Lead Security Engineer – Defensive Cyber AI & Infrastructure (DCAI)

Hawaii
Permanent
Full-time

9 days ago

Overview:SOSi is seeking a skilled Lead Security Engineer – Defensive Cyber AI & Infrastructure (DCAI) to spearhead the integration of AI-powered defense, SOAR automation, and advanced cyber infrastructure in support of mission-critical operations for INDOPACOM warfighters. Based in Hawaii, our team delivers secure, multi-enclave Coalition connectivity through cutting-edge Desktop as a Service (DaaS) Private Cloud technology.From its inception as a proof of concept, the platform has evolved into a robust cyber ecosystem. Now, we need a senior engineering leader to drive innovation and resilience. You’ll lead a team of engineers focused on deploying, tuning, and maintaining AI-assisted detection and response platforms and SOAR pipelines, ensuring automation is smart, scalable, and secure. This role bridges operations and engineering—collaborating with analysts, detection engineers, and NSOC leadership to reduce analyst fatigue, sharpen threat detection, and accelerate incident response. Responsibilities:

Lead the DCAI engineering team, assigning priorities, mentoring junior engineers, and ensuring effective tool and automation performance.
Direct the deployment, configuration, and tuning of AI-enabled monitoring and response platforms to support analyst operations and after-hours coverage.
Oversee the development and refinement of SOAR automation pipelines for triage, containment, escalation, and recovery.
Act as the final technical escalation point for AI/automation issues, tool malfunctions, or advanced forensic requirements.
Ensure automation logic is explainable, logged, and compliant with DoD cybersecurity standards, RMF, and NSOC SOPs.
Collaborate with Detection Engineers to define, validate, and optimize custom rules, detections, and playbooks.
Serve as engineering liaison to the NSOC Director and Senior CDA Lead, aligning automation with operational priorities.
Validate AI-assisted detections with analyst input, adjusting models/rules to minimize false positives and maximize fidelity.
Drive continuous improvement of NSOC engineering practices through post-incident reviews, lessons learned, and capability development.
Maintain awareness of emerging AI/automation technologies, adversary tactics, and best practices to ensure the NSOC remains cutting-edge.
Participate in tabletop and live security exercises, ensuring DCAI systems and staff can support full-spectrum incident response.

Qualifications:

Active in scope SECRET clearance or the ability to obtain SECRET eligibility.
Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, or related field; equivalent work experience/certifications considered.
7+ years of experience in cybersecurity engineering, SOC/NSOC operations, or defensive tool management.
2+ years of experience in a leadership or technical lead role.
DoD 8140 Intermediate certification (GFACT or CEH or Cloud+ or CySA+ or PenTest+ or SSCP or Security+ or GSEC).
Hands-on experience with SIEM, SOAR, EDR, and NTA platforms.
Strong scripting/automation skills (Python, PowerShell, REST APIs).
Proven ability to lead teams, mentor staff, and manage priorities in a mission-critical environment.

Preferred Qualifications:

Active Top Secret clearance with ability to obtain/maintain TS/SCI.
Prior experience with AI-enabled SOC platforms or AI/ML-assisted detection technologies.
Experience building or managing SOAR workflows (Cortex XSOAR, Splunk SOAR, Phantom, etc.).
Vendor certifications (Elastic Certified Engineer, Splunk, Palo Alto, Tenable, etc.).
Advanced certifications (GCIA, GCTI, GCIH, CISSP).

Working Conditions:

Location: Hawaii NSOC.
Schedule: Core-hour leadership (Mon–Fri) with on-call responsibilities for escalations and AI/automation incidents.
Environment: Fast-paced, mission-critical operations requiring flexibility for off-hours support.
Relocation packages may include a two-year commitment.

SOS International

Apply Now