SOS International LLC (SOSi) is seeking an Associate Incident Handling Analyst in Ft. Huachuca, AZ. The Associate Incident Handling Analyst reports to the CDO Team Lead and performs security event monitoring and correlation within a tiered Security Operations Center.

• Perform event triage & escalation, sensor monitoring, cyber incident investigation, cyber event analysis & correlation, log analysis, and malware analysis.
• Detect, document, and report potential or confirmed incidents and security issues.
• Perform 24/7 analysis of events utilizing ArcSight Security Information Event Management (SIEM) systems, Big Data Analytics (Gabriel Nimbus), and other supporting platforms or applications.
• Conduct incident handling actions in accordance with CJCSM 6510.01b, established operational procedures, and providing recommendations in the best interest of protecting the DoDIN.
• Coordinate and perform incident response investigations providing leadership with details to make critical security decisions.
• Conduct quality control of incidents and investigations to maintain compliance with applicable policies.
• Develop recommendations to enhance detection capabilities and implement mitigation measures in response to general or specific threats (attempted exploits, attacks, malware delivery, etc.).
• Assist in designing and integrating custom rules and reports within data collection platforms.
• Provide technical expertise regarding the defense of information systems and networks.
• Correlate event data to create situational awareness and trend analysis reports.
• Conduct root cause analysis to identify, diagnose, and resolve cyber security problems.
• Maintain current knowledge of relevant technologies as assigned.
• Participate in special projects as required.
• Potential to lead/manage high level administrative/technical taskings without assistance.
• Collaborate with external agencies, LE/CI, GTMs, Branch Chiefs, Division Chiefs and RCC-C Leadership.

• Active in scope Top Secret (TS) with eligibility for Sensitive Compartmented Information (SCI) clearance or the abililty to obtain an Interim Top Secret with SCI eligibility

• HS +2 years of experience, or AA/AS, or BA/BS in Cyber Security
• An IAT II certification (CCNA-Security, CND, CySA+, GICSP, GSEC, Security+ CE, or SSCP) is required
• CSSP-IR Certification

• ITIL Foundation Certification
• Familiarity with the following computer network defense technologies:
  • Security Information and Event Management (SIEM) systems
  • Network and Host Intrusion Detection Systems / Intrusion Prevention Systems (IDS/IPS)
  • Network and Host malware detection and prevention
  • Network traffic analysis tools
•  Basic understanding of how to analyze the following data sets:
  • Proxy logs
  • Firewall logs
  • PCAP data
  • Host based security event alerts
  • Windows system and event logs
• Basic problem solving
• The ability to multi-task
• Customer service
• Fluency in a foreign language is desirable, but not required.

• Working conditions are normal for an office environment.
• Fast paced, deadline-oriented environment.
• May require periods of non-traditional working hours including consecutive nights or weekends (if applicable)

SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.