Threat and Data Analytics Team Lead

Job Locations US-AZ-Fort Huachuca
Job Post Information* : Posted Date 5 months ago(3/18/2022 4:05 PM)
Location : Location
US-AZ-Fort Huachuca
Potential for Remote
Clearance Requirement
Top Secret/SCI
Job Requires Relocation
Job Requires Relocation


SOS International, LLC (SOSi) is currently seeking a Threat and Data Analytics Team Lead in Fort Huachuca, AZ. The T&DA Team Lead reports to the DCO Branch Manager and is responsible for the technical performance and personnel management of the Threat and Data Analytics mission. The T&DA Team Lead is responsible for overall technical and personnel management of the T&DA mission. 


  • Supervisory responsibilities to include but not limited to:
    • Reporting and timekeeping; technical/administrative training; assuring ITIL process compliance; actively communicating with the government to include utilizing MS Teams; scheduling to effectively utilize all team resources; support management decision-making; committing to quality management standards, QA/QC compliance, and metrics analysis.
    • Coordinates team schedules ensuring mission coverage.
    • Trains, mentors, coaches, and enforces the SOSi code of conduct.
    • Assures ATCTS reporting compliance and employees training and certifications are current. 
    • Recommends innovative solutions to more effectively and efficiently support work performance.
    • Provides performance feedback and appraisals for all direct reports.
    • Second-level approval for Team Leads that directly report to RCC-C Branch Managers
    • Nominates employees for recognition and awards program.
    • Supports leadership development and succession planning program.
  • Perform as the subject matter expert responsible for all Threat and Data Analytics requirements and act as the lead technical escalation point for all T&DA activity.
  • Analyze, correlate, and perform trend analysis for cyber events and incidents.
  • Perform exploratory analysis of network traffic, audit logs, external threat intelligence, malware analysis, and incident reports to identify any threat not captured through current detection capabilities.
  • Monitor dashboards for threat activity to include ArcSight, Gabriel Nimbus, Rally, TYCHON, and Stealthwatch.
  • Provide operational impact assessments resulting from hunt missions.
  • Provide recommendations to improve intrusion detection, malicious activity response, and vulnerability identification.
  • Coordinate efforts within the Defensive Infrastructure Team and Cyber Defensive Operations Team to improve the enterprise posture and to identify and respond to future malicious activity. These teams have overlapping areas of responsibilities and play an integral part to the success for one other.
  • Review all system development project requests and coordinate schedules and related departmental activity.
  • Provide guidance and work leadership and structure to less-experienced personnel and other technical staff to maintain a dynamic prioritization effort.
  • Lead integration of new technical solutions and platforms into the DoDIN-A, and write/develop new processes, SOPs, and TTPs to employ them to their full potential.
  • Maintain current knowledge of relevant technologies as assigned.
  • Provide timely notification to the Government for any critical or high incidents.
  • Provide on-call support after business hours and during weekends when required.
  • Follow ITIL best practices to manage tickets and processes.
  • Develop and/or maintain SOPs, TTPs, and SmartBooks associated with current knowledge of relevant technologies as assigned.
  • Participate in special projects as required.
  • Actively collaborate with GTMs, Branch Chiefs, Division Chiefs and RCC-C Leadership, as well as NECs, Brigades, LE/CI, and organizations external to the RCC-C.


  • Active in scope Top Secret (TS) with eligibility for Sensitive Compartmented Information (SCI) clearance or the abililty to obtain an Interim Top Secret with SCI eligibility
  • HS +12 yrs similar technical experience or AA/AS +10 or BS/BA +8
  • An IAT III certification (CASP+CE, CCNP-Security, CISA, CISSP(or Associate), GCED, or GCIH) is required
  • GCIA certification
  • CEH certification
  • CSSP-A Certification
  • ITIL Foundation Certification
  • Must be willing to work overtime, after hours, holidays, and weekends, as necessary

Preferred Qualifications

  • ITILv4 Certification
  • PMP Certification
  • 3-5 years or more of supervisory experience
  • Fluency in a foreign language is desirable, but not required.

Working Conditions

  • Working conditions are normal for an office environment.
  • Fast paced, deadline-oriented environment.
  • May require periods of non-traditional working hours including consecutive nights or weekends (if applicable).

SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed