a SIEM Detection Engineer We are seeking an experienced Security Information and Event Management (SIEM) Detection Engineer to join our team. In this role, you will design, implement, and optimize advanced detection capabilities across open‑source SIEM platforms, focusing on Wazuh, Shuffle, and other telemetry sources. Your work will strengthen our threat detection, response, and hunting capabilities, ensuring a resilient security posture against evolving threats. You will develop scalable, reusable detection logic and continuously improve our security operations. What will you do Detection Development Design, implement, and optimize scalable and reusable detection use cases across open‑source SIEM platforms, extending beyond vendor‑built detections to address current and emerging threats. Develop, tune, and maintain detection rules for SIEM, EDR, and other telemetry sources, ensuring alignment with the latest threat intelligence. Build and maintain detection‑as‑code pipelines using technologies such as Wazuh, Shuffle, and ClamAV. Correlate threat intelligence with internal telemetry to enrich detection logic and improve accuracy. Create detailed runbooks for adversary emulation and control validation, leveraging open‑source software technologies. Threat Simulation & Collaboration Collaborate with the Senior Cyber Specialist to simulate relevant and emergent threat actor tactics, techniques, and procedures (TTPs). Utilize frameworks such as MITRE ATT&CK and D3FEND to assess, track, and enhance detection coverage. Reporting & Communication Prepare clear, concise situation reports and activity summaries for customers and senior leadership. Develop and deliver technical walkthroughs, PoC demonstrations, presentations, and articles to stakeholders. Research & Development Conduct research and development to innovate defensive tactics, techniques, and procedures. Develop custom applications, utilities, and automation scripts to enhance detection and response capabilities. Advance threat hunting capabilities aligned with MITRE ATT&CK and emerging offensive TTPs. Contribute to the evolution of digital forensics and incident response (DFIR) tools, techniques, and methodologies. Required Skills and Experiences Bachelor’s degree in engineering, computer science, or a technical college diploma. 5–7 years of consecutive experience deploying, administering, and optimizing open‑source SIEM platforms, focusing on Wazuh, Shuffle, or similar technologies. Proven expertise in detection engineering, including rule development, tuning, and threat intelligence integration. Strong background in threat hunting, adversary emulation, and DFIR. Experience with MITRE ATT&CK, D3FEND, and other cybersecurity frameworks. Excellent communication and presentation skills, with the ability to convey complex technical concepts to diverse audiences. Demonstrated ability to mentor team members and contribute to a culture of continuous improvement. Eligibility Criteria (Mandatory) Must be eligible for registration with the Controlled Goods Program. Must be eligible to obtain and maintain a government of Canada “Reliability” status and Level 2 (Secret) security clearance. Must be eligible to meet the requirements for U.S. International Traffic in Arms Regulations (ITAR). Seniority level Mid‑Senior level Employment type Full‑time Job function Engineering and Information Technology Industries Defense and Space Manufacturing At L3Harris, we foster an inclusive and equitable workplace. We are committed to treating all employees and applicants for employment with respect and dignity and maintaining a workplace that is free from unlawful discrimination. For applicants with disabilities, we will provide accommodation so that you can perform at your best. L3Harris performs background checks prior to employment as all applicants must be eligible for registration with the Controlled Goods Program and obtain and maintain a positive security assessment. Some positions may require a government of Canada “Reliability” status and/or Level 2 (Secret) security clearance. In addition, L3Harris performs pre‑employment substance abuse testing where required. #J-18808-Ljbffr