Senior Cyber Incident Handling Analyst

Company Description

Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.

Job Description

Overview

***This position is contingent upon contract award.***

SOSi is seeking a Senior Cyber Incident Handling Analyst in Wiesbaden, Germany. The ideal candidate will possess senior-level expertise in managing the full lifecycle of cyber security incidents. This role involves monitoring for malicious activity, triaging events, and leading the coordination between technical teams and leadership to ensure incidents are contained, remediated, and documented in support of theater-level mission requirements.

Essential Job Duties

• Monitor and analyze Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) platforms to detect malicious and anomalous activity.
• Lead the evaluation of security events to determine if a formal incident has occurred, assessing the potential impact on theater operations.
• Analyze data from various enterprise sources, including logs and packet captures, to draw definitive conclusions regarding past and future security incidents.
• Coordinate high-pressure response efforts between technical engineering teams and non-technical stakeholders to ensure a unified and effective defense posture.
• Maintain expert-level knowledge of hacker Tactics, Techniques, and Procedures (TTPs) and the current threat landscape to better anticipate and respond to exploits.
• Ensure every incident is meticulously documented from initial detection through final resolution, maintaining a clear record for after-action reporting and compliance.
• Articulate investigative findings and incident status updates to both technical audiences and executive leadership.

Qualifications

Minimum Requirements

• Active in scope TS/SCI clearance.
• BA/BS degree (Engineering, Computer Science, Science, Business Administration, or Mathematics) plus five (5) years of specialized experience OR Associate's degree plus seven (7) years of specialized experience OR a major professional certification plus seven (7) years of specialized experience OR eleven (11) years of specialized experience.
• Possession of at least one of the following: Cisco Certified CyberOps Professional or GIAC: GCED or GCIH or GCFA or GCFE or GMON or GNFA or Blue Team Level 2 (BLT2) or Microsoft Certified: Cybersecurity Architect Expert or Offensive Security Defense Analyst (OSDA).
• Demonstrated experience monitoring intrusion detection and security information management systems.
• Proven experience triaging and evaluating detected events to determine incident status.
• Ability to analyze data, such as logs or packet captures, to draw conclusions regarding security incidents.
• Experience coordinating response to incidents with both technical and non-technical parties.
• Expert knowledge of hacker techniques (TTPs) and the current security threat landscape.
• Experience documenting incidents from initial detection through final resolution.

Preferred Qualifications

• Familiarity with Cybersecurity Service Provider (CSSP) reporting requirements.
• Experience utilizing Case Management Systems for tracking cyber incidents.
• Knowledge of DoD 8500-series instructions and CJCSM 6510.01B (Cyber Incident Handling Program).
• Prior experience in a theater-level Security Operations Center (SOC) or Cyber Defense Center.

Additional Information

Work Environment

• Normal office conditions with potential to perform duties in deployed locations.
• May be requested to work evenings and weekends to meet program and contract needs.

Working at SOSi

• All interested individuals will receive consideration and will not be discriminated against for any reason.