Cyber Threat Lead

Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.

** This position is contingent upon contract award**

SOSi is seeking highly qualified senior professionals to support a DHS enterprise cybersecurity program providing 24/7 Security Operations Center (SOC) services. These roles deliver leadership, operational oversight, and technical expertise across cyber defense, incident response, intelligence, engineering, and modernization activities.

• Plan and execute TTP-based hunts; pivot across host/network telemetry to discover unknown threats.
• Develop/interpret detections and analytics, coordinate remediation with asset owners and IR.
• Report significant findings to leadership; maintain hunt backlog and success metrics.

• Experience
  : 5+ years as a Tier III threat hunt analyst and 5+ years hands-on, including the last 2 years of network-based monitoring.
• Technical Skills
  :
  Host/network forensics, intrusion detection, malware identification, and detection content development (signatures/rules).
• Tools
  :
  Deep experience with SIEM (e.g., Splunk) and endpoint/network management tools (e.g., Tanium).
• Scripting
  :
  Interpret scripts in VB, Python, C++, HTML/XML to support detection and triage.
• Certifications (DoD 8570 – one of): CEH, IAT Level II, IAM Level I, or CSSP Analyst/Incident Responder.
• Clearance
  : TS, SCI-eligible.

• Normal office conditions with potential to perform duties in various CONUS locations.
• Core hours of operation are Monday through Friday, 0600 – 1700.
• May be requested to work evenings and weekends to meet program and contract needs.

All interested individuals will receive consideration and will not be discriminated against for any reason.