SOS International LLC
Lead Security Engineer - Defensive Cyber AI & Infrastructure (DCAI)
SOS International LLC, Joint Base Pearl Harbor Hickam, Hawaii, United States
Overview
SOSi is seeking a
Lead Security Engineer - Defensive Cyber AI & Infrastructure (DCAI)
to spearhead the integration of
AI-powered defense, LLM-assisted automation, and advanced cyber infrastructure
in support of mission-critical operations for INDOPACOM warfighters. Based in Hawaii, our team delivers secure, multi-enclave Coalition connectivity through cutting-edge Desktop as a Service (DaaS) Private Cloud technology.
*This role is not for a traditional SOC engineer; it is for a proven AI/LLM practitioner ready to build the first AI-driven NSOC for INDOPACOM.*
From its inception as a proof of concept, the platform has evolved into a robust cyber ecosystem. Now, we need a senior engineering leader with
recent experience applying AI/ML and large language models (LLMs) to SOC operations -driving innovation and resilience. You'll lead a team of engineers focused on deploying, tuning, and maintaining
AI-assisted detection, LLM-driven triage, and automated response pipelines , ensuring automation is explainable, scalable, and secure. This role bridges operations and engineering-collaborating with analysts, detection engineers, and NSOC leadership to reduce analyst fatigue, sharpen threat detection, and accelerate incident response.
Essential Job Duties
Lead the DCAI engineering team, assigning priorities, mentoring junior engineers in
Agentic AI , and ensuring effective tool and automation performance. Direct the deployment, configuration, and tuning of
AI/LLM-enabled monitoring, detection, and response platforms
to support analyst operations and after-hours coverage. Oversee the development and refinement of
SOAR and LLM-driven automation pipelines
for triage, containment, escalation, and recovery. Act as the final technical escalation point for AI/automation issues, tool malfunctions, or advanced forensic requirements. Ensure automation logic is
explainable, logged, and compliant
with DoD cybersecurity standards, RMF, and NSOC SOPs. Collaborate with Detection Engineers to define, validate, and optimize custom rules, AI/LLM-powered detections, and automated playbooks. Serve as engineering liaison to the NSOC Director and Senior CDA Lead, aligning AI-driven automation with operational priorities. Validate
AI/LLM-assisted detections
with analyst input, adjusting models/rules to minimize false positives and maximize fidelity. Drive continuous improvement of NSOC engineering practices through post-incident reviews, lessons learned, and capability development. Maintain awareness of
emerging AI/ML, LLM, and automation technologies , adversary tactics, and best practices to ensure the NSOC remains cutting-edge. Participate in tabletop and live security exercises, ensuring DCAI systems and staff can support full-spectrum incident response. Minimum Requirements
Active in-scope
SECRET clearance
(or ability to obtain). Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, or related field; equivalent work experience/certifications considered. Recent, hands-on experience integrating AI/ML or LLM models (e.g., Gemini, GPT, or open-source equivalents) into SOC workflows
for detection, triage, or automation. 7+ years of experience in cybersecurity engineering, SOC/NSOC operations, or defensive tool management. 2+ years of experience in a leadership or technical lead role. Hands-on experience with SIEM, SOAR, EDR, and NTA platforms. Strong scripting/automation skills (Python, PowerShell, REST APIs). DoD 8140 Baseline Certification
(must hold one or more from the following):
IAT Level II/III:
Security+, CySA+, SSCP, GSEC IAM Level II/III:
CAP, CASP+, CISM, CISSP CND Analyst/Responder:
CEH, CFR, GCIA, GCIH
Proven ability to lead teams, mentor staff, and manage priorities in a mission-critical environment. Preferred Qualifications
Active
Top Secret clearance
with ability to obtain/maintain TS/SCI. Experience building and managing
SOAR + AI/LLM-driven automation workflows
(Cortex XSOAR, Splunk SOAR, Phantom, etc.). Vendor certifications (Elastic Certified Engineer, Splunk, Palo Alto, Tenable, etc.). Advanced 8140-aligned certifications
such as: GCIA, GCIH, GCED, CISSP-ISSAP, CISSP-ISSEP, CSSLP. Familiarity with DoD cyber compliance frameworks (RMF, CMMC, NIST SP 800-171/172) and logging/AI model explainability requirements. Cloud and emerging tech certs (CCSP, Microsoft SC-100, AWS Security Specialty, Azure Security Engineer Associate). Work Environment
Location:
Hawaii NSOC. Schedule:
Core-hour leadership (Mon-Fri) with on-call responsibilities for escalations and AI/automation incidents. Environment:
Fast-paced, mission-critical operations requiring flexibility for off-hours support. Relocation packages may include a two-year commitment.
