Senior Threat Analyst Subject Matter Expert (SME)

Job Locations US-AZ-Fort Huachuca
Job Post Information* : Posted Date 3 months ago(8/25/2021 11:07 AM)
Information Technology
Location : Location
US-AZ-Fort Huachuca
Clearance Requirement
Top Secret
Job Requires Relocation


SOS International LLC (SOSi) is seeking a Senior Threat Analyst - Subject Matter Expert (SME) located at Ft. Huachuca, AZ. The ideal candidate be someone who possesses experience in Cybersecurity.


Senior security Analysts are the primary escalation point and overseer within the Security Operations Center. Tier-3 Security Analysts come from an enterprise background enabling them to undertake a wide variety of tasks across a number of different platforms. Analysts will handle day-to-day tasks, as well as short-notice ad-hoc work, and see them through to completion with minimal supervision. Security Analysts provide critical value to the Security Incident and Event Management (SIEM) workflow, leveraging their extensive knowledge to provide context to events; recommendations for remediation actions; and suggestions for implementing best practices and improving standard processes and procedures.

Duties of the Tier-3 Senior Security Analyst include:

  • Provide “eyes on glass” real-time security monitoring in a 24x7 environment by monitoring security infrastructure and security alarm devices for Indicators of Compromise utilizing SIEM and cybersecurity tools.
  • Performing level 3 assessment of incoming alerts, assisting junior analysts with level 1 & 2 alerts, and coordinate with management and government leadership for high priority incidents, if necessary.
  • Active real-time security monitoring of alerts and escalating critical alerts to in compliance with the appropriate service levels.
  • Advanced security event detection and threat analysis for complex and/or escalated security events.
  • Providing log/network/malware/device analysis and making recommendations for remediation of security vulnerability conditions.
  • Develop internal and/or external documentation, such as detailed procedures, playbooks, run books and operational metrics reports.
  • Performing level 2/3 assessment of incoming alerts (assessing the priority of the alert, determining severity of alert in respect to customer environment, correlating additional details) and coordinate with Senior Analysts for critical priority incidents, if necessary.
  • Performing Level 1 Threat Hunting activities utilizing customer SIEM and cybersecurity toolkits.
  • Assisting in quality control during onboarding of new customers to verify validity of Use Cases and generated alerts.
  • Developing and maintaining the SOC Knowledge Base.
  • Supervise, train, and mentor junior level analysts.
  • Performing various related tasks as assigned.


  • Active US DoD TOP SECRET security clearance
  • At least 8 years Cybersecurity related experience, 5+ years SOC experience
  • IAT-II certification, CSSP-A certification within 6 months of hire
  • Experience using a supported SIEM from an analytics perspective
  • Basic knowledge with scripting, parsing and query development in multiple Enterprise Security Incident Event Management (SIEM) solutions
  • Experience in tuning use cases & content, driven from day-to-day optimizations
  • Good documentation and communication skills
  • Exceptional problem-solving skills
  • Ability to drive process improvements and identify gaps
  • Proactive in engaging with customers and management
  • Senior level understanding of threat landscape and indicators of compromise
  • Clear and concise written and oral English
  • Experience performing basic cyber threat hunting
  • Experience performing basic cyber forensics
  • Experience investigating security incidents with SIEMs (e.g. Splunk, Qradar, ArcSight, Securonix, etc), use case development/tuning, and threat hunting strategies.

Preferred Qualifications

  • Platform experience with competing correlation platforms a plus
  • Scripting knowledge in (i.e. Python, PowerShell, Bash Shell, Java, etc.)
  • Prior experience in a SOC management role
  • Certifications: CISSP, SANS GIAC or GCIH, Splunk Administrator, Cortex XSOAR, IBM Qradar, CCNP-Security, Palo Alto CNSE, AWS:SA, Microsoft Azure, CompTIA Linux+ or RHEL
  • Cyber Forensic knowledge
  • Threat Hunting experience utilizing different SIEMs and industry best practices
  • Fluency in a foreign language is desirable, but not required

Working Conditions

  • Working conditions are normal for an office environment.
  • Fast paced, deadline-oriented environment.
  • May require periods of non-traditional working hours including consecutive nights or weekends (if applicable)


SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed