System Engineer Security Clearance

Position: System Engineer 2 with Security Clearance
Overview We are seeking a highly skilled Blue/Purple Team Security Engineer to support enterprise security operations, incident response, detection engineering, and compliance within a Zero Trust environment. This role blends defensive security engineering, adversary emulation support, SOC optimization, and ISSO responsibilities, with a strong emphasis on Elastic (XDR/SIEM), ACAS, detection-as-code, and automation. The ideal candidate is hands-on, collaborative, and comfortable operating across security operations, engineering, compliance, and executive communication.

Key Responsibilities Blue / Purple Team Operations
* Partner with internal Red Team and Pen Testers to support adversary emulation and Purple Team exercises

* Analyze attacker techniques and behaviors to improve detections, prevention strategies, and overall security posture

* Continuously improve defensive controls to reduce organizational risk Incident Response & SOC Enablement
* Lead and participate in incident response testing ("fire drills") across approved endpoints and servers

* Validate SOC tools, alerting, and workflows during simulated and real-world events

* Evaluate and improve Incident Response Plans to ensure operational readiness Detection Engineering & Elastic (XDR/SIEM)
* Serve as a primary user and functional owner of Elastic Defend (XDR)

* Design, build, and maintain security dashboards using Elastic query languages

* Develop and maintain Detection-as-Code workflows, including:

* Writing and tuning detection rules

* Managing rule repositories in Git Lab with clear documentation

* Testing open-source detection content prior to production use

* Leverage Elastic Machine Learning for anomaly detection and alerting

* Manage and deploy security tool integrations to ingest and normalize log data ACAS / Vulnerability & Compliance Management
* Fully manage ACAS from backend to frontend, including:

* Server, agent, plugin, and STIG updates

* Active scan configuration and compliance profile maintenance

* Support Government ISSOs/ISSEs with vulnerability and compliance reporting

* Coordinate with automation teams for high-side visibility and monitoring ISSO / Compliance Support (Zero Trust Environment)
* Act as an ISSO Subject Matter Expert supporting ATO advancement

* Develop waiver documentation, mitigating factors, and control justifications

* Support STIG management, SSP updates, and security policy development

* Collaborate with engineering teams on secure architecture and design changes

* Balance compliance requirements with innovation and mission needs JIRA & Change Control Support
* Support JIRA workflow design and management for:

* CCB activities

* STIGs, vulnerabilities, and security workflows

* Assist with automation tied to provisioning, account creation, and system deployment Cyber Threat Intelligence (Open Source)
* Identify and curate high-quality open-source threat intelligence feeds

* Integrate threat intelligence into detections, dashboards, and endpoint tools

* Create STIX bundles for ingestion into security platforms

* Optional Python scripting to support automation and intelligence processing Documentation & Executive Engagement
* Produce clear documentation including:

* Installation guides

* Security procedures and best practices

* Tool usage and training materials

* Support executive-level demonstrations and briefings using dashboards and security narratives

* Present technical content to senior stakeholders (CIO, C3, C33 leadership)

Required Qualifications
* Experience in Blue Team, Purple Team, or Detection Engineering roles

* Strong hands-on experience with Elastic (SIEM/XDR)

* Incident response planning, testing, and execution experience

* Experience managing ACAS/Nessus and STIG-based compliance

* Understanding of Zero Trust security principles

* Ability to write and maintain detection logic and security documentation

* Experience collaborating across engineering, SOC, and compliance teams Preferred / Nice-to-Have
* Detection-as-Code experience using Git/Git Lab

* Elastic Machine Learning experience

* Python scripting for security automation

* Open-source threat intelligence integration

* Prior ISSO, ISSE, or compliance SME experience

* Experience briefing executive or government leadership Why This Role Matters This position sits at the i ntersection of security operations, engineering, and compliance, directly influencing detection quality, incident readiness, and ATO success. You will have real ownership, real impact, and visibility across both technical teams and senior leadership. Clearance Requirement Active TS/SCI with Polygraph is required for this position. Candidates must be eligible to work on classified systems in a highly secure environment.

Education/Experience Bachelor's degree in Computer Science or a related field is required. At least 14 years of relevant experience, or 5 additional years of relevant experience. Salary: $180,000-$225,000. This represents the typical salary range for this position, but is not guaranteed. Salary is…