Working at SOSi
All interested individuals will receive consideration and will not be discriminated against for any reason.
SOSi is seeking a
Lead Security Engineer - Defensive Cyber AI & Infrastructure (DCAI)
to spearhead the integration of
AI-powered defense, LLM-assisted automation, and advanced cyber infrastructure
in support of mission-critical operations for INDOPACOM warfighters. Based in Hawaii, our team delivers secure, multi-enclave Coalition connectivity through cutting-edge Desktop as a Service (DaaS) Private Cloud technology.
*This role is not for a traditional SOC engineer; it is for a proven AI/LLM practitioner ready to build the first AI-driven NSOC for INDOPACOM.*
From its inception as a proof of concept, the platform has evolved into a robust cyber ecosystem. Now, we need a senior engineering leader with
recent experience applying AI/ML and large language models (LLMs) to SOC operations -driving innovation and resilience. You'll lead a team of engineers focused on deploying, tuning, and maintaining
AI-assisted detection, LLM-driven triage, and automated response pipelines , ensuring automation is explainable, scalable, and secure. This role bridges operations and engineering-collaborating with analysts, detection engineers, and NSOC leadership to reduce analyst fatigue, sharpen threat detection, and accelerate incident response.
Essential Job Duties
Lead the DCAI engineering team, assigning priorities, mentoring junior engineers in
Agentic AI , and ensuring effective tool and automation performance. Direct the deployment, configuration, and tuning of
AI/LLM-enabled monitoring, detection, and response platforms
to support analyst operations and after-hours coverage. Oversee the development and refinement of
SOAR and LLM-driven automation pipelines
for triage, containment, escalation, and recovery. Act as the final technical escalation point for AI/automation issues, tool malfunctions, or advanced forensic requirements. Ensure automation logic is
explainable, logged, and compliant
with DoD cybersecurity standards, RMF, and NSOC SOPs. Collaborate with Detection Engineers to define, validate, and optimize custom rules, AI/LLM-powered detections, and automated playbooks. Serve as engineering liaison to the NSOC Director and Senior CDA Lead, aligning AI-driven automation with operational priorities. Validate
AI/LLM-assisted detections
with analyst input, adjusting models/rules to minimize false positives and maximize fidelity. Drive continuous improvement of NSOC engineering practices through post-incident reviews, lessons learned, and capability development. Maintain awareness of
emerging AI/ML, LLM, and automation technologies , adversary tactics, and best practices to ensure the NSOC remains cutting-edge. Participate in tabletop and live security exercises, ensuring DCAI systems and staff can support full-spectrum incident response. Minimum Requirements
Active in-scope
SECRET clearance
(or ability to obtain). Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, or related field; equivalent work experience/certifications considered. Recent, hands-on experience integrating AI/ML or LLM models (e.g., Gemini, GPT, or open-source equivalents) into SOC workflows
for detection, triage, or automation. 7+ years of experience in cybersecurity engineering, SOC/NSOC operations, or defensive tool management. 2+ years of experience in a leadership or technical lead role. Hands-on experience with SIEM, SOAR, EDR, and NTA platforms. Strong scripting/automation skills (Python, PowerShell, REST APIs). DoD 8140 Baseline Certification
(must hold one or more from the following):
IAT Level II/III:
Security+, CySA+, SSCP, GSEC IAM Level II/III:
CAP, CASP+, CISM, CISSP CND Analyst/Responder:
CEH, CFR, GCIA, GCIH
Proven ability to lead teams, mentor staff, and manage priorities in a mission-critical environment. Preferred Qualifications
Active
Top Secret clearance
with ability to obtain/maintain TS/SCI. Experience building and managing
SOAR + AI/LLM-driven automation workflows
(Cortex XSOAR, Splunk SOAR, Phantom, etc.). Vendor certifications (Elastic Certified Engineer, Splunk, Palo Alto, Tenable, etc.). Advanced 8140-aligned certifications
such as: GCIA, GCIH, GCED, CISSP-ISSAP, CISSP-ISSEP, CSSLP. Familiarity with DoD cyber compliance frameworks (RMF, CMMC, NIST SP 800-171/172) and logging/AI model explainability requirements. Cloud and emerging tech certs (CCSP, Microsoft SC-100, AWS Security Specialty, Azure Security Engineer Associate). Work Environment
Location:
Hawaii NSOC. Schedule:
Core-hour leadership (Mon-Fri) with on-call responsibilities for escalations and AI/automation incidents. Environment:
Fast-paced, mission-critical operations requiring flexibility for off-hours support. Relocation packages may include a two-year commitment.
Working at SOSi
All interested individuals will receive consideration and will not be discriminated against for any reason.