Cyber Threat Analyst

Job Locations DE-Wiesbaden
Job Post Information* : Posted Date 1 month ago(1/22/2021 1:06 PM)
Information Technology
Location : Location
Clearance Requirement
Top Secret/SCI
Job Requires Relocation


SOS International LLC (SOSi) is seeking a Cyber Threat Analyst to support our customer in Weisbaden Germany. The ideal candidate will be part of a dedicated team focused on the development, operations and maintenance of specialized systems supporting the Defensive Cyberspace Operations Division (DCOD) Europe.


  • Support DoD cyber security operations through the analysis of event and other data sources for indicators of attack and potential network compromise, produce reports, and assist with defensive incident response of cyberspace operations.
  • Provide technical assessments, strategy, and execution recommendations for Enterprise level networks within the customer's Infrastructure.
  • Identify relevant Cyber threats within client environments through real time analysis of logs and alerts/data, to include but not limited to data IDS/IPS, Firewall, Proxy logs files.
  • Apply knowledge of computer and network architecture to provide analysis during investigations, identifying adversarial activity and methods for future detection and prevention.
  • Use a combination of Open Source research of exploits or vulnerabilities (i.e. Zero - Day), network flow, log review, event correlation, and PCAP analysis to complete investigations.
  • Operate intrusion detection/prevention systems and other point of presence security tools.
  • Develop comprehensive security write-ups which describe security issues, analysis, and remediation techniques to client leadership.


  • An active in scope Top Secret/SCI clearance is required
  • Bachelor of Science/Arts (Engineering or Computer Science or Science or Business Administration or Mathematics) +5, AS +7, or 11+ years IT related experience
  • DoD IAT Level II certification (CCNA-Security, CND, CySA+, GICSP, GSEC, Security+ CE, or SSCP) or higher at time of hire
  • GIAC, CEH, GPEN, or CSIH certification at time of hire
  • Must be able to obtain certification as a Technical Expert by the German Government under the Technical Expert Status Accreditation (TESA) process
  • Experience collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources for the purposes of documenting results and analyzing findings to provide meaningful products.
  • Experience in performing threat analysis of computer vulnerability advisories, current network penetration techniques, and threat reports to determine security concerns and design improvements to strengthen the computer network’s defensive posture.
  • Experience in performing penetration testing of networks and systems to emulate threats and improve the computer network defense posture.
  • Experience in performing technical malware or forensic analysis on hard disk drives, solid state drives, and other media and hardware.
  • Experience in creating and integrating custom rules and reports into security tools to support network intrusion monitoring on information systems and networks.
  • Experience monitoring and analyzing logs and alerts from a variety of different technologies (IDS/IPS, Firewall, Proxies, Anti-Virus, etc.), across multiple platforms.
  • Demonstrate progressively responsible experience in cyber security analysis, incident response, or related experience.
  • Experience leveraging all source intelligence analysis.
  • Experience with HBSS; Splunk or ArcSight.
  • Ability to develop specific expertise, discern patterns of complex threat actor behavior, and communicate an understanding of current and developing cyber threats.
  • Ability to leverage online research tools to identify and navigate online forums, specialized Web sites, social media, and traditional sources.
  • Excellent oral and written communication skills in a professional consulting environment.

Preferred Qualifications

• Experience related to the defense of military information system and networks.
• Experience in monitoring intrusion detection and security information management systems to detect malicious activity.
• Experience in performing technical malware or forensic analysis.
• Experience in incident response management systems reporting.
• Fluency in a foreign language is desirable, but not required.

Working Conditions

  • Working conditions are normal for an office environment.
  • Fast paced, deadline-oriented environment.
  • May require periods of non-traditional working hours including consecutive nights or weekends (if applicable)


SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed