Apply on Employer Site

SOSi · 4 months ago

Lead Security Engineer – Defensive Cyber AI & Infrastructure (DCAI)

Pearl Harbor, Hawaii

Full-time

Onsite

Senior Level, Lead/Staff

7+ years exp

SOSi is seeking a Lead Security Engineer – Defensive Cyber AI & Infrastructure (DCAI) to spearhead the integration of AI-powered defense and advanced cyber infrastructure for INDOPACOM warfighters. The role involves leading a team to deploy AI-assisted detection and automated response pipelines, ensuring that automation is explainable, scalable, and secure.

ConsultingGovernmentInformation Technology

No H1B

Security Clearance Required

Responsibilities

Lead the DCAI engineering team, assigning priorities, mentoring junior engineers in Agentic AI, and ensuring effective tool and automation performance

Direct the deployment, configuration, and tuning of AI/LLM-enabled monitoring, detection, and response platforms to support analyst operations and after-hours coverage

Oversee the development and refinement of SOAR and LLM-driven automation pipelines for triage, containment, escalation, and recovery

Act as the final technical escalation point for AI/automation issues, tool malfunctions, or advanced forensic requirements

Ensure automation logic is explainable, logged, and compliant with DoD cybersecurity standards, RMF, and NSOC SOPs

Collaborate with Detection Engineers to define, validate, and optimize custom rules, AI/LLM-powered detections, and automated playbooks

Serve as engineering liaison to the NSOC Director and Senior CDA Lead, aligning AI-driven automation with operational priorities

Validate AI/LLM-assisted detections with analyst input, adjusting models/rules to minimize false positives and maximize fidelity

Drive continuous improvement of NSOC engineering practices through post-incident reviews, lessons learned, and capability development

Maintain awareness of emerging AI/ML, LLM, and automation technologies, adversary tactics, and best practices to ensure the NSOC remains cutting-edge

Participate in tabletop and live security exercises, ensuring DCAI systems and staff can support full-spectrum incident response

Qualification

AI/ML integrationLLM modelsCybersecurity engineeringSOAR automationSIEM platformsScripting skillsDoD 8140 CertificationIncident responseCloud certificationsTeam leadershipMentoring staff

Required

Active in-scope SECRET clearance (or ability to obtain)

Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, or related field; equivalent work experience/certifications considered

Recent, hands-on experience integrating AI/ML or LLM models (e.g., Gemini, GPT, or open-source equivalents) into SOC workflows for detection, triage, or automation

7+ years of experience in cybersecurity engineering, SOC/NSOC operations, or defensive tool management

2+ years of experience in a leadership or technical lead role

Hands-on experience with SIEM, SOAR, EDR, and NTA platforms

Strong scripting/automation skills (Python, PowerShell, REST APIs)

DoD 8140 Baseline Certification (must hold one or more from the following): IAT Level II/III: Security+, CySA+, SSCP, GSEC; IAM Level II/III: CAP, CASP+, CISM, CISSP; CND Analyst/Responder: CEH, CFR, GCIA, GCIH

Proven ability to lead teams, mentor staff, and manage priorities in a mission-critical environment