SOSi is looking to integrate AI and LLM technologies into the INDOPACOM network security operations center (NSOC) to enhance SOAR pipelines, detection workflows, and automation playbooks, thereby advancing cyber defense capabilities.
Requirements
- Demonstrated hands-on experience with AI/LLM technologies (home labs, open-source projects, certifications, or professional use cases).
- Familiarity with SIEM, SOAR, and EDR platforms.
- Basic scripting/automation experience (Python, PowerShell, REST APIs).
- Experience applying AI/LLMs in security workflows (e.g., enrichment, log analysis, playbook automation).
- Cloud or AI-related certifications (Microsoft AI Engineer, TensorFlow Developer, Google Cloud ML Engineer).
- Vendor certifications (Elastic, Splunk, Palo Alto, Tenable, etc.).
Responsibilities
- Support the integration of AI/LLM models (e.g., Gemini, GPT, open source) into SOC tools and workflows.
- Assist in developing automation pipelines for triage, enrichment, and incident response.
- Work with Detection Engineers to connect AI outputs into SIEM, SOAR, and EDR platforms.
- Help validate AI-assisted detections and automation with analyst feedback to reduce false positives.
- Maintain logs, document use cases, and share lessons learned for continuous improvement.
- Stay current on AI/LLM trends and open-source projects that can be adapted to mission requirements.
- Participate in NSOC exercises to test AI-enabled detection and response workflows.
Other
- Active in scope SECRET clearance.
- Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, or related field; equivalent work experience/certifications considered.
- DoD 8140 baseline certification (CySA+ or SSCP or GSEC or CEH or CFR or GCIA or GCIH).
- Active Top Secret clearance with ability to obtain/maintain TS/SCI.
- The NSOC operates 24/7. While this role is primarily dayshift, the engineer/analyst may be asked to support off-hours incidents, exercises, or escalations as mission needs require.
