SIEM Detection Engineer

L3Harris is dedicated to recruiting and developing high-performing talent who are passionate about what they do. Our employees are unified in a shared dedication to our customers' mission and quest for professional growth. L3Harris provides an inclusive, engaging environment designed to empower employees and promote work-life success. Fundamental to our culture is an unwavering focus on values, dedication to our communities, and commitment to excellence in everything we do.

L3Harris Technologies is the Trusted Disruptor in the defense industry. With customers' mission-critical needs always in mind, our employees deliver end-to-end technology solutions connecting the space, air, land, sea and cyber domains in the interest of national security.

About your next Challenge as a SIEM Detection Engineer:

We are seeking an experienced Security Information and Event Management(SIEM) Detection Engineer to join our team. In this role, you will design, implement, and optimize advanced detection capabilities across open-source SIEM platforms, with a focus on Wazuh, Shuffle, and other telemetry sources. You will play a pivotal role in developing our threat detection, response, and hunting capabilities, ensuring the security posture remains resilient against evolving threats. Your expertise will directly contribute to the development of scalable, reusable detection logic and the continuous improvement of our security operations.

What will you do:

Detection Development:

• Design, implement, and optimize scalable and reusable detection use cases across open-source SIEM platforms, extending beyond vendor-built detections (e.g., Wazuh), to address both current and emerging threats.
• Develop, tune, and maintain detection rules for SIEM, EDR, and other telemetry sources, ensuring alignment with the latest threat intelligence.
• Build and maintain detection-as-code pipelines using technologies such as Wazuh, Shuffle, and ClamAV.
• Correlate threat intelligence with internal telemetry to enrich detection logic and improve accuracy.
• Create detailed runbooks for adversary emulation and control validation, leveraging open-source software technologies.

Threat Simulation & Collaboration:

• Collaborate with the Senior Cyber Specialist to simulate relevant and emergent threat actor tactics, techniques, and procedures (TTPs).
• Utilize frameworks such as MITRE ATT&CK and D3FEND to assess, track, and enhance detection coverage.

Reporting & Communication:

• Prepare clear, concise situation reports and activity summaries for customers and senior leadership.
• Develop and deliver technical walkthroughs, proof-of-concept (PoC) demonstrations, presentations, and articles to stakeholders.

Research & Development:

• Conduct research and development to innovate defensive tactics, techniques, and procedures (TTPs).
• Develop custom applications, utilities, and automation scripts to enhance detection and response capabilities.
• Advance threat hunting capabilities aligned with MITRE ATT&CK and emerging offensive TTPs.
• Contribute to the evolution of digital forensics and incident response (DFIR) tools, techniques, and methodologies

Required Skills and Experiences:

• Bachelors degree in engineering or computer science or technical college diploma
• 5–7 years of consecutive experience deploying, administering, and optimizing open-source SIEM platforms, with a focus on Wazuh, Shuffle, or similar technologies.
• Proven expertise in detection engineering, including rule development, tuning, and threat intelligence integration.
• Strong background in threat hunting, adversary emulation, and DFIR.
• Experience with MITRE ATT&CK, D3FEND, and other cybersecurity frameworks.
• Excellent communication and presentation skills, with the ability to convey complex technical concepts to diverse audiences.
• Demonstrated ability to mentor team members and contribute to a culture of continuous improvement.

Eligibility Criteria (Mandatory):

• Must be eligible for registration with the Controlled Goods Program;
• Must be eligible to obtain and maintain a government of Canada "Reliability" status and Level 2 (Secret) security clearance.
• Must be eligible to meet the requirements for U.S. International Traffic in Arms Regulations (ITAR).

At L3Harris, we foster an inclusive and equitable workplace. L3Harris is committed to treating all employees and applicants for employment with respect and dignity and maintaining a workplace that is free from unlawful discrimination. For applicants with disabilities, we will provide you with accommodation so that you have what you need in order to be at your best.

L3Harris performs background checks prior to employment as all applicants must be eligible for registration with the Controlled Goods Program and obtain and maintain a positive security assessment. Some positions may require a government of Canada "Reliability" status and/or Level 2 (Secret) security clearance. In addition, L3Harris performs pre-employment substance abuse testing where required.