"Alerted.org

Overview SOSi is seeking a Lead Security Engineer – Defensive Cyber AI & Infrastructure (DCAI) to spearhead the integration of AI-powered defense, LLM-assisted automation, and advanced cyber infrastructure in support of mission-critical operations for INDOPACOM warfighters. Based in Hawaii, our team delivers secure, multi-enclave Coalition connectivity through cutting-edge Desktop as a Service (DaaS) Private Cloud technology. *This role is not for a traditional SOC engineer; it is for a proven AI/LLM practitioner ready to build the first AI-driven NSOC for INDOPACOM.* From its inception as a proof of concept, the platform has evolved into a robust cyber ecosystem. Now, we need a senior engineering leader with recent experience applying AI/ML and large language models (LLMs) to SOC operations—driving innovation and resilience. You’ll lead a team of engineers focused on deploying, tuning, and maintaining AI-assisted detection, LLM-driven triage, and automated response pipelines, ensuring automation is explainable, scalable, and secure. This role bridges operations and engineering—collaborating with analysts, detection engineers, and NSOC leadership to reduce analyst fatigue, sharpen threat detection, and accelerate incident response. Essential Job Duties Lead the DCAI engineering team, assigning priorities, mentoring junior engineers in Agentic AI, and ensuring effective tool and automation performance. Direct the deployment, configuration, and tuning of AI/LLM-enabled monitoring, detection, and response platforms to support analyst operations and after-hours coverage. Oversee the development and refinement of SOAR and LLM-driven automation pipelines for triage, containment, escalation, and recovery. Act as the final technical escalation point for AI/automation issues, tool malfunctions, or advanced forensic requirements. Ensure automation logic is explainable, logged, and compliant with DoD cybersecurity standards, RMF, and NSOC SOPs. Collaborate with Detection Engineers to define, validate, and optimize custom rules, AI/LLM-powered detections, and automated playbooks. Serve as engineering liaison to the NSOC Director and Senior CDA Lead, aligning AI-driven automation with operational priorities. Validate AI/LLM-assisted detections with analyst input, adjusting models/rules to minimize false positives and maximize fidelity. Drive continuous improvement of NSOC engineering practices through post-incident reviews, lessons learned, and capability development. Maintain awareness of emerging AI/ML, LLM, and automation technologies, adversary tactics, and best practices to ensure the NSOC remains cutting-edge. Participate in tabletop and live security exercises, ensuring DCAI systems and staff can support full-spectrum incident response. Minimum Requirements Active in-scope SECRET clearance Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, or related field; equivalent work experience/certifications considered. Recent, hands-on experience integrating AI/ML or LLM models (e.g., Gemini, GPT, or open-source equivalents) into SOC workflows for detection, triage, or automation. 7+ years of experience in cybersecurity engineering, SOC/NSOC operations, or defensive tool management. 2+ years of experience in a leadership or technical lead role. Hands-on experience with SIEM, SOAR, EDR, and NTA platforms. Strong scripting/automation skills (Python, PowerShell, REST APIs). DoD 8140 Baseline Certification (must hold one or more from the following): IAT Level II/III: Security+, CySA+, SSCP, GSEC IAM Level II/III: CAP, CASP+, CISM, CISSP CND Analyst/Responder: CEH, CFR, GCIA, GCIH Proven ability to lead teams, mentor staff, and manage priorities in a mission-critical environment. Preferred Qualifications Active Top Secret clearance with ability to obtain/maintain TS/SCI. Experience building and managing SOAR + AI/LLM-driven automation workflows (Cortex XSOAR, Splunk SOAR, Phantom, etc.). Vendor certifications (Elastic Certified Engineer, Splunk, Palo Alto, Tenable, etc.). Advanced 8140-aligned certifications such as: GCIA, GCIH, GCED, CISSP-ISSAP, CISSP-ISSEP, CSSLP. Familiarity with DoD cyber compliance frameworks (RMF, CMMC, NIST SP 800-171/172) and logging/AI model explainability requirements. Cloud and emerging tech certs (CCSP, Microsoft SC-100, AWS Security Specialty, Azure Security Engineer Associate). Work Environment Location: Hawaii NSOC. Schedule: Core-hour leadership (Mon–Fri) with on-call responsibilities for escalations and AI/automation incidents. Environment: Fast-paced, mission-critical operations requiring flexibility for off-hours support. Relocation packages may include a two-year commitment. Working at SOSi All interested individuals will receive consideration and will not be discriminated against for any reason.

SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.