NSOC Cyber Defense Lead (DCO Lead)

Overview

Lead the Digital Shield of the Indo-Pacific

SOSi is on the hunt for a visionary NSOC Cyber Defense Lead (DCO Lead) to command the front lines of cyber resilience at Joint Base Pearl Harbor Hickam. In this high-impact role, you'll orchestrate 24/7 Defensive Cyberspace Operations, driving real-time threat detection, response, and mission assurance across a dynamic Indo-Pacific enterprise. As the strategic force behind the NSOC's cyber defense branch, you'll synchronize operations, engineering, and compliance-delivering innovation, leadership, and security at scale.

Essential Job Duties

• Lead the Defensive Cyberspace Operations (DCO) branch of the NSOC, providing daily oversight of cyber defense, incident response, vulnerability management, and compliance tracking.
• Supervise, mentor, and train analysts and engineers to ensure consistent performance and procedural adherence across shifts.
• Serve as the Incident Response Lead for escalated cyber events, coordinating containment, remediation, and communication with mission partners and CSSP stakeholders.
• Collaborating with the NSOC Deputy, Battle Captains, and Operations/Engineering leads to maintain unified situational awareness across network, system, and cyber domains.
• Direct proactive threat hunting and detection tuning using adversary TTPs and MITRE ATT&CK methodology.
• Oversee AI- and SOAR-assisted response workflows, ensuring automation pipelines align with NSOC standard operating procedures (SOPs).
• Track and report CTOs, ATOs, POA&Ms, and vulnerability remediation metrics to support accreditation and compliance.
• Conduct and document tabletop exercises, readiness drills, and after-action reviews to validate detection and response posture.
• Develop and deliver daily/weekly SITREPs, KPIs, and incident summaries for leadership.
• Ensure DCO processes comply with RMF, CSSP, and DoD 8140 standards, maintaining accreditation readiness.

Minimum Requirements

• Active in scope SECRET clearance.
• Bachelor's degree in Cybersecurity, Computer Science, or related discipline (or equivalent work experience).
• 5+ years of experience in SOC/NSOC or Defensive Cyberspace Operations environments.
• DoD 8140 / 8570 Baseline Certification: IAT Level III (CASP+, CISSP) or CND (GCIH, GCIA, CEH, CFR).
• Demonstrated experience leading teams or shift operations within a cyber defense or SOC environment.
• Strong proficiency with SIEM, EDR, and SOAR platforms (e.g., Splunk, Elastic, Microsoft Defender, Trellix, Chronicle).
• Knowledge of adversary TTPs, malware analysis, and incident response methodologies.
• Excellent leadership, communication, and analytical problem-solving skills.

Preferred Qualifications

• Advanced certifications such as GCIA, GCIH, GDAT, CISSP, or GCTI.
• Prior experience in military or coalition cyber defense
• Familiarity with AI-assisted detection, SOAR automation, and Zero Trust Architecture.
• Experience supporting DISA PAC, CSSP, or Mission Partner Environment (MPE)

Work Environment

• Normal office environment with potential for limited travel or participation in exercises at deployed or classified sites.
• May be required to work evenings, weekends, or on-call rotations to meet mission and contract needs.
• This is a core leadership position in a 24/7/365 operations center supporting INDOPACOM.

Working at SOSi

All interested individuals will receive consideration and will not be discriminated against for any reason.