engineering team lead - Tallahassee, FL

Requisition No: 870505 · Agency: Management Services · Working Title: ENGINEERING TEAM LEAD · Pay Plan: SES · Position Number: · Salary: $100, $125,000.00 · Posting Closing Date: 03/06/2026 · Total Compensation Estimator Tool · Engineering Team Lead · Florida Digital Service · ...

Job description

Requisition No: 870505

Agency: Management Services

Working Title: ENGINEERING TEAM LEAD

Pay Plan: SES

Position Number:

Salary: $100, $125,000.00

Posting Closing Date: 03/06/2026

Total Compensation Estimator Tool

Engineering Team Lead

Florida Digital Service

State of Florida Department of Management Services

This position is located in Tallahassee, FL

The Engineering Team Lead provides technical leadership and operational oversight for the cybersecurity engineering team responsible for supporting, developing, and sustaining the enterprise security tooling that enables SOC operations. This role ensures the reliability, availability, and effectiveness of security platforms, data pipelines, and telemetry sources used for threat detection, analysis, and incident response. The Engineering Team Lead is accountable for the technical correctness, performance, and operational value of enterprise SIEM detections and supporting telemetry pipelines. This role requires deep hands-on expertise in detection engineering, telemetry selection, and data quality management to ensure that SOC operations receive only the data required for effective detection, investigation, and response. The Engineering Team Lead must be capable of directly tuning, validating, and troubleshooting detections and telemetry flows across environments.

The Engineering Team Lead is responsible for supporting SOC tool modernization by developing engineering capability, operational processes, and technical readiness necessary, while sustaining current operational requirements and advancing the organization toward the target-state architecture.

Key Responsibilities:

Leadership and Team Management

• Lead a cybersecurity engineering team with varying technical skill sets, balancing legacy platform support with the development of modern security engineering capabilities.
• Ensure timely execution of assigned operational, project, and improvement activities.
• Manage task assignments, workloads, and priorities to ensure effective delivery of engineering support for SOC operations and enterprise initiatives.
• Mentor and develop engineering staff by providing technical guidance, performance feedback, and opportunities to build depth across security platforms and technologies.

Security Tooling and Platform Management

• Lead strategy and execution for the enterprise SOC tool stack, including SIEM, data lake, SOAR, detection, and threat intelligence platforms.
• Own the technical lifecycle of SIEM detections, including creation, validation, tuning, versioning, deployment, and retirement, ensuring detections function as intended in production.
• Ensure that security telemetry ingested from the Security Lake into the SIEM is intentionally scoped, operationally necessary, and optimized for detection and investigation use cases.
• Support and maintain existing enterprise security consoles and centrally managed security solutions while planning and executing the transition to modernized, integrated SOC platforms.
• Evaluate telemetry sources for signal value, redundancy, cost, and analytic usefulness, and remove or suppress data that does not materially support SOC operations.
• Ensure high availability, performance, and reliability of security tooling and supporting infrastructure.
• Oversee ingestion and retention of security telemetry to ensure data completeness, accuracy, and usability.
• Validate telemetry fidelity and data quality to support effective detection, analytics, and threat-hunting activities.

Detection Engineering and Telemetry Knowledge

• Advanced knowledge of SIEM detection engineering concepts, including correlation logic, thresholds, suppression, enrichment, and performance impacts.
• Strong understanding of security telemetry sources across endpoint, identity, network, cloud, and application domains and their relevance to detection use cases.
• Knowledge of structured detection rule frameworks, including Sigma, and how abstract detection logic maps to platform-specific implementations.
• Understanding of how data volume, latency, and quality affect SOC detection accuracy and investigative effectiveness.

Engineering Operations and Execution

• Direct day-to-day engineering operations supporting SOC detection, response, and analytic workflows.
• Manage configuration, integration, and lifecycle activities for security tools, ensuring alignment with enterprise architecture standards and security requirements.
• Support troubleshooting, root-cause analysis, and remediation of tooling, data, or integration issues impacting SOC operations.
• Coordinate engineering participation in incident response activities where tooling, telemetry, or platform expertise is required.

Coordination and Collaboration

• Coordinate with the SOC Manager to understand analyst requirements and ensure engineering efforts support operational workflows and priorities.
• Partner with the Enterprise Architecture Team Lead to ensure engineering implementations align with approved architecture standards and modernization initiatives.
• Collaborate with other cybersecurity, IT, and data teams to support enterprise integrations, interoperability, and modernization objectives.
• Participate in cross-functional projects, providing engineering expertise while respecting the priorities and constraints of partner teams.

Process Improvement and Maturity

• Drive continuous improvement of engineering processes, tooling reliability, and operational support models.
• Identify gaps in detection coverage, telemetry, or tooling capabilities and propose technical solutions in coordination with architecture and SOC leadership.
• Support development and maintenance of engineering documentation, runbooks, and standard operating procedures.
• Contribute to SOC and enterprise cybersecurity maturity initiatives by improving platform resilience, scalability, and analytic enablement.

Knowledge, Skills, and Abilities (KSA):

Knowledge

• Enterprise cybersecurity engineering principles, including the design, implementation, and operation of security platforms that support SOC detection, analytics, and incident response workflows.
• Security tooling architectures and technologies, including SIEM, data lakes, SOAR, detection engineering platforms, and threat intelligence systems.
• Security telemetry sources, detection engineering concepts, analytic workflows, and the technical dependencies required to support effective threat detection and hunting.
• Systems security management practices related to availability, reliability, performance, and resilience of security platforms and supporting infrastructure.
• Incident response processes and the role of engineering support during investigations, containment, and recovery activities.
• Documentation, configuration management, and operational support practices used to sustain complex security platforms over time.
• Modernization concepts relevant to cybersecurity engineering, including platform consolidation, automation, scalability, and interoperability.

Skills

• Designing, implementing, tuning, and validating SIEM detections using structured detection logic.
• Authoring, reviewing, and operationalizing Sigma rules and adapting them to enterprise environments and tooling constraints.
• Analyzing detection performance using quantitative metrics such as alert volume, false positive rates, and coverage by telemetry source.
• Leading and mentoring cybersecurity engineers.
• Directing engineering priorities, assigning tasks, and managing workloads to support SOC operations, enterprise initiatives, and improvement activities.
• Designing, implementing, configuring, and maintaining security platforms and integrations that enable detection, analytics, and incident response.
• Troubleshooting complex technical issues involving security tools, telemetry pipelines, data quality, and system integrations.
• Validating telemetry fidelity and detection enablement to ensure SOC analysts can effectively perform alert triage, threat hunting, and investigations.
• Coordinating engineering support for SOC operations, including participation in incident response activities requiring platform or tooling expertise.
• Developing and maintaining technical documentation, runbooks, and standard operating procedures for engineering operations and platform support.
• Identifying technical risks, or inefficiencies in tooling and proposing practical engineering solutions.

Abilities

• Balance current-state operational demands with long-term modernization objectives in a transitioning engineering and SOC environment.
• Ensure the reliability, availability, and performance of security tooling while evolving platform capabilities and integrations.
• Translate SOC operational needs and analyst workflows into effective engineering solutions.
• Independently tune detections and telemetry pipelines to support evolving SOC operational needs.
• Make data-driven decisions about which telemetry sources should or should not be forwarded into the SIEM.
• Execute engineering work in alignment with enterprise architecture standards while supporting iterative improvement and innovation.
• Foster effective collaboration across organizational boundaries while respecting differing priorities and constraints.
• Anticipate emerging technical requirements and prepare engineering capabilities to support future detection, analytics, and response needs.
• Drive continuous improvement of engineering processes, support models, and platform resilience to advance SOC and enterprise cybersecurity maturity.

Minimum Qualifications:

• A bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related field; equivalent professional experience may be considered in lieu of a degree.
• 6+ years of progressively responsible experience in cybersecurity engineering, security operations engineering, or related technical roles supporting enterprise security platforms.
• At least 2 years' experience developing or following engineering processes related to change management, configuration management, or operational support.
• At least 2 years of experience leading, mentoring, or coordinating technical staff, including task prioritization and workload management.
• Demonstrated experience designing, implementing, configuring, or maintaining security tooling such as SIEM, SOAR, security data platforms, detection systems, or threat intelligence platforms.
• Demonstrated hands-on experience developing, tuning, and maintaining SIEM detections in a production SOC environment.
• Experience authoring or operationalizing Sigma rules or equivalent structured detection logic.
• Demonstrated experience selecting, filtering, or optimizing security telemetry to support detection and investigation outcomes.
• Experience collaborating with cross-functional teams to support incident response, platform integration, or modernization initiatives.
• Strong written and verbal communication skills sufficient to provide technical guidance to internal teams and enterprise stakeholders.
• Relevant professional certifications such as CISSP, CCSP, cloud security certifications, or equivalent, preferred.

Our Organization and Mission:

Under the direction of Governor Ron DeSantis, Interim Secretary Tom Berger and DMS' Executive Leadership Team, the Florida Department of Management Services (DMS) is a customer-oriented agency with a broad portfolio that includes the efficient use and management of real estate, procurement, human resources, group insurance, retirement, telecommunications, fleet, and federal property assistance programs used throughout Florida's state government. It is against this backdrop that DMS strives to demonstrate its motto, "We serve those who serve Florida."

Special Notes:

DMS is committed to successfully recruiting and onboarding talented and skilled individuals into its workforce. We recognize the extensive training, experience and transferrable skills that veterans and individuals with disabilities bring to the workforce. Veterans and individuals with disabilities are encouraged to contact our recruiter for guidance and answers to questions through the following provided email addresses:





An individual with a disability is qualified if he or she satisfies the skills, experience, and other job related requirements for a position and can perform the essential functions of the position with or without reasonable accommodation. Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must contact the DMS Human Resources (HR) Office at DMS requests applicants notify HR in advance to allow sufficient time to provide the accommodation.

Criminal background investigation including fingerprinting and statewide and national criminal history records check per Section Florida Statutes, Chapter 435 Florida Statutes and the Federal Bureau of Investigation's CJIS Security Policy CJISD-ITS-DOC-08140.

Pursuant to F.S every officer or employee who is responsible for the approval or processing of vendors' invoices or distribution of warrants to vendors are mandated to process, resolve and comply as section requires

The State of Florida is an Equal Opportunity Employer/Affirmative Action Employer, and does not tolerate discrimination or violence in the workplace.

Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must notify the agency hiring authority and/or People First Service Center Notification to the hiring authority must be made in advance to allow sufficient time to provide the accommodation.

The State of Florida supports a Drug-Free workplace. All employees are subject to reasonable suspicion drug testing in accordance with Section , F.S., Drug-Free Workplace Act.