Cyber Threat Analyst

Job Locations DE-Wiesbaden
Job Post Information* : Posted Date 7 months ago(9/8/2022 12:02 PM)
Location : Location
Potential for Remote
Clearance Requirement
Top Secret/SCI
Job Requires Relocation
Job Requires Relocation


SOS International LLC (SOSi) is seeking a Cyber Threat Analyst to join our team in Wiesbaden, Germany. Working as expert to perform analysis of cyber relate events to detect and deter malicious actors using SIEM technologies focused on the threat to networked weapons platforms and US DoD information networks. Analyzes host and network events to determine the impact on current operations, conduct research to determine advisory capability, and develop analytics based on indicators of compromise to leverage the SIEM. Execute hunt missions for various threat actors to determine the risk to the DoD information network and recommend mitigations to reduce the attack surface. Prepares assessments and cyber threat reports of current events based on the research and analysis of classified and open-source information. Correlates threat data from various sources. Develops and maintains analytical procedures to meet changing requirements and ensure maximum operations.


  • Identify and investigate vulnerabilities, asses exploit potential, and document findings and remedies for presentation to facilitate mitigations on customer systems 
  • Perform daily cyber threat research and present findings to the organization to maintain knowledge of current adversary tactics, techniques and procedures and how to apply them. Brief staff and leadership on these findings  
  • Evaluate system security configurations, identify intrusion, identify incident method, and perform root cause analysis on intrusions 
  • Perform analysis of complex software systems to determine both functionality and intent of software systems  
  • Resolve highly complex malware and intrusion issues  
  • Contribute to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations  
  • Create analytics with a SIEM to identify patterns, anomalies, and compromising indicators to alert Cyber Incident responders 
  • Prepare and presents technical reports and briefings  
  • Perform documentation and vetting of identified vulnerabilities for operational use 
  • Assist all sections of the Defensive Cyber Operations team as required in performing analysis 
  • Travel to customer sites to perform network security evaluations  
  • Write reports of vulnerabilities to increase customer situational awareness and improve the customer’s cyber security posture  


  • An active in scope Top Secret/SCI clearance is required
  • US citizenship required
  • Bachelor of Science/Arts (Engineering or Computer Science or Science or Business Administration or Mathematics) +3, AS +7, major certification +7 or 11+ years specialized experience
  • DoD IAT Level II certification (CCNA-Security, CND, CySA+, GICSP, GSEC, Security+ CE, or SSCP) or higher is required
  • DoD 8570 CSSP-Auditor (CySA+, GCIA, GCIH, SCYBER, CEH) or higher is required
  • A current computing environment certification such as MCSA, RHCSA, CCNA, CEH, ArcSight, etc. 
  • Must have a full, complete, and in-depth understanding of all aspects of Defensive Cyber Operations 
  • Must be fluent in all aspects of government and corporate communications media to include all MS Office products and common task ticketing systems 
  • Must have a good breadth of knowledge of common ports and protocols of system and network services 
  • Experience in packet captures and analyzing a network packet 
  • Experience with intrusion detection systems such as Snort, Suricata, and Zeek 
  • Experience with SIEM systems such as Splunk, ArcSight, or Elastic 
  • Must have the demonstrated ability to communicate with a variety of stakeholders in a variety of formats 

Preferred Qualifications

  • Experience in developing complex dashboards, report, and automated searches in Splunk, ArcSight, or Elastic/Kibana 
  • Experience with analyzing packets using Arkime 
  • Experience with Microsoft Windows event IDs 
  • Experience with Linux audit log analysis 
  • Familiarity with Git and VScode 
  • Experience with one or more scripting languages such as PowerShell, Bash, Python
  • Strong written and verbal communications skills  
  • Self-starter with excellent judgment, capable of independent decision making
  • Fluency in a foreign language is desirable, but not required.

Working Conditions

  • Working conditions are normal for an office environment.
  • Fast paced, deadline-oriented environment.
  • May require periods of non-traditional working hours including consecutive nights or weekends (if applicable)

SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed