SOS International, LLC (SOSi) is currently seeking a Senior ArcSight and Elasticsearch Security Analyst in Fort Huachuca, AZ. The Senior ArcSight and Elasticsearch Analyst reports to the DCI Team Lead and supports the SIEM Infrastructure.

• Design, implement, and maintain complex databases, access methods, access time, device allocation, validation checks, organization, protection and security, documentation, and statistical methods.
• Include database dictionaries maintenance, overall monitoring of standards and procedures, and system integration through database design.
• Demonstrate competence to work at the highest level of all phases of database management.
• Support database management.
• Design, implement, and maintain moderately complex databases.
• Provides management with status reports.
• Recommends innovative solutions to more effectively and efficiently support work performance.
• Supports patching and system hardening through STIG application.
• Develops, updates, and provides evidence for POAM maintenance and resolutions for all team controlled assets identified with an open security vulnerability requiring mitigation.
• Lead/manage high-level administrative/technical taskings with some senior-level assistance.
• Maintain current knowledge of relevant technologies as assigned.
• Provide on-call support after business hours and during weekends when required.
• Follow ITIL best practices to manage tickets and processes.
• Develop and/or maintain SOPs and TTPs associated with current knowledge of relevant technologies as assigned.
• Participate in special projects as required.
• Collaborate with GTMs, Branch Chiefs, Division Chiefs and RCC-C Leadership, as well as outside agencies, including NECs, Brigades, and Operations Centers external to the RCC-C.

• Active in scope Top Secret (TS) with eligibility for Sensitive Compartmented Information (SCI) clearance or the ability to obtain an Interim Top Secret/SCI eligibility
• HS +12 years of experience, AA/AS +10 or BA/BS +8
• An IAT II certification (CCNA-Security, CND, CySA+, GICSP, GSEC, Security+ CE, or SSCP) or higher is required
• CSSP Infrastructure Support (CEH, CRF, CHFI, Cloud+, CND, CySA+, GICSP, or SSCP)
• Knowledgeable in the mission and operational requirements of the U.S. Army
• Must be willing to work overtime, after hours, holidays, and weekends, as necessary
• Windows server and Red hat Linux system administrator experience.
• Familiarity or experience with Arcsight, Elastic, Kafka, Logstash or Docker application backends.
• Bourne shell/Unix shell/Bash scripting experience
• Familiarity with STIG and IAVA compliance

• ITIL Foundation Certification
• Familiarity with the following computer network defense technologies:
  • Security Information and Event Management (SIEM) systems
  • Network and Host Intrusion Detection Systems / Intrusion Prevention Systems (IDS/IPS)
  • Network and Host malware detection and prevention
  • Network traffic analysis tools
•  Basic understanding of how to analyze the following data sets:
  • Proxy logs
  • Firewall logs
  • PCAP data
  • Host based security event alerts
  • Windows system and event logs
• Basic problem solving
• The ability to multi-task
• Customer service
• Fluency in a foreign language is desirable, but not required.

• Working conditions are normal for an office environment.
• Fast paced, deadline-oriented environment.
• May require periods of non-traditional working hours including consecutive nights or weekends (if applicable)

SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.