Senior Cyber Defense Analyst

Senior Cyber Defense Analyst – Shift Lead 

Step into a high-impact cyber defense leadership role at the forefront of mission operations. As a Shift Lead within SOSi’s INDOPACOM Network Security Operations Center, you’ll drive real-time threat defense across multi-enclave coalition environments powered by cutting-edge DaaS private cloud technology.

This role blends advanced cyber operations with modern AI-assisted detection—leading analysts through threat hunting, incident response, and rapid decision-making to protect critical warfighter networks. You’ll be the connective force between detection engineering, cyber innovation teams, and mission partners, ensuring precision, speed, and mission assurance in a dynamic, 24/7 operational environment.

Lead the shift. Validate the signal. Defend the mission.

Essential Job Duties

• Serve as the senior analyst and shift lead for assigned operations, providing direction on monitoring priorities, triage, threat hunting, and incident investigation activities.
• Coordinate shift-level cyber defense response activities during alerts, incidents, outages, and mission-impacting events, escalating to the Incident Response Lead, DCO Lead, or INSOC leadership as required.
• Validate, adjudicate, and prioritize escalated detections from AI-assisted SOC tools, SIEM, EDR, SOAR, and enterprise monitoring platforms.
• Lead initial incident triage and support containment, remediation, evidence preservation, reporting, and handoff activities across shift transitions.
• Mentor junior and mid-level analysts in detection analysis, threat hunting, incident response procedures, documentation standards, and operational best practices.
• Serve as the shift-level liaison between analysts, DCAI engineers, detection engineering, NetOps, SysOps, and mission partners to refine detections, SOAR playbooks, AI-assisted workflows, and response procedures.
• Conduct threat hunting based on adversary tactics, techniques, and procedures (TTPs), threat intelligence, anomaly detection, and mission-specific risk indicators.
• Ensure incidents, investigations, shift notes, case updates, and lessons learned are documented accurately in accordance with SOPs, CSSP reporting requirements, and escalation timelines.
• Support red/blue team events, tabletop exercises, operational drills, and after-action reviews to validate analyst readiness and improve shift procedures.
• Provide clear verbal and written shift updates, incident summaries, and operational reporting to leadership, Government stakeholders, and external mission partners as required.
• Maintain awareness of enterprise cyber, network, system, and mission environments to support timely detection, correlation, and mission-impact assessment.
• Support compliance with RMF, CSSP, DoD 8140, SOPs, and accreditation requirements for AI-augmented cyber defense and incident response processes.

Minimum Requirements

• Active in-scope Top Secret/SCI clearance.
• DoD 8140 / 8570 IAT Level II certification required within 180 days of hire, such as Security+ CE, CySA+, GSEC, CCNA Security, or equivalent.
• Minimum 5+ years of SOC, CSSP, Defensive Cyberspace Operations, or cyber defense experience with demonstrated incident response and threat hunting expertise.
• Experience serving as a senior analyst, shift lead, incident lead, or escalation point within a SOC or enterprise cyber defense environment.
• Strong understanding of adversary TTPs, MITRE ATT&CK, malware analysis fundamentals, cyber kill chain concepts, and advanced detection and response techniques.
• Hands-on experience with SIEM, EDR, SOAR, packet capture and analysis tools, and enterprise monitoring platforms, such as Splunk, Elastic, Defender, Wireshark, Zeek, ServiceNow, or similar tools.
• Ability to coordinate cross-functional response efforts across analysts, engineers, operations teams, Government stakeholders, and mission partners during cyber incidents and operational events.
• Strong written and verbal communication skills, including the ability to brief technical findings, incident status, operational risk, and recommended actions to technical and non-technical audiences.
• Must be flexible to support 24/7/365 operations, including rotating shifts, nights, weekends, holidays, on-call support, and surge coverage during major incidents or exercises.

Preferred Qualifications

• Advanced certifications such as GCIA, GCIH, GDAT, GCTI, CISSP, CASP+, or equivalent.
• Experience supporting DISA, CSSP, TNCC, INDOPACOM, coalition, or military cyber defense environments.
• Prior Tier 2/Tier 3 SOC analyst, shift lead, incident commander, battle captain, or major incident coordination experience.
• Experience working with AI/ML-assisted SOC platforms, automation pipelines, SOAR workflows, and operational analytics platforms.
• Experience building, maturing, or refining SOC workflows, CONOPS, SOPs, escalation procedures, dashboards, and reporting products.
• Experience with Mavin, Power BI, JIRA, ServiceNow, Elastic, Splunk, Microsoft Defender, Zeek, Wireshark, or similar enterprise platforms.

Work Environment

• Shift-based senior analyst role supporting 24/7/365 mission operations; flexibility is required for rotating shifts, weekends, holidays, after-hours escalations, exercises, and surge support.
• Fast-paced, mission-critical cyber defense operations supporting classified mission activities and enterprise-level operational response.
• May require participation in operational meetings, briefings, shift turnovers, tabletop exercises, and after-action reviews.
• Target Salary Range: $110,290 to $148,891.

Working at SOSi

All interested individuals will receive consideration and will not be discriminated against for any reason.