Senior Cyber Defense Analyst

Company Description

Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.

Job Description

Senior Cyber Defense Analyst - Shift Lead

Step into a high-impact cyber defense leadership role at the forefront of mission operations. As a Shift Lead within SOSi's INDOPACOM Network Security Operations Center, you'll drive real-time threat defense across multi-enclave coalition environments powered by cutting-edge DaaS private cloud technology.

This role blends advanced cyber operations with modern AI-assisted detection-leading analysts through threat hunting, incident response, and rapid decision-making to protect critical warfighter networks. You'll be the connective force between detection engineering, cyber innovation teams, and mission partners, ensuring precision, speed, and mission assurance in a dynamic, 24/7 operational environment.

Lead the shift. Validate the signal. Defend the mission.

Essential Job Duties

• Serve as the senior analyst and shift lead for assigned operations, providing direction on monitoring priorities, triage, threat hunting, and incident investigation activities.
• Coordinate shift-level cyber defense response activities during alerts, incidents, outages, and mission-impacting events, escalating to the Incident Response Lead, DCO Lead, or INSOC leadership as required.
• Validate, adjudicate, and prioritize escalated detections from AI-assisted SOC tools, SIEM, EDR, SOAR, and enterprise monitoring platforms.
• Lead initial incident triage and support containment, remediation, evidence preservation, reporting, and handoff activities across shift transitions.
• Mentor junior and mid-level analysts in detection analysis, threat hunting, incident response procedures, documentation standards, and operational best practices.
• Serve as the shift-level liaison between analysts, DCAI engineers, detection engineering, NetOps, SysOps, and mission partners to refine detections, SOAR playbooks, AI-assisted workflows, and response procedures.
• Conduct threat hunting based on adversary tactics, techniques, and procedures (TTPs), threat intelligence, anomaly detection, and mission-specific risk indicators.
• Ensure incidents, investigations, shift notes, case updates, and lessons learned are documented accurately in accordance with SOPs, CSSP reporting requirements, and escalation timelines.
• Support red/blue team events, tabletop exercises, operational drills, and after-action reviews to validate analyst readiness and improve shift procedures.
• Provide clear verbal and written shift updates, incident summaries, and operational reporting to leadership, Government stakeholders, and external mission partners as required.
• Maintain awareness of enterprise cyber, network, system, and mission environments to support timely detection, correlation, and mission-impact assessment.
• Support compliance with RMF, CSSP, DoD 8140, SOPs, and accreditation requirements for AI-augmented cyber defense and incident response processes.

Qualifications

Minimum Requirements

• Active in-scope Top Secret/SCI clearance.
• DoD 8140 / 8570 IAT Level II certification required within 180 days of hire, such as Security+ CE, CySA+, GSEC, CCNA Security, or equivalent.
• Minimum 5+ years of SOC, CSSP, Defensive Cyberspace Operations, or cyber defense experience with demonstrated incident response and threat hunting expertise.
• Experience serving as a senior analyst, shift lead, incident lead, or escalation point within a SOC or enterprise cyber defense environment.
• Strong understanding of adversary TTPs, MITRE ATT&CK, malware analysis fundamentals, cyber kill chain concepts, and advanced detection and response techniques.
• Hands-on experience with SIEM, EDR, SOAR, packet capture and analysis tools, and enterprise monitoring platforms, such as Splunk, Elastic, Defender, Wireshark, Zeek, ServiceNow, or similar tools.
• Ability to coordinate cross-functional response efforts across analysts, engineers, operations teams, Government stakeholders, and mission partners during cyber incidents and operational events.
• Strong written and verbal communication skills, including the ability to brief technical findings, incident status, operational risk, and recommended actions to technical and non-technical audiences.
• Must be flexible to support 24/7/365 operations, including rotating shifts, nights, weekends, holidays, on-call support, and surge coverage during major incidents or exercises.

Preferred Qualifications

• Advanced certifications such as GCIA, GCIH, GDAT, GCTI, CISSP, CASP+, or equivalent.
• Experience supporting DISA, CSSP, TNCC, INDOPACOM, coalition, or military cyber defense environments.
• Prior Tier 2/Tier 3 SOC analyst, shift lead, incident commander, battle captain, or major incident coordination experience.
• Experience working with AI/ML-assisted SOC platforms, automation pipelines, SOAR workflows, and operational analytics platforms.
• Experience building, maturing, or refining SOC workflows, CONOPS, SOPs, escalation procedures, dashboards, and reporting products.
• Experience with Mavin, Power BI, JIRA, ServiceNow, Elastic, Splunk, Microsoft Defender, Zeek, Wireshark, or similar enterprise platforms.

Additional Information

Work Environment

• Shift-based senior analyst role supporting 24/7/365 mission operations; flexibility is required for rotating shifts, weekends, holidays, after-hours escalations, exercises, and surge support.
• Fast-paced, mission-critical cyber defense operations supporting classified mission activities and enterprise-level operational response.
• May require participation in operational meetings, briefings, shift turnovers, tabletop exercises, and after-action reviews.
• Target Salary Range: $110,290 to $148,891.

Working at SOSi

All interested individuals will receive consideration and will not be discriminated against for any reason.