Cybersecurity Threat Detection & Incident Response Engineer - Remote

Overview

Dragonfli Group is a cybersecurity and IT consulting firm based out of Washington, DC that provides consulting services to both government and Fortune 500 clients. Our work spans high-impact national security programs, enterprise-scale IT modernization, and mission-critical cybersecurity operations.

We are seeking a Cybersecurity Threat Detection & Incident Response Engineer to take a leading role in safeguarding critical systems against advanced cyber threats. This position offers the opportunity to work at the forefront of cyber defense—leveraging AI/ML-enabled automation, SOAR orchestration, and proactive threat hunting to detect, analyze, and neutralize sophisticated attacks before they impact operations.

As the senior technical authority in this domain, you will conduct complex triage, guide investigations, and design cutting-edge detection capabilities, while influencing policy and best practices across the organization. You will be working in a fully remote capacity, but preference will be given to candidates located in Northern Virginia or the Washington, DC corridor who can collaborate in person when required.

This role is suited for professionals who thrive in fast-paced, high-responsibility environments, and who are committed to applying their expertise to defend critical systems and networks.

Work Environment: Remote (Preference: Northern Virginia / DC corridor)

Clearance: May require ability to obtain Public Trust clearance

Experience Required: 7+ years in security operations, threat hunting, and incident response

Citizenship Requirement: U.S. citizens or lawful permanent residents only

AI Policy: Candidates must be able to prove technical proficiency independently and without the use of AI tools during assessments or interviews

In Short

• Responsible for performing triage on all security escalations and detections to determine scope, severity, and root cause.
• Monitor cyber security events, detecting incidents, and investigating incidents.
• Identify, recommend strategies, develop, and implement automation use cases leveraging AI/ML capabilities.
• Support deploying, configuring, testing, and maintaining Security Orchestration, Automation, and Response (SOAR) platform, and tools integrated with AI/ML capabilities to enhance threat detection, analysis and response.
• Provide support to contract Program Manager, as necessary.
• Effectively communicates technical information to non-technical audiences.
• Influence others to comply with policies and conform to standards and best practices.

Requirements

• 7+ years of experience with security operations, threat hunting, and incident response
• Experience in analyzing alerts from Cloud, SIEM, EDR, and XDR tools, and alerts tuning process with preference on SentinelOne, Armis, and Splunk.
• Experience in configuring network devices and analyzing network traffic
• Experience with Artificial Intelligence and Machine Learning (AI/ML) based security tools.
• Experience in researching, developing, and implementing SOAR use cases.
• Familiar with Security Orchestration, Automation, and Response (SOAR) platform
• Familiarity with cybersecurity operation center functions.
• Experience configuring and re-configuring security tools, including SenintelOne and Splunk.
• Experience implementing Security frameworks, such as MITRE ATT&CK and NIST, and can interpret use cases into actionable monitoring solutions.
• MUST have one or more of the following Certification(s): CISSP, CISA, CISM, GIAC, RHCE.

Benefits

• Health, dental, and vision insurance
• PTO and 11 Federal Holidays
• 401(k) employer match